一种基于属性环签名的高效匿名证明协议

远程证明是可信计算领域中亟待突破的重要问题。结合二进制证明和基于属性的证明,应用环签名思想提出了一种简单、高效的匿名远程证明协议。该协议不需要属性证书,也不需要AIK证书,它通过借助一个离线可信第三方,应用可信计算绑定和密封机制,采用基于双线性对的属性环签名,同时实现了平台的身份证明和完整性状态证明。分析和实验表明,该协议具有不可伪造性、平台身份匿名性、配置隐私保护性和抗共谋性,并具有很高的运行效率;与现有典型的基于双线性对证明协议相比,签名长度减少了79.73%,所需验证的双线性对减少了50.00%,很好地解决了一直困扰可信计算中的远程证明和效率问题。

Efficient anonymous attestation from attribute-based ring signature

Remote attestation is an important problem needed to be resolved in trusted computing. This paper proposed an elegant, highly-efficient and anonymous remote attestation protocol. It combined binary attestation with property-based attestation and adopted the thought of ring signature. It needed neither property certificates nor AIK certificates. It concurrently achieved the identity attestation and the integrity attestation for platforms, by resorting to an off-line trusted third party, mechanisms of binding and sealing in trusted computing and attribute-based ring signature from bilinear maps. The analysis and experiment show the protocol satisfies the properties of non-forgeability, anonymity of platform identity, protection of configuration privacy and resistance to collusion, and has fine performance. Compared with the existing typical attestation protocol from bilinear maps, the size of the signature decreases by 79. 73%, and the pairing operations also decrease by 50%. The protocol has perfectly resolved the trouble problems of remote attestation and efficiency in trusted computing.