Paper 2020/1450

Subversion-Resilient Enhanced Privacy ID

Antonio Faonio, EURECOM
Dario Fiore, IMDEA Software Institute
Luca Nizzardo, Protocol Labs
Claudio Soriente, NEC Labs Europe
Abstract

Anonymous attestation for secure hardware platforms leverages tailored group signature schemes and assumes the hardware to be trusted. Yet, there is an ever increasing concern on the trustworthiness of hardware components and embedded systems. A subverted hardware may, for example, use its signatures to exfiltrate identifying information or even the signing key. In this paper we focus on Enhanced Privacy ID (EPID)---a popular anonymous attestation scheme used in commodity secure hardware platforms like Intel SGX. We define and instantiate a \emph{subversion resilient} EPID scheme (or SR-EPID). In a nutshell, SR-EPID provides the same functionality and security guarantees of the original EPID, despite potentially subverted hardware. In our design, a ``sanitizer'' ensures no covert channel between the hardware and the outside world both during enrollment and during attestation (i.e., when signatures are produced). We design a practical SR-EPID scheme secure against adaptive corruptions and based on a novel combination of malleable NIZKs and hash functions modeled as random oracles. Our approach has a number of advantages over alternative designs. Namely, the sanitizer bears no secret information---hence, a memory leak does not erode security. Further, the role of sanitizer may be distributed in a cascade fashion among several parties so that sanitization becomes effective as long as one of the parties has access to a good source of randomness. Also, we keep the signing protocol non-interactive, thereby minimizing latency during signature generation.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Published elsewhere. CT-RSA 2022
Keywords
Groth-Sahai subversion EPID group signatures pairing-based cryptography
Contact author(s)
faonio @ eurecom fr
dario fiore @ imdea org
luca @ protocol ai
claudio soriente @ neclab eu
History
2022-05-27: revised
2020-11-19: received
See all versions
Short URL
https://ia.cr/2020/1450
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2020/1450,
      author = {Antonio Faonio and Dario Fiore and Luca Nizzardo and Claudio Soriente},
      title = {Subversion-Resilient Enhanced Privacy ID},
      howpublished = {Cryptology ePrint Archive, Paper 2020/1450},
      year = {2020},
      note = {\url{https://eprint.iacr.org/2020/1450}},
      url = {https://eprint.iacr.org/2020/1450}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.