Direct Anonymous Attestation in practice: Implementation and efficient revocation

Direct Anonymous Attestation (DAA) is a signature scheme that provides a balance between user privacy and authentication in a reasonable way. The first RSA-based DAA is proposed in 2004, since then several ECC-based DAA schemes are proposed to achieve better performance. To analyze DAA schemes from a practical point of view, it is necessary to consider implementation-related issues, such as elliptic curve selection and runtime performance. We present a framework for implementing and evaluating various DAA schemes for multiple computing platforms. We implement four DAA schemes using different elliptic curves and show detailed performance evaluation for both PC and mobile device. We analyze the impact of elliptic selections on the performance of DAA schemes and propose practical techniques such as pre-computation to improve the performance of DAA schemes. We also discuss revocation of DAA and present a novel technique which significantly reduces the time of privacy-enhanced signature revocation, thus making privacy-enhanced revocation practical even for embedded mobile devices.