1
/
von
7
PayPal, credit cards. Download editable-PDF and invoice in 1 second!
GM/T 0079-2020 English PDF (GMT0079-2020)
GM/T 0079-2020 English PDF (GMT0079-2020)
Normaler Preis
$555.00 USD
Normaler Preis
Verkaufspreis
$555.00 USD
Grundpreis
/
pro
Versand wird beim Checkout berechnet
Verfügbarkeit für Abholungen konnte nicht geladen werden
Delivery: 3 seconds. Download true-PDF + Invoice.
Get QUOTATION in 1-minute: Click GM/T 0079-2020
Historical versions: GM/T 0079-2020
Preview True-PDF (Reload/Scroll if blank)
GM/T 0079-2020: Direct anonymous attestation specification for trusted computing platform
GM/T 0079-2020
GM
CRYPTOGRAPHIC INDUSTRY STANDARD
OF THE PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
CCS L 80
Direct anonymous attestation specification for trusted
computing platform
ISSUED ON: DECEMBER 28, 2020
IMPLEMENTED ON: JULY 01, 2021
Issued by: National Cryptography Administration
Table of Contents
Foreword ... 3
1 Scope ... 4
2 Normative references ... 4
3 Terms and definitions ... 4
4 Symbols and abbreviations ... 6
5 Cryptographic algorithm ... 7
6 Direct anonymous attestation function ... 8
7 Direct anonymous attestation interface ... 15
Appendix A (Normative) Data structure of direct anonymous attestation
interface ... 32
Appendix B (Informative) Direct anonymous attestation of elliptic curve
parameters and auxiliary functions ... 37
References ... 38
Direct anonymous attestation specification for trusted
computing platform
1 Scope
This document specifies the functions, interfaces, data structure of the direct
anonymous attestation protocol of the trusted computing platform.
This document is applicable to the development of the direct anonymous
certification protocol applications, anonymous certification services,
anonymous certification systems of the trusted computing platform.
2 Normative references
The provisions in following documents become the provisions of this Standard
through reference in this Standard. For the dated references, the subsequent
amendments (excluding corrections) or revisions do not apply to this Standard;
however, parties who reach an agreement based on this Standard are
encouraged to study if the latest versions of these documents are applicable.
For undated references, the latest edition of the referenced document applies.
GB/T 32918-2016 (all parts) Information security techniques - Elliptic curve
public-key cryptography
GM/T 0012 Trusted computing - Interface specification of trusted
cryptography module
GM/Z 4001 Cryptographic terms
3 Terms and definitions
The terms as defined in GM/Z 4001, as well as the following terms, apply to this
document.
3.1
Trusted cryptography module; TCM
A basic hardware module, which construct the trusted computing platform. It
provides cryptographic computing functions for the trusted computing
platform; has protected storage space.
for the trusted cryptographic module.
3.9
Verifier
In direct anonymous attestation, the participant who verifies the identity of
the remote trusted cryptographic module.
4 Symbols and abbreviations
4.1 Symbols
The cryptographic symbols which are defined in GB/T 32918-2016 (all parts),
as well as the following cryptographic symbols, apply to this document.
0: Integer 0, bit 0, or finite field addition identity element.
1: Integer 1, bit 1, or finite field multiplication identity element.
α, b: Elements in Fq, which define the elliptic curve E on Fq.
e: G1 X G2→GT: Bilinear mapping, which maps elements in (G1, G2) to
elements in GT.
exp(l, m): The mth power of the finite field element l, which is also recorded
as lm.
E: An elliptic curve, which is defined by α and b on a finite field.
E(Fq): The set of all points in E whose coordinates belong to Fq (including
the point at infinity O).
Fq: The q-order finite prime field.
Fqk: The qk-order finite field, an extension of q-order finite field.
Gn: A base point of the elliptic curve, whose order is a prime number; the
subscript n is an integer, which is used to distinguish different base points.
GT: A base point of a finite field, the order of which is a prime number.
l + m: Field addition operation result of finite field elements l and m.
l x m: The result of the field multiplication of the finite field element l and m,
which is also recorded as lm, if it does not cause ambiguity.
P: P = (xp, yp) is a point on the elliptic curve excluding the zero point O,
the application of TCM anonymous credentials AND the attestation of TCM
anonymous identity. The prover platform drives TCM, to request anonymous
identity credentials, from the credential issuer, by executing the
TCM_ECDAA_Join command and related host calculations. The prover
platform executes the TCM_ECDAA_Sign command and related host
calculations, to prove the TCM's digital identity anonymously, to the verifier
platform.
The verifier platform mainly verifies the attestation data, which is provided by
the prover platform, to certify the TCM identity of the prover platform; ensure
that the prover platform does indeed use the security chip TCM as the identity
of the platform. While verifying the anonymous identity of the TCM, it is
necessary to request the issuer to verify whether the digital identity of the TCM
has been revoked.
In the ECDAA system, the anonymous identity private key f of the TCM security
chip is only allowed to be stored inside the TCM chip, AND is not allowed to be
exported. There can be multiple anonymous identity private keys and
anonymous certification credentials for TCM; however, it is recommended to
use only one anonymous identity private key and credentials. The TCM
anonymous certification process (including certification and verification) can
only be performed by the TCM owner; meanwhile only the TCM owner can clear
the insecure anonymous private key. TCM anonymous identity credentials can
be stored in a host platform, which is outside the chip, OR in other storage
devices.
The core computing functions of the prover platform are completed by the
TCM_ECDAA_Join and TCM_ECDAA_Sign commands of TCM. Only higher
authority can execute these ECDAA commands. The ECDAA command is a
command, that consumes TCM and host computing resources very much. It
requires a large amount of internal resources of the TCM chip, to complete a
series of computing operations. When the TCM security chip executes the
ECDAA command, it is necessary to prohibit the execution of other TCM
command operations.
6.2.2 Basic process
The main communication process between the various participants of the
ECDAA system includes the following steps:
a) System initialization: Set the public parameters of the ECDAA system;
generate a public-private key pair, which is used by the issuer to issue
anonymous certificates.
b) Certificate issuance: The prover applies for and obtains an anonymous
certificate from the issuer.
H3, H4, T1, T2, T3, Tw), the signature of issuer on the public parameter cre
= signkn-1 (issuerSettings), the confidential information of the issuer isk =
r.
c) Algorithm flow:
1) Prove the system parameters (q, α, b, g1, g2, p) directly and
anonymously. Among them, α, b and Fq jointly define the elliptic curve
E(Fq); g1, g2 are the base points of E(Fq) respectively; their order is a
prime number p.
2) Select the bilinear mapping operation e: G1 x G2→GT. Among them,
G1, G2 are the cyclic group, with g1, g2 as generators; the order is
prime p. GT is the p-order cyclic group, with gT as the generator, on
the extended field Fqk; k is the embedding degree of the elliptic curve.
Operation e shall satisfy the following properties:
- For all P ∈ G1, Q ∈ G2, all l, m ∈ Zn, it satisfies: e(lP, mQ) =
e(P,Q)lm;
- There is P ∈ G1, Q ∈ G2, so that e(lP, mQ)≠1GT;
- There is an effective algorithm to calculate e(P, Q).
3) Choose and h1∈RG1, h2∈RG1; calculate .
4) Select the hash function H1: {0, 1}* →{0, 1}2l, H2: {0, 1}6λ →Zp, H3: {0,
1}* →G2, H4: {0, 1} * →Zp.
5) Calculate the...
Get QUOTATION in 1-minute: Click GM/T 0079-2020
Historical versions: GM/T 0079-2020
Preview True-PDF (Reload/Scroll if blank)
GM/T 0079-2020: Direct anonymous attestation specification for trusted computing platform
GM/T 0079-2020
GM
CRYPTOGRAPHIC INDUSTRY STANDARD
OF THE PEOPLE’S REPUBLIC OF CHINA
ICS 35.040
CCS L 80
Direct anonymous attestation specification for trusted
computing platform
ISSUED ON: DECEMBER 28, 2020
IMPLEMENTED ON: JULY 01, 2021
Issued by: National Cryptography Administration
Table of Contents
Foreword ... 3
1 Scope ... 4
2 Normative references ... 4
3 Terms and definitions ... 4
4 Symbols and abbreviations ... 6
5 Cryptographic algorithm ... 7
6 Direct anonymous attestation function ... 8
7 Direct anonymous attestation interface ... 15
Appendix A (Normative) Data structure of direct anonymous attestation
interface ... 32
Appendix B (Informative) Direct anonymous attestation of elliptic curve
parameters and auxiliary functions ... 37
References ... 38
Direct anonymous attestation specification for trusted
computing platform
1 Scope
This document specifies the functions, interfaces, data structure of the direct
anonymous attestation protocol of the trusted computing platform.
This document is applicable to the development of the direct anonymous
certification protocol applications, anonymous certification services,
anonymous certification systems of the trusted computing platform.
2 Normative references
The provisions in following documents become the provisions of this Standard
through reference in this Standard. For the dated references, the subsequent
amendments (excluding corrections) or revisions do not apply to this Standard;
however, parties who reach an agreement based on this Standard are
encouraged to study if the latest versions of these documents are applicable.
For undated references, the latest edition of the referenced document applies.
GB/T 32918-2016 (all parts) Information security techniques - Elliptic curve
public-key cryptography
GM/T 0012 Trusted computing - Interface specification of trusted
cryptography module
GM/Z 4001 Cryptographic terms
3 Terms and definitions
The terms as defined in GM/Z 4001, as well as the following terms, apply to this
document.
3.1
Trusted cryptography module; TCM
A basic hardware module, which construct the trusted computing platform. It
provides cryptographic computing functions for the trusted computing
platform; has protected storage space.
for the trusted cryptographic module.
3.9
Verifier
In direct anonymous attestation, the participant who verifies the identity of
the remote trusted cryptographic module.
4 Symbols and abbreviations
4.1 Symbols
The cryptographic symbols which are defined in GB/T 32918-2016 (all parts),
as well as the following cryptographic symbols, apply to this document.
0: Integer 0, bit 0, or finite field addition identity element.
1: Integer 1, bit 1, or finite field multiplication identity element.
α, b: Elements in Fq, which define the elliptic curve E on Fq.
e: G1 X G2→GT: Bilinear mapping, which maps elements in (G1, G2) to
elements in GT.
exp(l, m): The mth power of the finite field element l, which is also recorded
as lm.
E: An elliptic curve, which is defined by α and b on a finite field.
E(Fq): The set of all points in E whose coordinates belong to Fq (including
the point at infinity O).
Fq: The q-order finite prime field.
Fqk: The qk-order finite field, an extension of q-order finite field.
Gn: A base point of the elliptic curve, whose order is a prime number; the
subscript n is an integer, which is used to distinguish different base points.
GT: A base point of a finite field, the order of which is a prime number.
l + m: Field addition operation result of finite field elements l and m.
l x m: The result of the field multiplication of the finite field element l and m,
which is also recorded as lm, if it does not cause ambiguity.
P: P = (xp, yp) is a point on the elliptic curve excluding the zero point O,
the application of TCM anonymous credentials AND the attestation of TCM
anonymous identity. The prover platform drives TCM, to request anonymous
identity credentials, from the credential issuer, by executing the
TCM_ECDAA_Join command and related host calculations. The prover
platform executes the TCM_ECDAA_Sign command and related host
calculations, to prove the TCM's digital identity anonymously, to the verifier
platform.
The verifier platform mainly verifies the attestation data, which is provided by
the prover platform, to certify the TCM identity of the prover platform; ensure
that the prover platform does indeed use the security chip TCM as the identity
of the platform. While verifying the anonymous identity of the TCM, it is
necessary to request the issuer to verify whether the digital identity of the TCM
has been revoked.
In the ECDAA system, the anonymous identity private key f of the TCM security
chip is only allowed to be stored inside the TCM chip, AND is not allowed to be
exported. There can be multiple anonymous identity private keys and
anonymous certification credentials for TCM; however, it is recommended to
use only one anonymous identity private key and credentials. The TCM
anonymous certification process (including certification and verification) can
only be performed by the TCM owner; meanwhile only the TCM owner can clear
the insecure anonymous private key. TCM anonymous identity credentials can
be stored in a host platform, which is outside the chip, OR in other storage
devices.
The core computing functions of the prover platform are completed by the
TCM_ECDAA_Join and TCM_ECDAA_Sign commands of TCM. Only higher
authority can execute these ECDAA commands. The ECDAA command is a
command, that consumes TCM and host computing resources very much. It
requires a large amount of internal resources of the TCM chip, to complete a
series of computing operations. When the TCM security chip executes the
ECDAA command, it is necessary to prohibit the execution of other TCM
command operations.
6.2.2 Basic process
The main communication process between the various participants of the
ECDAA system includes the following steps:
a) System initialization: Set the public parameters of the ECDAA system;
generate a public-private key pair, which is used by the issuer to issue
anonymous certificates.
b) Certificate issuance: The prover applies for and obtains an anonymous
certificate from the issuer.
H3, H4, T1, T2, T3, Tw), the signature of issuer on the public parameter cre
= signkn-1 (issuerSettings), the confidential information of the issuer isk =
r.
c) Algorithm flow:
1) Prove the system parameters (q, α, b, g1, g2, p) directly and
anonymously. Among them, α, b and Fq jointly define the elliptic curve
E(Fq); g1, g2 are the base points of E(Fq) respectively; their order is a
prime number p.
2) Select the bilinear mapping operation e: G1 x G2→GT. Among them,
G1, G2 are the cyclic group, with g1, g2 as generators; the order is
prime p. GT is the p-order cyclic group, with gT as the generator, on
the extended field Fqk; k is the embedding degree of the elliptic curve.
Operation e shall satisfy the following properties:
- For all P ∈ G1, Q ∈ G2, all l, m ∈ Zn, it satisfies: e(lP, mQ) =
e(P,Q)lm;
- There is P ∈ G1, Q ∈ G2, so that e(lP, mQ)≠1GT;
- There is an effective algorithm to calculate e(P, Q).
3) Choose and h1∈RG1, h2∈RG1; calculate .
4) Select the hash function H1: {0, 1}* →{0, 1}2l, H2: {0, 1}6λ →Zp, H3: {0,
1}* →G2, H4: {0, 1} * →Zp.
5) Calculate the...
Share






