中文摘要：

为了降低可信平台的密钥泄漏对直接匿名证明方案造成的破坏,提出一种基于密钥隔离的直接匿名证明方案KIDAA.首先将系统时间划分成若干时间段,然后对可信平台的私钥采取进化的处理办法,在不同的时间片段内使用不同的私钥,使得个别时间段内的私钥泄漏不会危害其他时间片段内的安全性.把可信平台的私钥分成2个部分,交给可信平台模块TPM和可信平台保存,在每个时间片段内,可信平台只有在TPM的帮助下,才能够获得完整的私钥信息.在签名过程中使用了双线性映射,缩短了签名长度,降低了TPM的计算量.最后,在DLIN假设和q-SDH假设的基础上,对KIDAA的安全性进行了分析和证明.分析表明,该方案满足密钥隔离性、不可伪造性和可变匿名性.

英文摘要：

To reduce the damage to direct anonymous attestation（DAA） from the key-exposure of platform,a key-insulated DAA（KIDAA） is proposed.First,the lifetime of the system is divided into discrete periods.Then,the secret key of the trusted platform is processed through evolution,a temporary secret key is used to sign a message during the corresponding time period,thus the exposure of the temporary secret key at a given period will not enable an adversary to derive temporary secret keys for the remaining time periods.The secret key is divided into two parts： a helper key and temporary secret key.The former is stored in the trusted platform model（TPM）,and the latter is kept by the platform.At the beginning of each time period,the platform can derive the temporary secret key for the current time period under the TPM server.The signature length of scheme is shortened through elliptic curve cryptography（ECC）-based sign algorithm,meanwhile the computational cost of the TPM is reduced.At last,the security in standard model under decision linear（DLIN） assumption and q-strong Diffie-Hellman（q-SDH） assumption is proved,which show that the scheme meets the security requirements of key insulation,variable-anonymity and unlink ability.