The objective of direct anonymous attestation (DAA) is to enable a party to prove that the party is a member in good standing in a group without revealing information about its identity. In the DAA scheme, there are three types of entities: an issuer, a prover, and verifiers.
An issuer is an entity that issues a unique DAA private key to each member of the group. A verifier is an entity which is trying to establish whether a platform is a member of the group. A prover platform is an entity which is trying to prove membership in the group. If the platform is indeed a member in the group in good standing (i.e., the platform owns a valid DAA private key and the private key has not been revoked), the authentication process will be successful.
For each DAA group, there is a group public key and a group issuing private key (master key). The group issuing private key is used for generating a unique private key for each group member. The issuing private key is kept securely by the issuer. Each platform uses its DAA private key to digitally sign a message. The resulting signature is referred to as a DAA signature. The verifier uses the group public key to verify the correctness of a DAA signature, i.e., to verify that the signature was indeed created by a platform with a valid DAA private key. The DAA signature however does not reveal any information about which unique private key was used to create the DAA signature. The DAA scheme includes methods to handle revocation, such as, for example, a private-key based revocation and a signature based revocation. The DAA scheme does not include generating mutual shared session keys.
The SIGMA (SIGn-and-MAc Approach) protocol is a Diffie-Hellman based key exchange protocol using digital signatures. The protocol is used by the Internet Key Exchange (IKE) standards (such as RFC 5996) and the Internet Protocol Security (IPsec) standards.