A secure client communicating with a server is sometimes required to authenticate itself to the server, and to prove that it has not been compromised by a hostile third party. Various solutions have been proposed for this sort of authentication process. Some solutions involve creating and reporting to the server a secure identity of the client. For example, the Trusted Computing Group (TCG) specifies a solution called “Device Identifier Composition Engine” (DICE), in “Trusted Platform Architecture Hardware Requirements for a Device Identifier Composition Engine,” Family 2.0, Level 00, Revision 69, Dec. 16, 2016, which is incorporated herein by reference.