Direct Anonymous Attestation (DAA) is a cryptographic primitive which enables remote authentication of a trusted computer whilst preserving privacy of the platform's user.
ISO/IEC 20008 specifies DAA, as well, and Intel's Enhanced Privacy ID (EPID) 2.0 implementation for microprocessors is available for licensing RAND-Z along with an open source SDK.
Furthermore, this approach fails to realize a secondary goal: the ability to detect rogue TPMs.
This solution is problematic since the privacy CA must take part in every transaction and thus must provide high availability whilst remaining secure.
The protocol also supports a blocklisting capability so that Verifiers can identify attestations from TPMs that have been compromised.
The Member and Verifier can also elect to reveal additional information to accomplish non-anonymous interactions (just as you can choose to tell a stranger your full name, or not).
[3] Brickell, Chen, and Li improved efficiency of that first scheme using symmetric pairings, rather than RSA.
[10] In addition, the Intel EPID 2.0 implementation of ISO/IEC 20008 DAA and the available open source SDK[11] can be used for members and verifiers to do attestation.