Attestation using standard asymmetric cryptographic signature algorithms has a well-known privacy concern when a small number of keys are used across the life of the platform. Because the key used for signing the quote needs to be associated with the hardware performing the quote operation, it allows third parties to collude and track which sites users have visited. To overcome this problem, Intel has introduced the use of an anonymous signature technique, known as Intel(R) Enhanced Privacy ID (Intel(R) EPID), for signing enclave quotes.
Intel EPID is a group signature scheme, which allows platforms to cryptographically sign objects while at the same time preserving the signer’s privacy. With Intel EPID signature scheme, each signer in a group has their own private key for signing, but verifiers use the same group public key to verify individual signatures. Therefore, users cannot be uniquely identified if signing two transactions with the same party because a verifier cannot detect which member of the group signed a quote. In the case of Intel SGX, this group is a collection of Intel SGX enabled platforms.