TPM?

[vaudenay]

K_A could be stolen by a malware or coercion attacks. If K_A is stolen, A can be impersonated in HELLO_A messages and in communication with the server (status check, retrival of new EBIDs). A TPM could help protecting K_A.

[vaudenay]

Maybe K_A should rotate at every connection with server.

[PRIVATICS-Inria]

Thanks, @vaudenay. We are still working on the protocol to improve it, considering TPM is still on the table.