基于格的用户匿名三方口令认证密钥协商协议

doi:10.11959/j.issn.1000-436x.2018021

通信学报 ›› 2018, Vol. 39 ›› Issue (2): 21-30.doi: 10.11959/j.issn.1000-436x.2018021

基于格的用户匿名三方口令认证密钥协商协议

王彩芬,陈丽

西北师范大学计算机科学与工程学院，甘肃兰州 730070

修回日期:2018-01-17 出版日期:2018-02-01 发布日期:2018-03-28
作者简介:王彩芬（1963-），女，河北安国人，博士，西北师范大学教授、博士生导师，主要研究方向为密码学、网络安全、信息安全。|陈丽（1991-）女，甘肃武威人，西北师范大学硕士生，主要研究方向为网络与信息安全、密钥协商协议。
基金资助:
国家自然科学基金资助项目(61662069);国家自然科学基金资助项目(61562077);国家自然科学基金资助项目(61662071);西北师范大学青年教师科研能力提升计划基金资助项目(NWNU-LKQN-14-7)

Three-party password authenticated key agreement protocol with user anonymity based on lattice

Caifen WANG,Li CHEN

College of Computer Science and Engineering,Northwest Normal University,Lanzhou 730070,China

Revised:2018-01-17 Online:2018-02-01 Published:2018-03-28
Supported by:
The National Natural Science Foundation of China(61662069);The National Natural Science Foundation of China(61562077);The National Natural Science Foundation of China(61662071);The Foundation for Excellent Young Teachers by Northwest Normal University(NWNU-LKQN-14-7)

摘要/Abstract

摘要：

随着量子理论的快速发展，离散对数问题和大整数分解问题在量子计算下存在多项式求解算法，其安全性受到严重威胁，因此，提出2个基于环上带误差学习问题的用户匿名三方口令认证密钥协商方案，包括基于格的隐式认证密钥协商方案和基于格的显式认证密钥协商方案，并证明了其安全性。其中，隐式认证密钥协商协议通信量少、认证速度快，显式认证密钥协商协议安全性更高，同时实现用户和服务器的双向认证、可抗不可测在线字典攻击。与其他口令认证密钥协商协议相比，所提协议有更高的效率和更短的密钥长度，能够抵抗量子攻击，因此，该协议既高效又安全，适用于大规模网络下的通信。

关键词: 格密码, 可证明安全, 口令认证, 密钥交换, 环上带误差

Abstract:

With the rapid development of quantum theory and the existence of polynomial algorithm in quantum computation based on discrete logarithm problem and large integer decomposition problem,the security of the algorithm was seriously threatened.Therefore,two authentication key agreement protocols were proposed rely on ring-learning-with-error (RLWE) assumption including lattice-based implicit authentication key agreement scheme and lattice-based explicit authentication key agreement scheme and proved its security.The implicit authentication key agreement protocol is less to communicate and faster to authentication,the explicit authentication key agreement protocol is more to secure.At the same time,bidirectional authentication of users and servers can resist unpredictable online dictionary attacks.The new protocol has higher efficiency and shorter key length than other password authentication key agreement protocols.It can resist quantum attacks.Therefore,the protocol is efficient,secure,and suitable for large-scale network communication.

Key words: lattice-based cryptology, provably secure, password authentication, key exchange, ring-learning-with-error

中图分类号:

TP309.7

王彩芬,陈丽. 基于格的用户匿名三方口令认证密钥协商协议[J]. 通信学报, 2018, 39(2): 21-30.

Caifen WANG,Li CHEN. Three-party password authenticated key agreement protocol with user anonymity based on lattice[J]. Journal on Communications, 2018, 39(2): 21-30.

图/表 4

表1

本文方案使用的符号说明"

符号	说明
B、C	客户B和C
TID_B、TID_C	客户B和C的临时身份
S	远程服务器
pw_B、pw_C	客户B和C的口令
h、H₁、H₂、H₃、H₄	散列函数
β、ω	β∈ {0,1},ω∈{0,1}ⁿ
a、s	a ,s∈R_q
R_q	多项式环
χ_β	环上的高斯分布
Cha、Mod₂	函数
⊕	异或运算符
$A$	概率多项式时间敌手
$C H$	挑战者
sk_BC	由客户B和C生成的会话密钥

表1

图1

图2

表2

性能比较"

协议	文献[6]方案	文献[11]方案	文献[12]方案	文献[13]方案	文献[16]方案	本文方案1	本文方案2
类型	2-party	3-party	2-party	2-party	3-party	3-party	3-party
用户匿名性	否	否	否	否	否	是	是
相互认证	否	是	是	是	是	是	是
抵抗量子攻击	能	能	能	能	能	能	能
不可测字典攻击	否	是	是	是	是	是	是
困难假设	LWE	ASPH	RLWE	RLWE	ASPH	RLWE	RLWE
采样数	m=Ω(nlgq)	m=Ω(nlgq)	m=Ω(nlgq)	m=Ω(lgq)	m=Ω(nlgq)	m=Ω(lgq)	m=Ω(lgq)
公钥长度/bit	m(2n+1)lgq	3mn lg q	m(2n+1)lgq	2 mn lg q	m(2n+1)lgq	2 mn lg q	2 mn lg q
密文扩展率	$\frac{m}{n}$	$\frac{3 m n}{n - 1}$	$\frac{2 m n}{n - 1}$	$\frac{m}{n}$	$\frac{3 m n}{n - 1}$	$\frac{m}{n}$	$\frac{m}{n}$
运算方法	矩阵运算	环运算	环运算	环运算	环运算	环运算	环运算
计算复杂度	O (mn)	O(mlgn)	$O (2^{2 n - 2})$	O(mlgn)	$O (2^{2 n + 2})$	O(mlgn)	O(mlgn)
消息传输量/轮	3	3	2	2/3	4	2	3

表2

参考文献 17

[1]	LAW L , MENEZES A , QU M ,et al. An efficient protocol for authenticated key agreement[J]. Designs,Codes and Cryptography, 2003,28(2): 119-134.
[2]	ABADLLA M , FOUQUE P A , POINTCHEVAL D . Password-based authenticated key exchange in the three-party setting[C]// International Workshop on Public Key Cryptography. 2005: 65-84.
[3]	RAIMANDO M D , GENNARO R . Provably secure threshold password-authenticated key exchange[J]. Journal of Computer and System Sciences, 2006,72(6): 978-1001.
[4]	ZHAO F , GONG P , LI S ,et al. Cryptanalysis and improvement of a three-party key agreement protocol using enhanced Chebyshev polynomials[J]. Nonlinear Dynamics, 2013,74(1-2): 419-427.
[5]	XIE Q , ZHAO J , YU X . Chaotic maps-based three-party password-authenticated key agreement scheme[J]. Nonlinear Dynamics, 2013,74(4): 1021-1027.
[6]	KATZ J , VAIKUNTANATHAN V . Smooth projective hashing and password-based authenticated key exchange from lattices[C]// International Conference on the Theory and Application of Cryptology and Information Security. 2009: 636-652.
[7]	DING Y , FAN L . Efficient password-based authenticated key exchange from lattices[C]// 2011 Seventh International Conference on Computational Intelligence and Security (CIS). 2011: 934-938.
[8]	DING J , XIE X , LIN X . A simple provably secure key exchange scheme based on the learning with errors problem[J]. IACR Cryptology Eprint Archive, 2014:688.
[9]	FUJIOKA A , SUZUKI K , XAGAWA K ,et al. Practical and post-quantum authenticated key exchange from one-way secure key encapsulation mechanism[C]// The 8th ACM SIGSAC Symposium on Information,Computer and Communications Security. 2013: 83-94.
[10]	胡学先, 魏江宏, 叶茂 . 对一个强安全的认证密钥交换协议的分析[J]. 电子与信息学报, 2013,35(9): 2278-2282.
	HU X X , WEI J H , YE M . Cryptanalysis of a strongly secure authenticated key exchange protocol[J]. Journal of Electronics ＆Information Technology, 2013,35(9): 2278-2282.
[11]	叶茂, 胡学先, 刘文芬 . 基于格的三方口令认证密钥交换协议[J]. 电子与信息学报, 2013,35(6): 1376-1381.
	YE M , HU X X , LIU W F . Password authenticated key exchange protocol in the three party setting based on lattices[J]. Journal of Electronics ＆ Information Technology, 2013,35(6): 1376-1381.
[12]	ZHANG J , ZHANG Z , DING J ,et al. Authenticated key exchange from ideal lattices[C]// Annual International Conference on the Theory and Applications of Cryptographic Techniques. 2015: 719-751.
[13]	DING J , ALASYIGH S , LANCRENON J ,et al. Provably secure password authenticsated key exchange based on RLWE for the post-quantum world[C]// Cryptographers’ Track at the RSA Conference. 2017: 183-204.
[14]	杨孝鹏, 马文平, 张成丽 . 一种新型基于环上带误差学习问题的认证密钥交换方案[J]. 电子与信息学报, 2015,37(8): 1984-1988.
	YANG X P , MA W P , ZHANG C L . New authenticated key exchange scheme based on ring learning with errors problem[J]. Journal of Electronics ＆ Information Technology, 2015,37(8): 1984-1988.
[15]	STEBILA D , MOSCA M . Post-quantum key exchange for the Internet and the open quantum safe project[R]. Cryptology Eprint Archive,Report 2016/1017, 2016.
[16]	杨晓燕, 侯孟波, 魏晓超 . 基于验证元的三方口令认证密钥交换协议[J]. 计算机研究与发展, 2016,53(10): 2230-2238.
	YANG X Y , HOU M B , WEI X C . Verifier-based three-party password authenticated key exchange protocol[J]. Journal of Computer Research and Development, 2016,53(10): 2230-2238.
[17]	XU D , HE D , CHOO K R ,et al. Provably secure three-party password authenticated key exchange protocol based on ring learning with error[J]. IACR Cryptology Eprint Archive, 2017:360.

基于格的用户匿名三方口令认证密钥协商协议

Three-party password authenticated key agreement protocol with user anonymity based on lattice

在线阅读

PDF下载

可视化

被引次数

摘要/Abstract

引用本文

使用本文

图/表 4

参考文献 17

相关文章 15

Metrics

推荐阅读 0

[1]	王圣宝, 周鑫, 文康, 翁柏森. 适用于智能电网的三方认证密钥交换协议[J]. 通信学报, 2023, 44(2): 210-218.
[2]	廉欢欢, 侯慧莹, 赵运磊. 后量子基于验证元的三方口令认证密钥交换协议[J]. 通信学报, 2022, 43(4): 95-106.
[3]	尹安琪, 郭渊博, 汪定, 曲彤洲, 陈琳. 可证明安全的抗量子两服务器口令认证密钥交换协议[J]. 通信学报, 2022, 43(3): 14-29.
[4]	郭渊博, 尹安琪. 基于格的口令认证密钥交换协议综述[J]. 通信学报, 2022, 43(12): 172-187.
[5]	刘镇,韩益亮,杨晓元,柳曙光. 基于RLWE的可证明安全无陷门签密方案[J]. 通信学报, 2020, 41(6): 14-25.
[6]	彭长根, 张小玉, 丁红发, 杨善慧. 基于Cocks身份密码体制的高效签密方案[J]. 通信学报, 2020, 41(12): 128-138.
[7]	田有亮,李秋贤,张铎,王琳杰. 可证明安全的理性委托计算协议[J]. 通信学报, 2019, 40(7): 135-143.
[8]	徐渊,杨超,杨力. 基于移动端协助的远程用户单一口令认证方法[J]. 通信学报, 2019, 40(2): 174-187.
[9]	张艳硕,王泽豪,王志强,陈辉焱. 基于特征值的可验证三方安全密钥交换协议[J]. 通信学报, 2019, 40(12): 149-154.
[10]	闫玺玺,刘媛,李子臣,汤永利,叶青. 理想格上支持隐私保护的属性基加密方案[J]. 通信学报, 2018, 39(3): 128-135.
[11]	于金霞,廉欢欢,汤永利,史梦瑶,赵宗渠. 格上基于口令的三方认证密钥交换协议[J]. 通信学报, 2018, 39(11): 87-97.
[12]	孙泽栋,祝跃飞,顾纯祥,郑永辉. 基于RLWE的密钥策略属性加密体制[J]. 通信学报, 2016, 37(Z1): 125-131.
[13]	李昊星,李凤华,宋承根,阎亚龙. 支持身份认证的数据持有性证明方案[J]. 通信学报, 2016, 37(10): 117-127.
[14]	温雅敏,龚征. 新型组织隐藏的认证密钥交换协议[J]. 通信学报, 2015, 36(9): 82-90.
[15]	张宇，杜瑞颖，陈晶，侯健，周庆，王文武. 对一个基于身份签密方案的分析与改[J]. 通信学报, 2015, 36(11): 174-179.