后量子基于验证元的三方口令认证密钥交换协议

doi:10.11959/j.issn.1000-436x.2022062

通信学报 ›› 2022, Vol. 43 ›› Issue (4): 95-106.doi: 10.11959/j.issn.1000-436x.2022062

后量子基于验证元的三方口令认证密钥交换协议

廉欢欢¹, 侯慧莹¹, 赵运磊¹^,²

¹ 复旦大学计算机科学技术学院，上海 200433
² 西安电子科技大学综合业务网国家重点实验室，陕西西安 710071

修回日期:2021-12-17 出版日期:2022-04-25 发布日期:2022-04-01
作者简介:廉欢欢（1993- ），女，河南沁阳人，复旦大学博士生，主要研究方向为密码学、信息安全等
侯慧莹（1992- ），女，山东济宁人，复旦大学博士生，主要研究方向为应用密码学和信息安全等
赵运磊（1974- ），男，山东阳谷人，博士，复旦大学特聘教授、博士生导师，主要研究方向为后量子密码、密码协议和计算理论等
基金资助:
国家自然科学基金资助项目(U1536205);国家自然科学基金资助项目(61472084);国家重点研发计划基金资助项目(2017YFB0802000);上海市创新行动计划基金资助项目(16DZ1100200);上海市科学技术发展基金资助项目(16JC1400801);上海市科委技术标准基金资助项目(21DZ2200500);山东省重点研发计划基金资助项目(2017CXG0701);山东省重点研发计划基金资助项目(2018CXGC0701)

Post-quantum verifier-based three-party password authenticated key exchange protocol

Huanhuan LIAN¹, Huiying HOU¹, Yunlei ZHAO¹^,²

¹ College of Computer Science and Technology, Fudan University, Shanghai 200433, China
² State Key Laboratory of Integrated Services Networks, Xidian University, Xi’an 710071, China

Revised:2021-12-17 Online:2022-04-25 Published:2022-04-01
Supported by:
The National Natural Science Foundation of China(U1536205);The National Natural Science Foundation of China(61472084);The National Key Research and Development Program of China(2017YFB0802000);Shanghai Innovation Action Project(16DZ1100200);Shanghai Science and Technology Development Funds(16JC1400801);Technical Standard Project of Shanghai Scientific and Technological Committee(21DZ2200500);Shandong Provincial Key Research and Development Program(2017CXG0701);Shandong Provincial Key Research and Development Program(2018CXGC0701)

摘要/Abstract

摘要：

针对服务器直接以明文的方式存储口令，存在服务器泄露的风险，基于两方的基于格的口令认证密钥交换（PAKE）协议不适用于大规模通信系统的问题，提出了一种格上基于验证元的三方口令认证密钥交换协议。通过随机口令哈希方案生成验证元，并结合口令策略检查机制实现口令的检查，利用基于格的 CCA 安全公钥加密体制构造一个新的基于验证元的 3PAKE 协议，同时实现用户与服务器的双向认证。安全性和性能分析证明了所提协议在通信效率和安全度上都具有较好的优势。

关键词: 三方密钥交换, 口令认证, 验证元, 格, 可证明安全

Abstract:

In view of the fact that server stored the passwords directly in plaintext, there was a risk of server compromise, and two-party PAKE protocol was not suitable for large-scale communication systems, a three-party verifier-based password authenticated key exchange protocol from lattices was proposed.Hashing scheme and zero-knowledge password policy check were combined to realize the generation of verifier and the password checking.A novel verifier-based 3PAKE protocol was constructed by using CCA-secure public-key encryption from lattices, which realized mutual authentication.Security and performance analysis shows that the proposed protocol has better advantages in communication efficiency and security.

Key words: three-party key exchange, password authentication, verifier, lattice, provable security

中图分类号:

TP309

廉欢欢, 侯慧莹, 赵运磊. 后量子基于验证元的三方口令认证密钥交换协议[J]. 通信学报, 2022, 43(4): 95-106.

Huanhuan LIAN, Huiying HOU, Yunlei ZHAO. Post-quantum verifier-based three-party password authenticated key exchange protocol[J]. Journal on Communications, 2022, 43(4): 95-106.

图/表 5

图1

表1

符号说明"

符号	说明
hk	哈希密钥
hp	投射密钥
label	标签
$H_{S A}, H_{S B}$	存储于服务器上的A和B的口令哈希值
$s_{P_{1}}, s_{P_{2}}$	预盐值
$s_{H_{1}}, s_{H_{2}}$	盐值
mk	伪随机函数密钥
${sk}_{A B}, {sk}_{B A}$	由用户A和B生成的会话密钥

表1

图2

表2

表3

参考文献 29

[1]	BELLOVIN S M , MERRITT M . Encrypted key exchange:password-based protocols secure against dictionary attacks[C]// Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy. Piscataway:IEEE Press, 1992: 72-84.
[2]	VASCO M I G , POZO A L P D , SORIENTE C . A key for John Doe:modeling and designing anonymous password-authenticated key exchange protocols[J]. IEEE Transactions on Dependable and Secure Computing, 2021,18(3): 1336-1353.
[3]	BRADLEY T , JARECKI S , XU J . Strong asymmetric PAKE based on trapdoor CKEM[C]// 2019 Advances in Cryptology. Berlin:Springer, 2019: 798-825.
[4]	ABDALLA M , BARBOSA M , BRADLEY T ,et al. Universally composable relaxed password authenticated key exchange[C]// 2020 Advances in Cryptology. Berlin:Springer, 2020: 278-307.
[5]	KATZ J , VAIKUNTANATHAN V . Round-optimal password-based authenticated key exchange[J]. Journal of Cryptology, 2013,26(4): 714-743.
[6]	KATZ J , VAIKUNTANATHAN V . Smooth projective hashing and password-based authenticated key exchange from lattices[C]// 2009 Advances in Cryptology. Berlin:Springer, 2009: 636-652.
[7]	GENNARO R , LINDELL Y . A framework for password-based authenticated key exchange1[J]. ACM Transactions on Information and System Security (TISSEC), 2006,9(2): 181-234.
[8]	DING Y , FAN L . Efficient password-based authenticated key exchange from lattices[C]// 2012 Seventh International Conference on Computational Intelligence and Security. Piscataway:IEEE Press, 2012: 934-938.
[9]	GROCE A , KATZ J . A new framework for efficient password-based authenticated key exchange[C]// Proceedings of the 17th ACM conference on Computer and communications security. New York:ACM Press, 2010: 516-525.
[10]	DING J , ALSAYIGH S , LANCRENON J ,et al. Provably secure password authenticated key exchange based on RLWE for the post-quantum world[C]// 2017 Cryptographers’ Track at the RSA Conference. Berlin:Springer, 2017: 183-204.
[11]	ZHANG J , YU Y . Two-round PAKE from approximate SPH and instantiations from lattices[C]// 2017 International Conference on the Theory and Application of Cryptology and Information Security. Berlin:Springer, 2017: 37-67.
[12]	李子臣, 谢婷, 张卷美 . 基于RLWE问题的后量子口令认证密钥交换协议[J]. 电子学报, 2021,49(2): 260-267.
	LI Z C , XIE T , ZHANG J M . Post quantum password-based authentication key exchange protocol based on ring learning with errors problem[J]. Acta Electronica Sinica, 2021,49(2): 260-267.
[13]	YIN A Q , GUO Y B , SONG Y M ,et al. Two-round password-based authenticated key exchange from lattices[J]. Wireless Communications and Mobile Computing, 2020(17): 1-13.
[14]	叶茂, 胡学先, 刘文芬 . 基于格的三方口令认证密钥交换协议[J]. 电子与信息学报, 2013,35(6): 1376-1381.
	YE M , HU X X , LIU W F . Password authenticated key exchange protocol in the three party setting based on lattices[J]. Journal of Electronics ＆ Information Technology, 2013,35(6): 1376-1381.
[15]	XU D Q , HE D B , CHOO K K R . Provably secure three-party password authenticated key exchange protocol based on ring learning with error[R]. 2017.
[16]	王彩芬, 陈丽 . 基于格的用户匿名三方口令认证密钥协商协议[J]. 通信学报, 2018,39(2): 21-30.
	WANG C F , CHEN L . Three-party password authenticated key agreement protocol with user anonymity based on lattice[J]. Journal on Communications, 2018,39(2): 21-30.
[17]	于金霞, 廉欢欢, 汤永利 ,等. 格上基于口令的三方认证密钥交换协议[J]. 通信学报, 2018,39(11): 87-97.
	YU J X , LIAN H H , TANG Y L ,et al. Password-based three-party authenticated key exchange protocol from lattices[J]. Journal on Communications, 2018,39(11): 87-97.
[18]	JIANG S , GONG G , HE J ,et al. PAKEs:new framework,new techniques and more efficient lattice-based constructions in the standard model[C]// 2020 IACR International Conference on Public-Key Cryptography. Berlin:Springer, 2020: 396-427.
[19]	BELLOVIN S M , MERRITT M . Augmented encrypted key exchange:a password-based protocol secure against dictionary attacks and password file compromise[C]// Proceedings of the 1st ACM conference on Computer and communications security. New York:ACM Press, 1993: 244-250.
[20]	BENHAMOUDA F , POINTCHEVAL D . Verifier-based password-authenticated key exchange:new models and constructions[R]. 2014.
[21]	杨晓燕, 侯孟波, 魏晓超 . 基于验证元的三方口令认证密钥交换协议[J]. 计算机研究与发展, 2016,53(10): 2230-2238.
	YANG X Y , HOU M B , WEI X C . Verifier-based three-party password authenticated key exchange protocol[J]. Journal of Computer Research and Development, 2016,53(10): 2230-2238.
[22]	张启慧, 胡学先, 刘文芬 ,等. 改进的三方口令验证元认证密钥交换协议[J]. 软件学报, 2020,31(10): 3238-3250.
	ZHANG Q H , HU X X , LIU W F ,et al. Improved verifier-based three-party password-authenticated key exchange protocol[J]. Journal of Software, 2020,31(10): 3238-3250.
[23]	舒琴, 王圣宝, 胡斌 ,等. 理想格上基于验证元的三方口令认证密钥交换协议[J]. 密码学报, 2021,8(2): 294-306.
	SHU Q , WANG S B , HU B ,et al. Verifier-based three-party password-authenticated key exchange protocol from ideal lattices[J]. Journal of Cryptologic Research, 2021,8(2): 294-306.
[24]	ABDALLA M , FOUQUE P A , POINTCHEVAL D . Password-based authenticated key exchange in the three-party setting[C]// 2005 International Workshop on Public Key Cryptography. Berlin:Springer, 2005: 65-84.
[25]	REGEV O . On lattices,learning with errors,random linear codes,and cryptography[J]. Journal of the ACM, 2009,56(6): 1-40.
[26]	CRAMER R , SHOUP V . Universal hash proofs and a paradigm for adaptive chosen ciphertext secure public-key encryption[C]// International Conference on the Theory and Applications of Cryptographic Techniques:Advances in Cryptology. Berlin:Springer, 2002: 45-64.
[27]	KIEFER F , MANULIS M . Zero-knowledge password policy checks and verifier-based PAKE[C]// 2014 European Symposium on Research in Computer Security. Berlin:Springer, 2014: 295-312.
[28]	NGUYEN K , TAN B H M , WANG H X . Zero-knowledge password policy check from lattices[C]// 2017 International Conference on Information Security. Berlin:Springer, 2017: 92-113.
[29]	BELLARE M , POINTCHEVAL D , ROGAWAY P . Authenticated key exchange secure against dictionary attacks[C]// International Conference on the Theory and Applications of Cryptographic Techniques:Advances in Cryptology. Berlin:Springer, 2000: 139-155.

协议	类型	消息传输量/条	通信效率	双向认证	抵抗服务器泄露	难题假设
文献[15]	3PAKE	6	9n ₂+7n₂ log q+5	是	否	RLWE
文献[16]	3PAKE	5	4n ₂ log q+7n₂	是	否	RLWE
文献[20]	2VPAKE	2	10n ₂+2n₁	否	是	plain DDH
文献[22]	3VPAKE	8	8n ₂+8n₁	是	是	DDH
文献[23]	3VPAKE	8	6n ₂ log q+7n₂	是	是	RLWE
本文协议	3VPAKE	5	2n ₂+4(m+n₂)log q	是	是	LWE

协议	工具	Exp	Enc/Dec	ASPH(SPH)	Hash	总开销
文献[21]	SPH	25	2	2	6	25Exp+1Enc+1Dec+2SPH+6Hash
文献[22]	SPH	18	4	4	8	18Exp+2Enc+2Dec+4SPH+8Hash
文献[14]	ASPH	0	4	4	24	2Enc+2Dec+4ASPH+24Hash
本文协议	ASPH	0	4	4	26	2Enc+2Dec+4ASPH+26Hash

后量子基于验证元的三方口令认证密钥交换协议

Post-quantum verifier-based three-party password authenticated key exchange protocol

在线阅读

PDF下载

可视化

摘要/Abstract

引用本文

使用本文

图/表 5

参考文献 29

相关文章 15

Metrics

推荐阅读 0

[1]	陈晓玉, 孙连峰, 张钇涵. 具有大零相关区宽度的Ⅱ型偶长Z-互补对构造方法[J]. 通信学报, 2023, 44(6): 167-174.
[2]	尹安琪, 郭渊博, 汪定, 曲彤洲, 陈琳. 可证明安全的抗量子两服务器口令认证密钥交换协议[J]. 通信学报, 2022, 43(3): 14-29.
[3]	曹阳, 钟烨, 彭醇陵, 彭小峰. 基于混合供能和能量协作的异构网络能量效率优化算法[J]. 通信学报, 2022, 43(3): 135-147.
[4]	毛伊敏, 甘德瑾, 廖列法, 陈志刚. 基于Spark框架和ASPSO的并行划分聚类算法[J]. 通信学报, 2022, 43(3): 148-163.
[5]	郭渊博, 尹安琪. 基于格的口令认证密钥交换协议综述[J]. 通信学报, 2022, 43(12): 172-187.
[6]	郭红伟, 朱策, 杨栩, 罗雷. 基于失真反向传播的时域依赖率失真优化[J]. 通信学报, 2022, 43(12): 222-232.
[7]	董有恒, 赵耿, 马英杰. 基于分区初等元胞自动机的二维伪随机耦合映像格系统及其动态特性[J]. 通信学报, 2022, 43(1): 71-82.
[8]	田苗苗, 陈静, 仲红. 格上基于身份的增量签名方案[J]. 通信学报, 2021, 42(1): 108-117.
[9]	刘镇,韩益亮,杨晓元,柳曙光. 基于RLWE的可证明安全无陷门签密方案[J]. 通信学报, 2020, 41(6): 14-25.
[10]	王宏禹,邱天爽. 特征算子谱表示与特征展开的研究[J]. 通信学报, 2020, 41(5): 1-8.
[11]	彭长根, 张小玉, 丁红发, 杨善慧. 基于Cocks身份密码体制的高效签密方案[J]. 通信学报, 2020, 41(12): 128-138.
[12]	房礼国,付正欣,胡浩,沈刚,郁滨. 基于区域递增式彩色视觉密码的栅格地图多级分存算法研究[J]. 通信学报, 2019, 40(9): 24-32.
[13]	田有亮,李秋贤,张铎,王琳杰. 可证明安全的理性委托计算协议[J]. 通信学报, 2019, 40(7): 135-143.
[14]	王天荆,李秀琴,白光伟,沈航. 无线传感器网络中基于自适应网格的多目标定位算法[J]. 通信学报, 2019, 40(7): 197-207.
[15]	田苗苗,高闯,陈洁. 格上基于身份的云存储完整性检测方案[J]. 通信学报, 2019, 40(4): 128-139.