通信学报 ›› 2022, Vol. 43 ›› Issue (3): 14-29.doi: 10.11959/j.issn.1000-436x.2022052

• 学术论文 • 上一篇    下一篇

可证明安全的抗量子两服务器口令认证密钥交换协议

尹安琪1, 郭渊博1, 汪定2,3, 曲彤洲1, 陈琳1   

  1. 1 信息工程大学密码工程学院,河南 郑州 450001
    2 南开大学网络空间安全学院,天津 300350
    3 南开大学天津市网络与数据安全技术重点实验室,天津 300350
  • 修回日期:2022-02-15 出版日期:2022-03-25 发布日期:2022-03-01
  • 作者简介:尹安琪(1995- ),女,山东临沂人,信息工程大学博士生,主要研究方向为安全协议设计及格密码理论等
    郭渊博(1975- ),男,陕西周至人,博士,信息工程大学教授、博士生导师,主要研究方向为网络防御、数据挖掘、机器学习和人工智能安全等
    汪定(1985- ),男,湖北十堰人,博士,南开大学教授、博士生导师,主要研究方向为公钥密码学、系统安全、人工智能等
    曲彤洲(1994- ),男,辽宁铁岭人,信息工程大学博士生,主要研究方向为网络安全和安全专用芯片设计等
    陈琳(1975- ),女,河南开封人,博士,信息工程大学副教授、硕士生导师,主要研究方向为信息安全、安全专用芯片设计等
  • 基金资助:
    国家自然科学基金资助项目(61501515)

Provably secure quantum resistance two-server password-authenticated key exchange protocol

Anqi YIN1, Yuanbo GUO1, Ding WANG2,3, Tongzhou QU1, Lin CHEN1   

  1. 1 Department of Cryptogram Engineering, Information Engineering University, Zhengzhou 450001, China
    2 College of Cyber Science, Nankai University, Tianjin 300350, China
    3 Tianjin Key Laboratory of Network and Data Security Technology, Nankai University, Tianjin 300350, China
  • Revised:2022-02-15 Online:2022-03-25 Published:2022-03-01
  • Supported by:
    The National Natural Science Foundation of China(61501515)

摘要:

针对基于格的单服务器口令认证密钥交换(PAKE)协议不能抵抗服务器泄露攻击,而目前基于格的多服务器 PAKE 协议的执行效率较低且不适用于两服务器场景的问题,利用带误差学习(LWE),提出了格上第一个非适应性两方平滑投影哈希函数(SPHF),具备不可区分适应性选择密文攻击(IND-CCA2)的安全性,并约束了所基于的公钥加密(PKE)方案中相关参数的大小。基于此,分别针对被动和主动敌手的攻击,提出了相应的格上可证明安全的两服务器PAKE协议。所提出的2个协议可抵御量子攻击且实现了唯口令设置,也不需要使用签名/验签、全同态加密、秘密共享等昂贵密码原语来保证安全性,被动敌手攻击下的协议还避免了零知识证明的使用。此外,在标准模型下,对所提出的2个协议进行了严格的安全性证明。实验结果表明,所提出的两方SPHF和两服务器PAKE协议的执行效率较高。

关键词: 口令认证密钥交换协议, 两服务器, 平滑投影哈希函数, 可证明安全, 抗量子

Abstract:

Aiming at the problem that the lattice-based single-sever password-authenticated key exchange (PAKE) protocols are not resistant to server compromise attack, while the existing lattice-based multi-server PAKE protocols are inefficient and incompatible with two-server scenarios.The first lattice-based two-party smooth projective hash function (SPHF) was proposed by utilizing the learning with errors (LWE), which was indistinguishability under adaptive chosen-ciphertext attack(IND-CCA2) secure.The parameters of the based public key encryption (PKE) scheme were also identified.On this basis, pertinent two-server PAKE protocols from lattices were designed countering both passive and active attackers.The two quantum resistance protocols were able to achieve password-only settings and the expensive cryptographic primitives were not used, including signature/verification, fully homomorphic encryption and secret sharing.The utilization of zero knowledge proofs were avoided by the protocol under the passive attackers.In the standard model, rigorous security proofs were provided for the two proposed protocols.Experimental results show that the proposed SPHF and PAKE protocols exhibit higher execution efficiency.

Key words: password-authenticated key exchange protocol, two-server, smooth projective hash function, provably secure, quantum resistance

中图分类号: 

No Suggested Reading articles found!