ISSN 1000-1239 CN 11-1777/TP

计算机研究与发展 ›› 2016, Vol. 53 ›› Issue (11): 2482-2490.doi: 10.7544/issn1000-1239.2016.20150547

• 信息安全 • 上一篇    下一篇



  1. (解放军信息工程大学 郑州 450001) (
  • 出版日期: 2016-11-01
  • 基金资助: 
    国家自然科学基金项目(61272488,61272041,61202491,61601515) This work was supported by the National Natural Science Foundation of China (61272488, 61272041, 61202491, 61601515).

An Identity-Based Authenticated Key Exchange Protocol from RLWE

Zhao Xiufeng, Gao Haiying, Wang Ailan   

  1. (PLA Information Engineering University, Zhengzhou 450001)
  • Online: 2016-11-01

摘要: 提出了一个基于分圆环上错误学习(learning with errors, LWE)问题的身份基认证密钥交换协议,其基本思想是利用环上错误学习(ring learning with errors, RLWE)采样生成系统主私钥,进一步生成用户私钥,通过交换Diffie-Hellman临时公钥,计算用于派生会话密钥的密钥材料. 该协议与传统密钥交换协议的区别在于,协议中引入了错误项,以理想格的解码基为工具,详细分析协议的容错性,给出了合理的参数设置建议,从而保证协议以显著概率计算出相同的会话密钥. 协议在ID-BJM模型下具有可证明AKE安全性和PKG安全性,并且在双方临时私钥泄露、双方长期私钥泄露以及A的长期私钥和B的临时私钥泄露这3种情况下也可以保证协议的AKE安全.

关键词: 分圆环, 环LWE, 可证明安全, 基于身份的密码, 密钥交换协议

Abstract: Key exchange protocol allows two or more users to compute share session key via exchange information in the open communication channel, and uses the session key to finish cryptography tasks, such as secure communication and authentication. Recently, it becomes a hotspot research question that how to design authenticated key exchange protocol with lattice-based one-way function. Several lattice-based two-party authenticated key exchange protocols have been proposed. However, how to extend them to the identity-based cryptography background still remains open question. In this paper, an identity-based authenticated key exchange protocol from the learning with errors (LWE) problem over cyclotomic ring is proposed. The protocol generates master key by ring LWE (RLWE) sample algorithm, and further extracts the users’ secret key, and computes key materials which derive the share session key via exchanging Diffie-Hellman ephemeral key. The protocol introduces error item, uses encoding bases of ideal lattice as the tool for analyzing error tolerance, and makes reasonable suggests for parameters setting. The protocol achieves provable AKE secure and PKG forward secure in the ID-BJM model. Furthermore, the session key is also secure even if both long private keys are leaked or both ephemeral private key are leaked or A’s ephemeral key and B’s long private key are leaked.

Key words: cyclotomic ring, ring learning with errors (RLWE), provable secure, identity-based cryptography, key-exchange protocol