Abstract:
As the post-quantum era approaches, a new security requirement in network communica-tions is forward security against quantum computing attacks. However, the post-quantum public key infrastructure has not been established, and it is imperative to construct a hybrid cryptosystem that consists of traditional public key cryptosystems and post-quantum key exchange protocols. Aimed at this need, a generic and combinable authentication key exchange scheme, named GC-AKE, is proposed. The GC-AKE protocol is a combination of two ciphersuites, which are signcryption scheme and Diffie-Hellman key exchange-like (DHKE-like) protocol, respectively. In GC-AKE, mutual authentication can be realized by using the signcryption scheme to signcrypt the temporary public key in DHKE-like, and session key establishment relies on the DHKE-like protocol. The signcryptions with strong unforgeability ensure that the GC-AKE scheme achieves perfect forward security. An instance of the GC-AKE is proposed. It combines a post-quantum DHKE-like protocol with an identity-based signcryption scheme that is put forward in this paper based on elliptic curve cryptography. The identity-based signcryption scheme is proved to achieve indistinguishability against chosen ciphertext attacks (IND-CCA) and strong existentially unforgeable under adaptive chosen messages attacks (SEUF-CMA). Furthermore, a security model, wAKE-PFS, which can simulate perfect forward security, is defined. Under the wAKE-PFS model, the security of the GC-AKE scheme is reduced to solving DDH-like (decision Diffie-Hellman-like) problems, as well as cracking the security of identity-based signcryption scheme. The analysis shows that the GC-AKE scheme instance achieves perfect forward security, and its computation and communication overheads are relatively low. Meanwhile, the DHKE-like protocol from the ring learning with errors problem (Ring-LWE) provides forward secrecy against future quantum attackers.