ISSN 1000-1239 CN 11-1777/TP

计算机研究与发展 ›› 2015, Vol. 52 ›› Issue (10): 2258-2269.doi: 10.7544/issn1000-1239.2015.20150518

所属专题: 2015网络安全与隐私保护研究进展

• 信息安全 • 上一篇    下一篇

基于格问题的强安全密钥交换协议

温伟强,王立斌   

  1. (华南师范大学计算机学院 广州 510631) (lbwang@scnu.edu.cn)
  • 出版日期: 2015-10-01
  • 基金资助: 
    基金项目:广东省自然科学基金项目(2015A030313379);广州市科技计划基金项目(156500043)

A Strongly Secure Lattice-Based Key Exchange Protocol

Wen Weiqiang, Wang Libin   

  1. (School of Computer, South China Normal University, Guangzhou 510631)
  • Online: 2015-10-01

摘要: 基于格困难问题的一个强安全认证密钥交换协议的具体构造被提出.1)给出基于格的被动安全密钥交换协议,该协议区别于基于加密的通用构造,具有更高的通信效率;2)借鉴传统数论下HMQV高效协议的设计思路,设计并给出基于格的“挑战-应答”签名具体构造;3)将被动安全密钥交换协议与“挑战-应答”签名进行有机的结合,并在平衡安全性和协议执行效率的基础上,规范协议所有计算的计算设备,最终给出在PACK模型下可证明安全的基于格的认证密钥交换协议.该协议安全性直接基于带误差学习问题和非齐次短整数解问题可证明安全,并且上述2个问题的困难性可以基于格上问题的困难假设,因此协议安全性最终基于格上困难问题假设.该协议还具备许多优秀的属性,例如具体构造、不依赖选择密文安全构件;同时达到隐式认证,具有良好的隐私性.

关键词: 标准格, 认证密钥交换, 可证明安全, “挑战-应答”签名, 带误差学习问题

Abstract: A strongly secure concrete authenticated key exchange protocol is proposed based on lattice problems. Firstly, a passively secure lattice-based key exchange protocol is presented, which is different from previous generic construction based on encryption, and achieves better efficiency; secondly, following the design idea of the efficient HMQV protocol, we design a concrete lattice-based “challenge-response” signature; finally, we propose a PACK secure authenticated key exchange protocol by combining the lattice-based passively secure key exchange protocol and the lattice-based “challenge-response” signature, and specify the computing devices of all computation processes based on better balance between security and efficiency. The proposed protocol is provably secure based on the learning with error problem (LWE) and inhomogeneously short integer solution problem, and the hardness of these two problems can be based on the hardness of lattice problem assumption, thus its security is also based on the lattice problem assumptions. In addition, the proposed protocol has many superior properties, e.g., it is concrete and does not rely on any chosen ciphertext secure primitives, at the same time, it achieves implicit authentication, which provides better privacy.

Key words: standard lattice, authenticated key exchange, provably secure, “challenge-response”signature, learning with error problem (LWE)

中图分类号: