ISSN 1000-1239 CN 11-1777/TP

计算机研究与发展 ›› 2019, Vol. 56 ›› Issue (12): 2694-2701.doi: 10.7544/issn1000-1239.2019.20180874

• 信息安全 • 上一篇    下一篇

基于RLWE的后量子认证密钥交换协议

李子臣1,2,谢婷2,张卷美3,徐荣华3   

  1. 1(北京印刷学院 北京 102600);2(西安电子科技大学通信工程学院 西安 710071);3(北京电子科技学院 北京 100018) (lizc2020@163.com)
  • 出版日期: 2019-12-01
  • 基金资助: 
    国家自然科学基金项目(61370188);“十三五”国家密码发展基金项目(MMJJ20170110)

Post Quantum Authenticated Key Exchange Protocol Based on Ring Learning with Errors Problem

Li Zichen1,2, Xie Ting2, Zhang Juanmei3, Xu Ronghua3   

  1. 1(Beijing Institute of Graphic Communication, Beijing 102600);2(Communication Engineering Institute, Xidian University, Xi’an 710071);3(Beijing Electronic Science & Technology Institute, Beijing 100018)
  • Online: 2019-12-01

摘要: 量子计算机的迅速发展使得基于经典数论困难问题建立的现代公钥密码体制安全性面临严峻的威胁,设立和部署可抵御量子计算机攻击的后量子公钥密码系统势在必行.基于环上误差学习问题并使用加密的构造方式,设计了一种后量子认证密钥交换(authenticated key exchange,AKE)协议.首先利用密文压缩技术,提出了一个IND-CPA安全的公钥加密方案.之后在此方案的基础上,使用Fujisaki-Okamoto变换技术,得到了一种IND-CCA安全的密钥封装机制.通过隐式认证方式,构造了一个后量子AKE协议.此协议在标准eCK模型下可证明安全并可以达到弱的完美前向安全.采用LWE测试器进行了安全性测试,该协议安全度为313 b.与其他基于格上困难问题设计的AKE协议相比,安全度较高且通信量较低,是一种更加简洁高效的后量子AKE协议.

关键词: 格, 后量子, 认证密钥交换协议, 环上误差学习问题, eCK模型

Abstract: The rapid development of quantum computer technology poses serious threat to the security of the traditional public-key cryptosystem, and it is imperative to focus on designing and deploying post-quantum cryptosystems that can withstand quantum attacks. A post quantum authenticated key exchange (AKE) protocol based on ring learning with errors (RLWE) problem is proposed by using encryption construction method. First, introduce an IND-CPA secure public-key encryption scheme, which uses ciphertext compression technology. By applying a variant of the Fujisaki-Okamoto transform to create an IND-CCA secure key encapsulation mechanism. An authenticated key exchange protocol is proposed through implicit authentication, which is a provable security protocol under standard eCK model and can achieve weak perfect forward security. The protocol selects a centered binomial distribution as error distribution that has higher sampling efficiency, also sets reasonable parameters to ensure that both of parties to the communication obtain the same session key. The security of the protocol is 313 b tested by LWE tester. The protocol avoids the error-reconciliation mechanism originally proposed by Ding. Compared with the existing AKE protocol schemes based on difficult problems of lattice, the corresponding of communication is also significantly reduced. The protocol has smaller public key, private key and ciphertext size, and also it enjoys even stronger provable security guarantees. It is a more concise and efficient post-quantum AKE protocol.

Key words: lattice, post quantum, authenticated key exchange (AKE) protocol, ring learning with errors (RLWE), eCK model

中图分类号: