高级检索

    基于格问题的强安全密钥交换协议

    A Strongly Secure Lattice-Based Key Exchange Protocol

    • 摘要: 基于格困难问题的一个强安全认证密钥交换协议的具体构造被提出.1)给出基于格的被动安全密钥交换协议,该协议区别于基于加密的通用构造,具有更高的通信效率;2)借鉴传统数论下HMQV高效协议的设计思路,设计并给出基于格的“挑战-应答”签名具体构造;3)将被动安全密钥交换协议与“挑战-应答”签名进行有机的结合,并在平衡安全性和协议执行效率的基础上,规范协议所有计算的计算设备,最终给出在PACK模型下可证明安全的基于格的认证密钥交换协议.该协议安全性直接基于带误差学习问题和非齐次短整数解问题可证明安全,并且上述2个问题的困难性可以基于格上问题的困难假设,因此协议安全性最终基于格上困难问题假设.该协议还具备许多优秀的属性,例如具体构造、不依赖选择密文安全构件;同时达到隐式认证,具有良好的隐私性.

       

      Abstract: A strongly secure concrete authenticated key exchange protocol is proposed based on lattice problems. Firstly, a passively secure lattice-based key exchange protocol is presented, which is different from previous generic construction based on encryption, and achieves better efficiency; secondly, following the design idea of the efficient HMQV protocol, we design a concrete lattice-based “challenge-response” signature; finally, we propose a PACK secure authenticated key exchange protocol by combining the lattice-based passively secure key exchange protocol and the lattice-based “challenge-response” signature, and specify the computing devices of all computation processes based on better balance between security and efficiency. The proposed protocol is provably secure based on the learning with error problem (LWE) and inhomogeneously short integer solution problem, and the hardness of these two problems can be based on the hardness of lattice problem assumption, thus its security is also based on the lattice problem assumptions. In addition, the proposed protocol has many superior properties, e.g., it is concrete and does not rely on any chosen ciphertext secure primitives, at the same time, it achieves implicit authentication, which provides better privacy.

       

    /

    返回文章
    返回