一种基于身份可认证两方密钥协商方案  被引量：2

作　　者：曹阳[1] 邓方安[1] 陈涛[1] 潘平[1] 

机构地区：[1]陕西理工大学数学与计算机科学学院,陕西汉中723000

出　　处：《成都理工大学学报（自然科学版）》2016年第6期757-761,共5页Journal of Chengdu University of Technology: Science & Technology Edition

基　　金：国家自然科学基金项目(21373132);陕西省教育厅资助项目(16JK1149)

摘　　要：为了降低计算开销,提高安全性,通过Diffie-Hellman协议建立密钥共享,结合用户身份信息,以VBNN_IBS签名思想作为基础,提出了一种可认证的两方密钥协商方案。密钥生成中心KGC结合用户身份信息仅为用户生成部分私钥和公钥,其完整的私钥和公钥由用户结合自己的长期私钥生成,安全性基于椭圆曲线离散对数问题。方案中无双线性对运算,只需椭圆曲线上4次点乘运算、1次模运算、3次哈希运算,通信双方只需2次通信就可实现双方认证和密钥协商,提高了密钥产生的效率。分析表明,该方案具有完美前向保密性、抗密钥泄露伪装攻击、已知会话密钥通信安全、非密钥控制、抗重放攻击等安全属性。性能及安全性比较表明,该方案在安全性和性能方面具有较大的优势,适用于资源受限的无线网络通信环境中。Based on the establishment of shared key through the Diffie-Hellman agreement in terms of the user's identity information and combined with VBNN-IBS signature thought as a foundation,a two-party key agreement scheme is proposed so as to reduce the computation cost and improve the security.In the scheme,the key generation centre(KGC)uses users'identity information to generate part of the private and public keys for the two parties in communication.The complete private key and public key are composed of users'private key for a long time,and the security is based on elliptic curve discrete logarithm problem.The no-bilinear paring operation is realized only by four times point multiplication operation,one modular operation,and three times hash operations.Meanwhile,the two parties in communication can realize the authentication and key agreement only by communication twice,which improves the efficiency of the key generation.It shows that the scheme possess a lot of safety properties,such as perfect forward secrecy,resisting key leak feinting,known session key communications security,non-key control,and anti-replay attacks capacity,etc.The comparison of performance with security reveals that the scheme has great advantages in terms of safety and efficiency.Therefore,it is suitable for the resource-constrained wireless network communication environment.

关 键 词：签名方案 椭圆曲线 身份认证 密钥协商 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]