机构地区:[1]Trusted Computing and Information Assurance Laboratory, Institute of Software, Chinese Academy of Sciences, Beijing 100190, China [2]State Key Laboratory of Mathematical Engineering and Advanced Computing, Zhengzhou 450002, China [3]Science and Technology on Information Assurance Laboratory, Beijing 100072, China [4]State Key Laboratory of Cryptology, Beijing 100878, China
出 处:《Science China(Information Sciences)》2017年第5期149-164,共16页中国科学(信息科学)(英文版)
基 金:supported by National Natural Science Foundation of China (Grant Nos. 61502527, 61170278, 61170279, 61379150);National Basic Research Program of China (Grant Nos. 2013CB338003, 2012CB315905);National High Technology Research and Development Program of China (Grant No. 2012AA01A 403);China Postdoctoral Science Foundation (Grant No. 2014M552524);Foundation of Science and Technology on Information Assurance Laboratory (Grant No. KJ-14-004)
摘 要:Anonymous password authenticated key exchange(APAKE) is an important cryptographic primitive, through which a client holding a password can establish a session key with a server both authentically and anonymously. Although the server is guaranteed that the client in communication is from a pre-determined group, but the client's actual identity is protected. Because of their convenience, APAKE protocols have been widely studied and applied to the privacy protection research. However, all existing APAKE protocols are handled in stand-alone models and do not adequately settle the problem of protocol composition, which is a practical issue for protocol implementation. In this paper, we overcome this issue by formulating and realizing an ideal functionality for APAKE within the well-known universal composability(UC) framework, which thus guarantees security under the protocol composition operations. Our formulation captures the essential security requirements of APAKE such as off-line dictionary attack resistance, client anonymity and explicit mutual authentication. Moreover, it addresses the arbitrary probabilistic distribution of passwords. The construction of our protocol, which utilizes SPHF-friendly commitments and CCA2-secure encryption schemes, can be instantiated and proven secure in the standard model, i.e., without random oracle heuristics.Anonymous password authenticated key exchange(APAKE) is an important cryptographic primitive, through which a client holding a password can establish a session key with a server both authentically and anonymously. Although the server is guaranteed that the client in communication is from a pre-determined group, but the client's actual identity is protected. Because of their convenience, APAKE protocols have been widely studied and applied to the privacy protection research. However, all existing APAKE protocols are handled in stand-alone models and do not adequately settle the problem of protocol composition, which is a practical issue for protocol implementation. In this paper, we overcome this issue by formulating and realizing an ideal functionality for APAKE within the well-known universal composability(UC) framework, which thus guarantees security under the protocol composition operations. Our formulation captures the essential security requirements of APAKE such as off-line dictionary attack resistance, client anonymity and explicit mutual authentication. Moreover, it addresses the arbitrary probabilistic distribution of passwords. The construction of our protocol, which utilizes SPHF-friendly commitments and CCA2-secure encryption schemes, can be instantiated and proven secure in the standard model, i.e., without random oracle heuristics.
关 键 词:anonymous password authentication key exchange universal composability provable security standard model
分 类 号:TN918.4[电子电信—通信与信息系统]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
