基于RLWE支持身份隐私保护的双向认证密钥协商协议  被引量：8

作　　者：杨亚涛[1,2] 韩新光 黄洁润 赵阳 YANG Yatao;HAN Xinguang;HUANG Jierun;ZHAO Yang(School of Telecommunication Engineering,Xidian University,Xi’an 710071,China;Department of Electronic and Communication Engineering,Beijing Electronic Science and Technology Institute,Beijing 100070,China)

机构地区：[1]西安电子科技大学通信工程学院,陕西西安710071 [2]北京电子科技学院电子与通信工程系,北京100070

出　　处：《通信学报》2019年第11期180-186,共7页Journal on Communications

基　　金：“十三五”国家密码发展基金资助项目(No.MMJJ20170110)~~

摘　　要：为了解决执行认证密钥交换协议时通信双方身份隐私保护问题,提出了一种基于C类承诺机制的抗量子攻击的双向认证密钥协商协议。该协议通过C类承诺函数隐藏通信双方的真实身份信息,并基于RLWE困难问题,在保障身份匿名的前提下,通过2轮的消息交互不仅完成了双向身份认证,而且保证了传输消息的完整性,并协商出共享会话密钥。经过分析,在协议执行效率上,完成匿名的双向认证与密钥协商只需2轮的消息传输,与Ding等的协议对比,公钥长度缩短近50%;在安全性上,所提协议能够抵抗伪造、重放、密钥复制和中间人攻击。所提协议在eCK模型下满足可证明安全性,同时所提协议基于格上的RLWE困难问题,可抵抗量子计算攻击。In order to solve the problem of identity privacy preservation between two participants involved when implementing authenticated key agreement protocol, a bidirectional authenticated key agreement protocol against quantum attack based on C commitment scheme was proposed. Through the design of C commitment function, the real identity information of two participants involved was hidden. Based on RLWE difficult problem, under the premise to ensure identity anonymity, this protocol not only completed two-way identity authentication, but also ensured the integrity of the transmitted message, furthermore, the shared session key was negotiated. After been analyzed, in terms of protocol’s execution efficiency, only two rounds of message transmission were needed to complete anonymous two-way authentication and key agreement in the proposed scheme. Compared with Ding’s protocol, the length of public key was reduced by nearly 50%. With regard to security, the protocol could resist forgery, replay, key-copy, and man-in-the-middle attacks. It is proved that the proposed protocol satisfies the provable security under the eCK model. At the same time, the protocol is based on the RLWE problem of lattices, and can resist quantum computing attacks.

关 键 词：隐私保护 承诺机制 格 双向认证 环上误差学习问题 

分 类 号：TN918.4[电子电信—通信与信息系统]