格上基于密文标准语言的可证明安全两轮口令认证密钥交换协议  被引量：4

作　　者：尹安琪 曲彤洲 郭渊博[1] 汪定 陈琳[1] 李勇飞 YIN An-qi;QU Tong-zhou;GUO Yuan-bo;WANG Ding;CHEN Lin;LI Yong-fei(College of Electronic Technology,Information Engineering University,Zhengzhou,Henan 450001,China;College of Cyber Science,Nankai University,Tianjin 300350,China)

机构地区：[1]信息工程大学电子技术学院,河南郑州450001 [2]南开大学网络空间安全学院,天津300350

出　　处：《电子学报》2022年第5期1140-1149,共10页Acta Electronica Sinica

基　　金：国家自然科学基金(No.61501515,No.61601515);信息保障技术重点实验室开放基金(No.KJ-15-108)。

摘　　要：降低口令认证密钥交换(Password-based Authenticated Key Exchange,PAKE)协议的通信轮次和安全性假设是格上PAKE协议的重要优化方向.平滑投射哈希函数(Smooth Projective Hash Function,SPHF)是构造PAKE协议的重要数学工具,但现有的基于格的SPHF多不能在超多项式模数下应用.为此,本文提出了两种格上基于密文标准语言的SPHFs,在不增加通信开销和存储开销的前提下解决了上述问题.基于上述SPHFs,本文提出了一种基于格的可证明安全的两轮PAKE协议,该协议可以抵抗量子攻击,在不需要零知识证明和随机预言机的前提下,降低了协议通信轮次和安全性假设;本文还基于更加准确的标准安全模型对所提出的协议进行了严格的安全性证明.实验证明,本文提出的协议具有更优的通信轮次复杂度、计算开销、安全性假设和实际安全性.Reducing the communication round complexity and security assumptions are important directions of password-based authenticated key exchange(PAKE)protocol over lattices.Smooth projective Hash function(SPHF)is an important mathematical tool for constructing PAKE.But most of the existing lattice-based SPHFs cannot be applied under hyperpolynomial modulus.This paper proposes two SPHFs based on the standard language of ciphertext over lattices,which solves the above problem without increasing communication and storage overhead.Based on the proposed SPHFs,this paper proposes a provably secure two-round PAKE protocol over lattices,which can resist quantum attacks and reduce the communication round complexity and the security assumptions without random oracle and zero-knowledge proof.And this paper also provides a strict security proof for the proposed protocol based on a more accurate security model.Experiment results show that the protocol proposed has better communication round complexity,computational overhead,security assumptions and actual security.

关 键 词：口令 密钥交换 平滑投射哈希函数 可证明安全 格 抗量子 

分 类 号：TN918.1[电子电信—通信与信息系统]