基于格的身份基认证密钥交换协议  被引量：1

作　　者：赵之祥 廉欢欢 沈剑 ZHAO Zhi-Xiang;LIAN Huan-Huan;SHEN Jian(Department of Mathematics and Applied Mathematics,Reading Academy,Nanjing University of Information Science and Technology,Nanjing 210044,China;School of Computer Science,Fudan University,Shanghai 200433,China;School of Information Science and Engineering,Zhejiang Sci-Tech University,Hangzhou 310020,China)

机构地区：[1]南京信息工程大学雷丁学院数学与应用数学系,南京210044 [2]复旦大学计算机科学技术学院,上海200433 [3]浙江理工大学信息科学与工程学院,杭州310020

出　　处：《密码学报（中英文）》2024年第2期441-454,共14页Journal of Cryptologic Research

基　　金：国家重点研发计划(2022YFB2701600);国家自然科学基金(61536205);上海市创新行动计划基金(16DZ1100200);上海市科委技术标准基金(21DZ2200500);山东省重点研发计划基金(2018CXGC0701)。

摘　　要：基于格理论密码体制已逐渐成为后量子领域的研究热点.身份基认证密钥交换协议在通信领域中应用广泛,具有很强的实用性.然而大多数格上构造的此类协议计算复杂度较大,并且没有实现完美前向安全性.本文基于环上带误差学习问题构造了一个格上基于身份的认证密钥交换协议.协议采用Peikert式误差协调机制实现密钥比特的均匀性,并且在系统初始化阶段不需要额外运算生成主公钥;此外,协议提供了双向认证、完美前向安全以及临时密钥泄露安全性.形式化的安全性分析和性能评估表明所提协议是安全且高效的.Lattice-based cryptosystem has become a research hotspot in the areas of post-quantum cryptography.Identity-based authenticated key exchange protocol is widely used in the field of secure communication and has strong practicability.However,most of these protocols constructed on lattices have high computationally complexity and do not achieve perfect forward security.In this paper,an identity-based authenticated key exchange protocol over lattice is constructed based on the problem ofring learning with errors. The Peikert’s error reconciliation mechanism is used in the protocol to achievethe uniformity of key bits. In addition, the protocol does not need extra operation to generate masterpublic key in the system initialization stage. Furthermore, the protocol provides mutual authentication,perfect forward security, as well as ephemeral-secret key leakage security. The proposed protocol isproved to be secure and efficient by formal security analysis and performance evaluation.

关 键 词：格 身份基认证 密钥交换 环上带误差学习问题 完美前向安全 

分 类 号：TP309.7[自动化与计算机技术—计算机系统结构]