信息网络安全 ›› 2020, Vol. 20 ›› Issue (10): 92-99.doi: 10.3969/j.issn.1671-1122.2020.10.012

• 理论研究 • 上一篇    下一篇

基于LWE的抗量子认证密钥交换协议

李鱼, 韩益亮(), 李喆, 朱率率   

  1. 武警工程大学密码工程学院,西安 710086
  • 收稿日期:2020-04-15 出版日期:2020-10-10 发布日期:2020-11-25
  • 通讯作者: 韩益亮 E-mail:hanyil@163.com
  • 作者简介:李鱼(1995—),男,重庆,硕士研究生,主要研究方向为抗量子密码|韩益亮(1977—),男,甘肃,教授,博士,主要研究方向为信息安全、抗量子密码|李喆(1994—),男,安徽,硕士研究生,主要研究方向为抗量子密码|朱率率(1985—),男,山东,博士研究生,主要研究方向为抗量子密码
  • 基金资助:
    国家自然科学基金(61572521)

A Post Quantum Authenticated Key Exchange Protocol Based on LWE

LI Yu, HAN Yiliang(), LI Zhe, ZHU Shuaishuai   

  1. School of Cryptographic Engineering, Engineering University of PAP, Xi’an 710086, China
  • Received:2020-04-15 Online:2020-10-10 Published:2020-11-25
  • Contact: HAN Yiliang E-mail:hanyil@163.com

摘要:

目前格上的密钥交换协议大都基于环上容错学习问题,需要充分利用环结构的效率和存储优势,但在实际应用中其安全性有待进一步研究,且实现认证需要额外的签名等复杂结构。文章基于LWE问题构造一种抗量子认证密钥交换协议,采用预计算提高协议的线上效率,验证协议双方均可正确计算得到一致会话密钥,设计系列安全性游戏并对协议的安全性加以证明。在两轮消息的交互中引入长期公私钥,在会话密钥计算中引入Hash函数实现协议的认证,在不使用额外的签名操作情况下可抵抗中间人攻击。由于目前没有可区分LWE分布和均匀随机分布的量子算法,文章所提出的协议可抵抗量子计算攻击。

关键词: 格密码, 认证密钥交换, 容错学习问题, 抗量子密码

Abstract:

Recently, the majority of key exchange protocols are based on ring-learning with errors. While the additional ring structure facilitates efficiency and storage, its actual security also needs to be further research. These protocols require a complex structure such as additional signatures to achieve authentication. In this paper, a post-quantum authenticated key exchange protocol based on LWE was proposed. The pre-computation is adopted to improve the efficiency of the protocol. It is verified that both parties of the protocol can correctly calculate the consistent session key. A series of security games are designed to prove the protocol proposed in this paper. The authentication is achieved by introducing the static public and secret keys in the extraction of shared bits and introducing a hash function in the calculation of the session key. The protocol can resist man-in-the-middle attacks and need no additional operations such as encryption or signature. There is currently no quantum algorithm that can distinguish between LWE distribution and uniform random distribution, so the proposed protocol can resist quantum computing attacks.

Key words: lattice-based cryptography, authenticated key exchange, learning with errors, post quantum cryptography

中图分类号: