一种RLWE密钥交换协议的公钥复用分析与改进

doi:10.3969/j.issn.1671-1122.2020.11.011

信息网络安全 ›› 2020, Vol. 20 ›› Issue (11): 87-94.doi: 10.3969/j.issn.1671-1122.2020.11.011

一种RLWE密钥交换协议的公钥复用分析与改进

段晓巍¹^,², 韩益亮¹^,²(), 王超¹^,², 李喆¹^,²

1.武警工程大学密码工程学院,西安 710086
2.武警部队密码与信息安全保密重点实验室,西安 710086

收稿日期:2020-09-14 出版日期:2020-11-10 发布日期:2020-12-31
通讯作者: 韩益亮 E-mail:hanyil@163.com
作者简介:段晓巍（1997—）,男,山东,硕士研究生,主要研究方向为信息安全、抗量子密码|韩益亮（1977—）,男,甘肃,教授,博士,主要研究方向为信息安全、抗量子密码|王超（1997—）,男,山东,硕士研究生,主要研究方向为信息安全、抗量子密码|李喆（1994—）,男,安徽,硕士研究生,主要研究方向为抗量子密码
基金资助:
国家自然科学基金(61572521);武警工程大学科研创新团队科学基金(KYTD201805)

Analysis and Improvement of Public Key Reuse for A RLWE Key Exchange Protocol

DUAN Xiaowei¹^,², HAN Yiliang¹^,²(), WANG Chao¹^,², LI Zhe¹^,²

1. College of Cryptographic Engineering, Engineering University of PAP, Xi’an 710086, China
2. Key Laboratory of PAP for Cryptology and Information Security, Xi’an 710086, China

Received:2020-09-14 Online:2020-11-10 Published:2020-12-31
Contact: HAN Yiliang E-mail:hanyil@163.com

摘要/Abstract

摘要：

针对安全传输层协议下的0-RTT模式中公钥长期使用且不变的特点,攻击者重复利用公钥对基于错误协调的密钥交换协议进行询问,获得其有效信息并计算破解私钥。文章结合BCNS15协议中模数为偶数这一特点以及不同的错误协调函数,提出一种可以破解私钥信息的攻击方案。方案通过分析协议中信号泄露的信息推断私钥,完成攻击。文章针对协议给定的不同条件,给出了相对应的攻击方案,并减少其查询次数,经实例测试,通过此种攻击方案可以成功恢复出密钥交换协议中的私钥。

关键词: 密钥交换, 错误学习, 信息泄露, 主动攻击, 密钥重用

Abstract:

Aiming at the long-term and unchanged characteristics of the public key in the 0-RTT mode under the secure transport layer protocol, the attacker can repeatedly use the public key to query a key exchange protocol based on error coordination, obtain the effective information and calculate the crack private key. Combining the feature that the modulus is even in the BCNS15 protocol and different error coordination functions, this article proposes an attack scheme that can crack the private key information. The solution infers the private key by analyzing the information leaked in the protocol and completes the attack. According to the different conditions given in the protocol, the article gives corresponding attack schemes, and reduces the number of queries. After an example test, this attack scheme can successfully recover private keys of the key exchange protocol.

Key words: key exchange, learning with errors, information leakage, active attack, key reuse

中图分类号:

TP309

段晓巍, 韩益亮, 王超, 李喆. 一种RLWE密钥交换协议的公钥复用分析与改进[J]. 信息网络安全, 2020, 20(11): 87-94.

DUAN Xiaowei, HAN Yiliang, WANG Chao, LI Zhe. Analysis and Improvement of Public Key Reuse for A RLWE Key Exchange Protocol[J]. Netinfo Security, 2020, 20(11): 87-94.

图/表 2

参考文献 17

[1]	DIFFIE W. New Direction in Cryptography[J]. IEEE Transactions on Information Theory, 1976,22(6):644-654. doi: 10.1109/TIT.1976.1055638 URL
[2]	SHOR P W. Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer[J]. Siam Review, 1999,41(2):303-332. doi: 10.1137/S0036144598347011 URL
[3]	DEVORET M H, SCHOELKOPF R J. Superconducting Circuits for Quantum Information: An Outlook[J]. Science, 2013,339(6124):1169-1174. URL pmid: 23471399
[4]	MOSCA M. Cybersecurity in an Era with Quantum Computers: Will We Be Ready?[J]. IEEE Security & Privacy, 2018,16(5):38-41.
[5]	BERNSTEIN D J. Introduction to Post-quantum Cryptography[J]. Post-Quantum Cryptography. 2009,1(1):1-14.
[6]	AJTAI M. Generating Hard Instances of Lattice Problems[C]//ACM. Proceedings of the 28th Annual ACM Symposium on Theory of Computing, May 22-24, Philadelphia, Pennsylvania. New York: ACM, 1996: 99-108.
[7]	REGEV O. On Lattices, Learning with Errors, Random Linear Codes, and Cryptography[J]. Journal of the ACM, 2009,56(6):1-40.
[8]	LYUBASHEVSKY V, PEIKERT C, REGEV O. On Ideal Lattices and Learning with Errors over Rings[J]. Lecture Notes in Computer Scinence, 2010,6110(1):1-23.
[9]	PEIKERT C. Public-key Cryptosystems from the Worst-case Shortest Vector Problem[C]//ACM. Proceedings of the Forty-first Annual ACM Symposium on Theory of Computing, May 31-June 2, 2008, Bethesda, Maryland, New York: ACM, 2009: 333-342.
[10]	DING Jintai, XIE Xiang, LIN Xiaodong. A Simple Provably Secure Key Exchange Scheme Based on the Learning with Errors Problem[EB/OL]. http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.303.3765&rank=1, 2020-7-22.
[11]	PEIKERT C. Lattice Cryptography for the Internet[C]// Springer. International Workshop on Post-quantum Cryptography. October 1-3, 2014. Waterloo, ON, Canada. Berlin: Springer, 2014: 197-219.
[12]	BOS J W, COSTELLO C, NAEHRIG M, et al. Post-quantum Key Exchange for the TLS Protocol from the Ring Learning with Errors Problem[C]//IEEE. 2015 IEEE Symposium on Security and Privacy. May 21, 2015, San Jose, California. New Jersey: IEEE, 2015: 553-570.
[13]	ALKIM E, DUCAS L, POPPELMANN T, et al. Post-quantum Key Exchange-A New Hope[C]//USENIX. USENIX Security Symposium, August 10-12, 2016, Austin, TX, Berkeley: USENIX, 2016: 327-343.
[14]	FLUHRER S. Cryptanalysis of Ring-LWEBased Key Exchange with Share Reuse[J] Cryptology Eprint Archive, 2016,16(85):1-6.
[15]	DING Jintai, ALSAYIGH S, SARASWATHY R V, et al. Leakage of Signal Function with Reused Keys in RLWE Key Exchange[C]//IEEE. IEEE International Conference on Communications. May 21-25, Paris, France. New Jersey: IEEE, 2017: 1-6.
[16]	DING Jintai, FLUHRER S, RV S. Complete Attack on RLWE Key Exchange with Reused Keys, Without Signal Leakage[C]//Springer. Australasian Conference on Information Security and Privacy. July 11-13, 2018, Wollongong, Australia. New York: Springer, 2018: 467-486.
[17]	ZHANG Jiang, ZHANG Zhenfeng, DING Jintai, et al. Authenticated Key Exchange from Ideal Lattices[C]// Springer: Annual International Conference on the Theory and Applications of Cryptographic Techniques. April 26-30, 2015, Berlin, Heidelberg. New York: Springer, 2015: 719-751.

一种RLWE密钥交换协议的公钥复用分析与改进

Analysis and Improvement of Public Key Reuse for A RLWE Key Exchange Protocol

RichHTML

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

图/表 2

参考文献 17

相关文章 12

编辑推荐

Metrics

本文评价

[1]	李鱼, 韩益亮, 李喆, 朱率率. 基于LWE的抗量子认证密钥交换协议[J]. 信息网络安全, 2020, 20(10): 92-99.
[2]	李喆, 韩益亮, 李鱼. 基于Polar码的密钥交换方案[J]. 信息网络安全, 2019, 19(10): 84-90.
[3]	程庆丰, 阮展靖, 张瑞杰. 对三个无双线性对的密钥协商协议分析[J]. 信息网络安全, 2019, 19(1): 16-26.
[4]	成娟娟, 郑昉昱, 林璟锵, 董建阔. Curve25519椭圆曲线算法GPU高速实现[J]. 信息网络安全, 2017, 17(9): 122-127.
[5]	游伟青, 陈小明, 齐健. 一类抗量子计算的公钥密码算法研究[J]. 信息网络安全, 2017, 17(4): 53-60.
[6]	陆思奇, 范书珲, 韩旭, 程庆丰. 一种基于CAFL模型的抗弹性泄露密钥交换协议研究[J]. 信息网络安全, 2016, 16(4): 31-37.
[7]	李晴, 叶阿勇, 许力. 公众环境下无线接入的安全问题研究[J]. 信息网络安全, 2016, 16(4): 69-75.
[8]	郝文江;武捷;李思其. 互联网用户信息泄露事件探究[J]. , 2012, 12(8): 0-0.
[9]	项顺伯. 一种有效的基于身份的两方密钥交换协议[J]. , 2012, 12(2): 0-0.
[10]	范永清. IPSec VPN数据安全传输[J]. , 2009, 9(4): 0-0.
[11]	刘晓娟;杜彦辉. RSA公钥体制在PGP中的应用[J]. , 2009, 9(4): 0-0.
[12]	郎为民;孙月光;孙少兰;刘军. PKMvl协议研究[J]. , 2008, 8(10): 0-0.