信息网络安全 ›› 2024, Vol. 24 ›› Issue (6): 937-947.doi: 10.3969/j.issn.1671-1122.2024.06.011

• 密码专题 • 上一篇    下一篇

基于格的最优轮数口令认证秘密共享协议

胡丞聪1, 胡红钢1,2()   

  1. 1.中国科学技术大学网络空间安全学院,合肥 230027
    2.中国科学院电磁空间信息重点实验室,合肥 230027
  • 收稿日期:2024-03-20 出版日期:2024-06-10 发布日期:2024-07-05
  • 通讯作者: 胡红钢 hghu2005@ustc.edu.cn
  • 作者简介:胡丞聪(1998—),男,广东,硕士研究生,主要研究方向为多方安全计算|胡红钢(1978—),男,四川,教授,博士,主要研究方向为密码、编码、网络安全
  • 基金资助:
    国家自然科学基金(61972370)

Lattice-Based Round-Optimal Password Authenticated Secret Sharing Protocol

HU Chengcong1, HU Honggang1,2()   

  1. 1. School of Cyber Science and Technology, University of Science and Technology of China, Hefei 230027, China
    2. Key Laboratory of Electromagnetic Space Information, Chinese Academy of Science, Hefei 230027, China
  • Received:2024-03-20 Online:2024-06-10 Published:2024-07-05

摘要:

口令认证秘密共享将口令认证和秘密共享相结合,是一个贴合实际用户需求的分布式方案。该协议允许一个用户在多个服务器间共享秘密,并且只需要记忆一个简短口令即可在后续同时完成身份验证以及秘密恢复。协议安全性保证只要敌手控制的服务器不超过阈值,敌手就不能从协议中窃取任何有关口令和秘密的信息。口令认证秘密共享方案最初基于离散对数及其变体的假设,不能抵抗量子攻击,因此找到量子安全的构造成为亟需解决的问题。ROY等人提出一种恶意安全且量子安全的构造,但其通信轮数并非最优,在有恶意敌手干扰的情况下,轮数甚至不再是常数。针对轮数优化问题,文章利用可验证不经意伪随机函数原语,给出了基于格的最优轮数的量子安全构造并严格证明了其安全性。此外,协议保证多数诚实服务器场景时,诚实用户一定能在最优轮数内成功恢复正确的秘密,具有很强的鲁棒性。

关键词: 口令认证, 秘密共享, 后量子密码, 可验证不经意伪随机函数

Abstract:

The combination of password authentication and secret sharing in Password-Protected Secret Sharing (PPSS) schemes presents a distributed solution that aligns with practical user needs. This protocol allows a user to share secrets among multiple servers, only requiring the memorization of a short password for subsequent simultaneous authentication and secret reconstruction. The security ensures that as long as the adversary does not corrupt servers beyond a threshold, it cannot reveal any information related to password or the secrets from the protocol.The PPSS schemes were initially based on discrete-log-hardness assumptions and their variants, making them vulnerable to quantum attacks. Finding a quantum-secure construction has thus become an urgent problem to address. Roy et al. introduced a quantum-secure construction against malicious adversaries, but its communication rounds are not optimal and even not be constant in the presence of malicious adversaries. Addressing the issue of optimizing protocol rounds, this paper firstly introduced a lattice-based quantum-secure construction with optimal rounds, using a Verifiable Oblivious Pseudorandom Function (V-OPRF) primitive and then rigorously proved security of the protocol. Furthermore, the protocol ensured that in scenarios with a majority of honest servers, an honest user will always successfully reconstruct the correct secret within the optimal number of rounds, demonstrating strong robustness.

Key words: password authentication, secret sharing, post-quantum cryptography, verifiable oblivious pseudorandom function

中图分类号: