Research On Password Authenticated Key Exchange Protocol Based On Lattice

With the rapid development of Internet technology,users are risk of data tampering and leakage while enjoying various conveniences.In order to protect data security and personal privacy,a secure and reliable authentication mechanism needs to be designed to implement access control.As the important part of network information security,Password authenticated key exchange(PAKE)allows both parties to communicate to authenticate each other with only a low-entropy password.Meanwhile a shared secret session key is generated and the key can be used to encrypt,sign,authenticate,and verify integrity of information.It is currently the most widely used authentication mechanism on open networks.This thesis studies the more efficient and secure key exchange protocols based on passwords and biometrics from two aspects of authentication and anti-quantum attack.The main research contents are as follows:(1)Aiming to solve the high computational complexity problem and the lack of forward security of the generated keys,the two-party PAKE protocol on lattices is proposed.The protocol constructs a public key cryptosystem with Approximate Smooth Projective Hash(ASPH)function properties and a security of Chosen Plaintext Attack(CPA)to achieve the encryption of Plaintext information on the client side.The server receives the Ciphertext and encrypts the plaintext message with a tagged Chosen Ciphertext Attack(CCA)secure public key cryptosystem.The whole execution process of the protocol is based on the smooth projection function and the random parameters are generated by the error correction of the pseudo-random function.Utilizing the random parameters,the calculated pseudo-random function value is used as the session key.The scheme achieves mutual authentication by obtaining the value of pseudo-random function,which has the characteristic of low computational complexity and proves its security.(2)Because the RLWE-based authentication key exchange protocol has security flaws such as easy password loss and difficult mutual authentication,a new RLWE-based biometric authentication key exchange protocol is proposed which.This protocol based on the Ring Learning With Error(RLWE)problem has the advantages of shorter key size and cipher text and high operating efficiency.It uses biometrics and passwords as long-term keys and adopts Peikert-type error coordination Random and uniform session keys are coordinated from the respective ring elements,realizing the explicit authentication and confidentiality requirements of the client by the server.Compared with existing authentication key exchange protocols,this scheme can resist user impersonation attacks,has higher security attributes,reduce protocol communication volume,and improve communication efficiency.(3)Based on the security and practicality requirements of the e-commerce transaction system,a digital transaction system based on the AKE protocol is designed.In this system,a trusted third-party institution was introduced.In addition to the integrity and controllability of the transaction system,the identity authentication of both parties is also added to meet the transaction atomicity of the scheme.At the same time,the proposed scheme can be applied to different digital transaction scenarios under the premise of improved security,making the scheme more flexible.Meanwhile the proposed scheme can be applied to different digital transaction scenarios on the premise of improved security,which makes the scheme more flexible,short transaction time,less encryption and low server load.