Research On Authentication Key Exchange Protocol From Lattice

Computer networks and information technology are developing rapidly,today’s society has entered the information age,people have more and more demands for privacy and information protection,and have also put forward higher requirements for information security technology.Cryptography technique is used to ensure information security when people communicate through public channels.Key exchange is an important basic problem in cryptography research,which aims to obtain a shared session key through negotiation between two or more communication parties and realize secure communication over an insecure channel.In this paper,from the four aspects of forward security,communication rounds,identity authentication and efficiency.The fewer communication rounds and full forward security on lattice are researched.While efficient authentication key exchange protocol based on password and biometric authentication are studied.The main research contents are as follows:(1)In order to solve the problem of the number of communication rounds in lattice-based authentication key protocol and the lack of forward security in the process of key negotiation on the communication channel,a lattice-based key exchange protocol is proposed,and it has zero round-trip time and full forward security.The protocol constructed hierarchical identity-based key encapsulation mechanism based on learning with error(LWE)problem.And then,combined with the one-time signature algorithm,a penetrable forward-secret key encapsulation mechanism with the function of penetrating updating keys is constructed.Finally,the penetrable forward secret key encapsulation mechanism is used to design a forward secret one pass key exchange protocol with full forward security and zero round-trip time.The protocol realizes the function of key penetration and key update through the structure of binary tree,simultaneously carries out key negotiation and communication interaction.It has higher communication efficiency,and can resist quantum attack and replay attack.(2)To solve the problem of online dictionary attack and low efficiency in the existing key exchange protocols for password authentication on lattice,a two-factor(password and biometric)authentication key exchange protocol based on key consensus on lattice is proposed.The protocol constructs a stronger identity authentication mechanism,introduces biometric to solve the identity authentication problem,and combines password and biometric to realize dual identity authentication,which can effectively resist online dictionary attack.The proposed protocol designs an asymmetric structure for negotiating session keys by using approximate smooth projection hash function,reduces ciphertext and hash operation,and decreases computation overhead.Meanwhile,it uses key consensus to reduce data transmission overhead.Compared with the existing lattice-based password authentication key exchange,the proposed protocol has the characteristics of hybrid authentication and resisting online dictionary attack.It only needs two rounds of communication,increases the effective length of the session key,and has higher communication efficiency and computation efficiency.(3)Aiming at the problems of identity authentication security and transaction efficiency in electronic commerce trading system,this paper applies the two-factor authentication key exchange protocol based on key consensus on lattice to electronic commerce trading system.The system introduces trusted e-commerce service providers to provide services such as user registration,identity authentication and conflict resolution.The system combines biometric and user password to verify the user’s identity,adopts an asymmetric approximate smooth projection hash function structure to reduce computational overhead,and uses key consensus to reduce data transmission overhead.The two-factor authentication key exchange protocol is constructed based on the learning with error problem,which makes the system have the characteristics of hybrid authentication and can resist quantum attack.The designed system has the characteristics of higher security,lower communication overhead and computation overhead,lower server load and stronger practicability.