| With the rapid development of 5G,cloud computing,big data,etc.,all fields of production and living activities in human society need to rely on the Internet.Due to the openness and anonymity of the Internet,information disseminated through open channels faces a series of security issues.The encryption scheme is the most direct and effective means to protect the communication security of the open Internet channel.Among them,the Password Authenticated Key Exchange(PAKE)protocol,which is easy to use and does not require additional public key infrastructure or auxiliary equipment,is currently the most widely used Internet security protocol.The PAKE protocol can only use easy-to-remember low-entropy passwords to enable communication parties to achieve mutual authentication on an insecure channel and negotiate a high-entropy key.Currently,most PAKE protocols are built on traditional difficult problems,such as discrete logarithm problems,large integer decomposition problems,elliptic curve discrete logarithm problems,etc.With the development of quantum computers,security risks in the PAKE protocol are constructed based on the above traditional difficult problems.Therefore,research on the PAKE protocol that can resist quantum computer attacks has become a current hot spot.Among the cryptographic schemes that can resist quantum computing attacks,lattice-based cryptographic schemes have the advantages of high asymptotic efficiency and parallel computing.Therefore,lattice-based cryptographic schemes are considered the most potential cryptographic schemes in the post-quantum era.Existing researches on lattice PAKE protocols are relatively few and mainly focuses on two-party PAKE protocol scenarios,which are unsuitable for large-scale communication systems.In addition,the existing grid-based PAKE seldom considers anonymity and cannot protect the identity and privacy of users.Aiming at the above problems,this paper proposes lattices suitable for different scenarios based on Module Learning with Error(MLWE)+error coordination mechanism and Smooth Projective Hash Funciton(SPHF)on ideal lattices.On the safe and efficient PAKE protocol.The paper focuses on the two-party and three-party PAKE protocols based on lattice problems.The main research results are as follows:1.A provably secure two-party PAKE protocol based on MLWE is proposedThe two-party PAKE protocol based on traditional difficult problems cannot resist quantum attacks,and the two-party PAKE has the problem of low execution efficiency.This paper analyzes the difficult underlying problems and finds that MLWE difficult problems have higher implementation efficiency than LWE(Learning with Error,LWE)difficult problems;compared with RLWE(Ring Learning with Error,RLWE),they have flexible Parameter configuration and higher security.Therefore,this paper proposes a provably secure two-party PAKE protocol based on the MLWE problem + Peikert error coordination mechanism.At the same time,a temporary identity ID is used to negotiate a shared session key to ensure identity information.The comparison results show that the protocol in this paper has higher communication efficiency than similar protocols and can resist untestable online dictionary attacks.2.Provably secure tripartite PAKE protocol based on MLWE is proposedFor the two-party PAKE protocol,it can better solve the key exchange in the client-server environment.However,it is not suitable for the communication and authentication key exchange between a large number of users.The use of the 3PAKE agreement can solve this problem.The three-party PAKE protocol in this paper is implemented based on the MLWE problem and the Peikert error reconciliation mechanism and uses implicit authentication to reduce the protocol interaction rounds.Compared with other three-party PAKEs based on LWE problems and RLWE problems,the performance is better under the same security parameters.Finally,based on the MLWE problem,the provable security of the algorithm under the improved BPR model is proved.3.Provably secure anonymous PAKE protocol based on verification elementThe anonymity of the current anonymous password authentication key exchange scheme cannot be unlinkable,and the user’s password or password-related information is stored in plain text on the server,which is vulnerable to server leak attacks.This paper uses enhanced passwordauthenticated key exchange technology and designs verification elements based on MLWE problems so that the server only needs to store the verification elements of passwords instead of storing passwords or password-related information in plain text.Moreover,the key agreement based on the verification element can resist the signal leakage attack.At the same time,based on the pseudonym mechanism,it can provide complete anonymity.Furthermore,the improved BPR model proves the protocol’s security.Performance analysis results show that the proposed protocol has a lower overhead than existing RLWE-based anonymous authentication protocols.4.Provably secure stronger anonymous PAKE protocol based on SPHF on ideal latticeAiming at the problem that the service provider illegally uses the user’s private information and the attacker steals the user’s private information by attacking the service provider,this paper achieves strong anonymity by selecting one from n inadvertently.The overhead can be reduced appropriately because the SPHF on the ideal lattice is used.At the same time,the PAKE protocol proposed in this paper can also resist desynchronization attacks,and the protocol’s security is proved under the random Oracle model. |
PDF Full Text Request