摘要
本文研究了基于乘法群 Zp 上的密钥交换协议的若干实用算法及其支持理论。生成安全的大素数 P 及其本原根 g 是协议安全的两个必要条件,为此,本文证明了在算术级数 P= 8i+ 3 和q= 4i+ 1 中可得到形如 P= 2q+ 1 的安全素数,且g= 2 是最小本原根。根据上述结果我们提出并实现了应用于 Internet安全通信( S K I P、 S S L 和 C A)中的生成密钥交换参数的三种实用算法。为保证密钥交换的效率和安全,根据费尔玛小定理,我们给出了在穷尽攻击意义下安全随机指数 x(私钥)位长的上界为 log2 P/2)的结论,同时分析了在 Pohlig Hellm an 攻击下 x 的位漏问题。
This paper presents some practical key exchange algorithms and its relative theory over a finite multiplicative group Z p.Using the large safe prime P and primitive root g in Z p can preclude all known attacks,so we prove that P is a safe prime such that P=2q+1,and g is primitive root if P is derived from the serial P=8i+3 and q from q=4i+1.Moreover,three feasible algorithms to generate key agreement parameters are described and implemented which have been used in secure communication via Internet such as SKIP,SSLv30 and CA.On the other hand,security,especially,running time of key agreement also depends on the random exponent x directly.According to Fermat little theorem we prove the upper bound on size of safe exponents is log 2(P/2) under exhaustive attacks meanings.Then we discuss the leak bits of the exponent x by Pholig Hellman decomposition.
出处
《通信学报》
EI
CSCD
北大核心
1999年第7期64-68,共5页
Journal on Communications
基金
国家863- 306 课题
关键词
密钥交换
安全素数生成
D-H公钥
key agreement,Diffie Hellman public key,safe prime generation
