摘要
抗弹性泄露密钥交换协议的最初目标就是将存储秘密泄露的危害降到最小,为此Alawatugoda等人提出了基于CAFL安全模型的π协议。该协议在被动攻击下即使一方长期密钥泄露仍是安全的,但在主动攻击下如果一方临时密钥泄露则是不安全的。Toorani等人在2015年给出了对该协议的临时密钥泄露攻击方法。文章针对该安全隐患,在CAFL模型下基于DDH假设和CDH假设对π协议进行了改进,实现了协议参与双方的显式认证。在安全性方面,对其在标准模型下以牺牲较小计算代价获得强安全性进行了证明。此外,文章对π-1协议和π-2协议的计算代价和安全性进行了分析和讨论。
The initial goal of the leakage resilient protocols is to decrease the damages resulted from leakage of stored secrets. Alawatugoda proposed a genetic protocol π based on the secure CAFL model, which was proved to be long-term key reveal secure under passive attack but not ephemeral key reveal secure under active attack. In 2015, for instance, Toorani proposed an ephemeral key compromise impersonation attack on this protocol. Considering the insecurity of the protocol, we propose an improvement based on DDH assumption and CDH assumption, which enables explicit key authentication for the parties. As for the security, the improved protocol is proved capable of stronger securities and of less computation costs under the standard model. In addition, analysis and discussion of protocol π-1 and π-2 is provided in this paper in terms of their computing costs and securities.
出处
《信息网络安全》
2016年第4期31-37,共7页
Netinfo Security
基金
国家自然科学基金[61402522]
密码科学技术国家重点实验室开放课题[2015-MS-07]
洛阳外国语学院科研基金[2015XYQ004]
