基于RLWE支持身份隐私保护的双向认证密钥协商协议

Bidirectional authentication key agreement protocol supporting identity’s privacy preservation based on RLWE

为了解决执行认证密钥交换协议时通信双方身份隐私保护问题,提出了一种基于C类承诺机制的抗量子攻击的双向认证密钥协商协议。该协议通过C类承诺函数隐藏通信双方的真实身份信息,并基于RLWE困难问题,在保障身份匿名的前提下,通过2轮的消息交互不仅完成了双向身份认证,而且保证了传输消息的完整性,并协商出共享会话密钥。经过分析,在协议执行效率上,完成匿名的双向认证与密钥协商只需2轮的消息传输,与Ding等的协议对比,公钥长度缩短近50%;在安全性上,所提协议能够抵抗伪造、重放、密钥复制和中间人攻击。所提协议在eCK模型下满足可证明安全性,同时所提协议基于格上的RLWE困难问题,可抵抗量子计算攻击。

In order to solve the problem of identity privacy preservation between two participants involved when implementing authenticated key agreement protocol, a bidirectional authenticated key agreement protocol against quantum attack based on C commitment scheme was proposed. Through the design of C commitment function, the real identity information of two participants involved was hidden. Based on RLWE difficult problem, under the premise to ensure identity anonymity, this protocol not only completed two-way identity authentication, but also ensured the integrity of the transmitted message, furthermore, the shared session key was negotiated. After been analyzed, in terms of protocol’s execution efficiency, only two rounds of message transmission were needed to complete anonymous two-way authentication and key agreement in the proposed scheme. Compared with Ding’s protocol, the length of public key was reduced by nearly 50%. With regard to security, the protocol could resist forgery, replay, key-copy, and man-in-the-middle attacks. It is proved that the proposed protocol satisfies the provable security under the eCK model. At the same time, the protocol is based on the RLWE problem of lattices, and can resist quantum computing attacks.