标准模型下完美前向安全的基于身份认证密钥交换

An identity-based authenticated key exchange scheme with perfect forward secrec y in standard model

一轮Diffie-Hellman密钥交换(One-Round Diff ie-Hellman key exchange,OR-DHKE)协议被认为无法实现完美的前向安全性(Perfect Forward Secrecy,PFS)。基于身份的OR-DHKE协议也是如此,现有研究仅实现了弱的完美前向安全性(wPFS)。基于Cremers等人对密钥交换协议完美前向安全性的研究,文章提出一种新的具有完美前向安全的基于身份认证密钥交换方案。文章首先提出一种较弱安全性的基于身份OR-DHKE协议π0,然后采用Cremers等人提出的SIG变换方法,将π0转化为具有完美前向安全的基于身份认证密钥交换方案π1。文章简要分析了CK、CK^+、eCK和eCK-PFS安全模型的异同,在此基础上定义了基于身份认证密钥交换协议分析的强安全模型ID-eCK-PFS。在ID-eCK-PFS模型下,协议π0和π1的安全性被规约为求解判定性BDH(Decisional Bilinear Diffie-Hellman,DBDH)问题,规约过程未使用随机预言机,实现了在标准模型下的完美前向安全性和可证明安全性。

One-round Diffie-Hellman key exchang e(OR-DHKE)protocols are considered to be unable to achieve perfect forward secrecy(PFS),so is identity-based OR-DHKE.Existing protocols in identity-based set provide only weak perfect forward secrecy(wPFS)at best.Based on the research on the PFS of Diffie-Hellman key exchange by Cremers et al.,this paper proposed a new identity-based authenticated key exch ange scheme with perfect forward secrecy.The article proposed firstly an identity-based OR-DHKE protocol with wPFS,namedπ0,and then employed the SIG transformation proposed by Cremers et al.to transformπ0into an iden tity-based authenticated key exchange with PFS,namedπ1.Meanwhile,the article compared several main security models,including CK,CK^+,eCK and eCK-PFS,and defined a strong security model,ID-eCK-PFS,for identity-based au thenticated key exchange protocol.Under the ID-eCK-PFS model,the security of the protocolsπ0andπ1were respectively deduced to solve the Decisional Bilinear Diffie-Hellman(DBDH)problem,and it didn′t use random or acle in the security games.Accordingly,the proposed protocol achieves perfect forward secrecy,and is provab le security in standard model.