• 中国计算机学会会刊
  • 中国科技核心期刊
  • 中文核心期刊

计算机工程与科学 ›› 2020, Vol. 42 ›› Issue (09): 1556-1562.

• 计算机网络与信息安全 • 上一篇    下一篇

基于RLWE的双因子三方认证密钥交换协议

申艳梅,李亚平,王岩,王辉,黄鹂娟   

  1. (河南理工大学计算机科学与技术学院,河南 焦作 454003)
  • 收稿日期:2020-04-08 修回日期:2020-05-07 接受日期:2020-09-25 出版日期:2020-09-25 发布日期:2020-09-24
  • 基金资助:
    国家自然科学基金(61502150);河南理工大学博士基金(B2015-42);河南省高等学校重点科研项目(16A120013)

A RLWE-based two-factor three-party  authentication key exchange protocol

SHEN Yan-mei,LI Ya-ping,WANG Yan,WANG Hui,HUANG Li-juan   

  1. (College of Computer Science and Technology,Henan Polytechnic University,Jiaozuo 454003,China)
  • Received:2020-04-08 Revised:2020-05-07 Accepted:2020-09-25 Online:2020-09-25 Published:2020-09-24

摘要: 为了使格上Diffie-Hellman式密钥交换协议能够实现认证性并且适用于客户-服务器-客户模式的大规模通信,提出了一个基于环上误差学习RLWE的双因子三方认证密钥交换协议。该协议将口令和生物特征作为客户的长期密钥,实现服务器对客户的显式身份认证。首先利用环上误差学习的困难问题的优势(密钥及密文尺寸短、运行效率高)来构造密码体制;其次服务器通过口令和生物特征的哈希值传递环元素,并结合丁式错误协调机制使得通信方获得随机均匀的会话密钥。最后分析表明,该协议适用于大规模通信,提高了通信量,具有更高的安全属性,可以抵抗口令泄露用户假冒攻击。

关键词: 认证密钥交换, 环上误差学习, 丁式错误协调机制, 口令, 生物特征

Abstract: In order to enable the Diffie-Hellman-style key exchange protocol on the lattice to achieve authentication and is suitable for large-scale communication in the client-server-client mode, a two-factor three-party authentication key exchange protocol based on Ring Learning With Error (RLWE) is proposed. The protocol uses passwords and biometrics as long-term keys for the client, enabling the server to explicitly authenticate the client. Firstly, the advantages of the difficult problem of error learning on the ring (short key and cipher text size and high operating efficiency) are used to construct the cryptosystem. Secondly, the server passes ring elements through password and biometric hash values, and combines D-type error coordination. The mechanism enables the communicating party to obtain a random and even session key. The final analysis shows that the protocol is suitable for large-scale communication, improves the communication volume, has higher security attributes, and can resist the password impersonation attacks of users.


Key words: authentication key exchange, ring learning with error, D-type error coordination mechanism, password, biometric