计算机科学

计算机科学 ›› 2022, Vol. 49 ›› Issue (1): 1-6.doi: 10.11896/jsjkx.yg20220101

所属专题: 密码学 虚拟专题

• 特邀文章 • 上一篇    下一篇

一种新的密码本原:棘轮密钥交换的定义、模型及构造

冯登国   

  1. 中国科学院软件研究所可信计算与信息保障实验室 北京100190
  • 收稿日期:2021-08-12 修回日期:2021-08-24 出版日期:2022-01-15 发布日期:2022-01-18
  • 通讯作者: 冯登国(fengdg@263.net)
  • 作者简介:冯登国,1965年生,中国科学院软件研究所研究员、博士生导师。长期从事网络与信息安全研究工作,在Theor.Comput.Sci、J.Cryptology、IEEE IT等国内外重要期刊和会议上发表论文多篇。

New Cryptographic Primitive: Definition, Model and Construction of Ratched Key Exchange

FENG Deng-guo   

  1. Lab of TCA,Institute of Software of CAS,Beijing 100190,China
  • Received:2021-08-12 Revised:2021-08-24 Online:2022-01-15 Published:2022-01-18

PDF (PC)

1639

摘要: 在传统密码学应用中,人们总假定终端是安全的,并且敌手只存在于通信信道上。然而,主流的恶意软件和系统漏洞给终端安全带来了严重和直接的威胁和挑战,例如容易遭受存储内容被病毒破坏、随机数发生器被腐化等各种攻击。更糟糕的是,协议会话通常有较长的生存期,因此需要在较长的时间内存储与会话相关的秘密信息。在这种情况下,有必要设计高强度的安全协议,以对抗可以暴露存储内容和中间计算结果(包括随机数)的敌手。棘轮密钥交换是解决这一问题的一个基本工具。文中综述了密码本原——棘轮密钥交换,包括单向、半双向和双向等棘轮密钥交换的定义、模型及构造,并展望了棘轮密钥交换的未来发展趋势。

关键词: 安全消息传递协议, 半双向棘轮密钥交换, 单向棘轮密钥交换, 棘轮密钥交换, 密码本原, 双向棘轮密钥交换

Abstract: In the application of traditional cryptography,people always assume that the endpoints are secure and the adversary is on the communication channel.However,the prevalence of malware and system vulnerabilities makes endpoint compromise a se-rious and immediate threat.For example,it is vulnerable to various attacks such as memory content being destroyed by viruses,randomness generator being corrupted,etc.What's worse,protocol sessions usually have a long lifetime,so they need to store session-related secret information for a long time.In this situation,it becomes essential to design high-strength security protocols even in the setting where the memory contents and intermediate values of computation (including the randomness) can be exposed.Ratchet key exchange is a basic tool to solve this problem.In this paper,we overview the definition,model and construction of ratchet key exchange,including unidirectional ratcheted key exchange,sesquidirectional ratcheted key exchange and bidirectionalratcheted key exchange,and prospect the future development of ratchet key exchange.

Key words: Bidirectional ratcheted key exchange, Cryptographic primitive, Ratcheted key exchange, Secure-messaging protocol, Sesquidirectional ratcheted key exchange, Unidirectional ratcheted key exchange

中图分类号: 

  • TP309
[1]BORISOV N,GOLDBERG I,BREWER E.Off-the-record communication,or,why not to use pgp[C]// Proceedings of the ACM Workshop on Privacy in the Electronic Society (WPES).2004:77-84.
[2]LANGLEY A.Pond GitHub repository,README.md [OL].https://github.com/agl/pond/commit/7bb06244b9aa121d367a6d556867992d1481f0c8.
[3]Open Whisper Systems:Signal protocol library for java/android GitHub repository[OL].https://github.com/WhisperSystems/libsignal-protocol-java.
[4]BELLARE M,SINGH A C,JAEGER J,et al.Ratcheted Encryption and Key Exchange:The Security of Messaging[C]// CRYPTO 2017.Springer,2017:619-650.
[5]COHN-GORDON K,CREMERS C,DOWLING B,et al.A Formal Security Analysis of the Signal Messaging Protocol[C]//2017 IEEE Euro S&P 2017.Paris,France,2017:451-466.
[6]POETTERING B,RÖSLER P.Towards Bidirectional Ratcheted Key Exchange[C]//CRYPTO 2018.Santa Barbara,USA,Springer, 2018:3-32.
[7]JAEGER J,STEPANOVS I.Optimal Channel Security Against Fine-Grained State Compromise:The Safety of Messaging[C]//CRYPTO 2018.Santa Barbara,USA,Springer,2018:33-62.
[8]JOST D,MAURER U,MULARCZYK M.Efficient Ratcheting:Almost-Optimal Guarantees for Secure Messaging[C]//EUROCRYPT 2019.2019:159-188.
[9]DURAK F B,VAUDENAY S.Bidirectional asynchronousratcheted key agreement without key-update primitives[OL].https://eprint.iacr.org/2018/889.
[10]POETTERING B,ROSLER P.Asynchronous ratcheted key exchange[OL].https://eprint.iacr.org/2018/296.
[1] 宁晗阳, 马苗, 杨波, 刘士昌.
密码学智能化研究进展与分析
Research Progress and Analysis on Intelligent Cryptology
计算机科学, 2022, 49(9): 288-296. https://doi.org/10.11896/jsjkx.220300053
[2] 汤凌韬, 王迪, 张鲁飞, 刘盛云.
基于安全多方计算和差分隐私的联邦学习方案
Federated Learning Scheme Based on Secure Multi-party Computation and Differential Privacy
计算机科学, 2022, 49(9): 297-305. https://doi.org/10.11896/jsjkx.210800108
[3] 柳杰灵, 凌晓波, 张蕾, 王博, 王之梁, 李子木, 张辉, 杨家海, 吴程楠.
基于战术关联的网络安全风险评估框架
Network Security Risk Assessment Framework Based on Tactical Correlation
计算机科学, 2022, 49(9): 306-311. https://doi.org/10.11896/jsjkx.210600171
[4] 吕由, 吴文渊.
隐私保护线性回归方案与应用
Privacy-preserving Linear Regression Scheme and Its Application
计算机科学, 2022, 49(9): 318-325. https://doi.org/10.11896/jsjkx.220300190
[5] 窦家维.
保护隐私的汉明距离与编辑距离计算及应用
Privacy-preserving Hamming and Edit Distance Computation and Applications
计算机科学, 2022, 49(9): 355-360. https://doi.org/10.11896/jsjkx.220100241
[6] 高春刚, 王永杰, 熊鑫立.
MTDCD:一种对抗网络入侵的混合防御机制
MTDCD:A Hybrid Defense Mechanism Against Network Intrusion
计算机科学, 2022, 49(7): 324-331. https://doi.org/10.11896/jsjkx.210600193
[7] 梁珍珍, 徐明.
基于海洋水声信道的密钥协商方案
Key Agreement Scheme Based on Ocean Acoustic Channel
计算机科学, 2022, 49(6): 356-362. https://doi.org/10.11896/jsjkx.210400097
[8] 杜鸿毅, 杨华, 刘艳红, 杨鸿鹏.
基于网络媒体的非线性动力学信息传播模型
Nonlinear Dynamics Information Dissemination Model Based on Network Media
计算机科学, 2022, 49(6A): 280-284. https://doi.org/10.11896/jsjkx.210500043
[9] 傅丽玉, 陆歌皓, 吴义明, 罗娅玲.
区块链技术的研究及其发展综述
Overview of Research and Development of Blockchain Technology
计算机科学, 2022, 49(6A): 447-461. https://doi.org/10.11896/jsjkx.210600214
[10] 卫宏儒, 李思月, 郭涌浩.
基于智能合约的秘密重建协议
Secret Reconstruction Protocol Based on Smart Contract
计算机科学, 2022, 49(6A): 469-473. https://doi.org/10.11896/jsjkx.210700033
[11] 梁懿雯, 杜育松.
抵御计时攻击的基于Knuth-Yao的二元离散高斯采样算法
Timing Attack Resilient Sampling Algorithms for Binary Gaussian Based on Knuth-Yao
计算机科学, 2022, 49(6A): 485-489. https://doi.org/10.11896/jsjkx.210600017
[12] 闫萌, 林英, 聂志深, 曹一凡, 皮欢, 张兰.
一种提高联邦学习模型鲁棒性的训练方法
Training Method to Improve Robustness of Federated Learning
计算机科学, 2022, 49(6A): 496-501. https://doi.org/10.11896/jsjkx.210400298
[13] 陈彦冰, 钟超然, 周超然, 薛凌妍, 黄海平.
基于医疗联盟链的跨域认证方案设计
Design of Cross-domain Authentication Scheme Based on Medical Consortium Chain
计算机科学, 2022, 49(6A): 537-543. https://doi.org/10.11896/jsjkx.220200139
[14] 周航, 姜河, 赵琰, 解相朋.
适用于各单元共识交易的电力区块链系统优化调度研究
Study on Optimal Scheduling of Power Blockchain System for Consensus Transaction ofEach Unit
计算机科学, 2022, 49(6A): 771-776. https://doi.org/10.11896/jsjkx.210600241
[15] 刘林云, 陈开颜, 李雄伟, 张阳, 谢方方.
基于卷积神经网络的旁路密码分析综述
Overview of Side Channel Analysis Based on Convolutional Neural Network
计算机科学, 2022, 49(5): 296-302. https://doi.org/10.11896/jsjkx.210300286
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市渝北区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发