一个可抵抗临时指数泄露的密钥协商协议形式化安全模型

计算机科学 ›› 2013, Vol. 40 ›› Issue (11): 98-102.

一个可抵抗临时指数泄露的密钥协商协议形式化安全模型

陶文君,胡斌

解放军信息工程大学郑州450004;解放军信息工程大学郑州450004

出版日期:2018-11-16 发布日期:2018-11-16
基金资助:
本文受国家自然科学基金(61272488,1,61202491)资助

Formal Security Model Resist ing Session Exponential Reveal for Key Agreement Protocol

TAO Wen-jun and HU Bin

Online:2018-11-16 Published:2018-11-16

摘要/Abstract

摘要： 从临时指数泄露这一新的假设出发,分析了eCK模型下临时指数泄露可能造成的安全隐患,提出了可抵抗临时指数泄露的新安全属性,建立了攻击者具有更强能力的新形式化安全模型。在该模型下,给出了一个可证明安全的HCMQV密钥协商协议,该协议在CMQV的基础上对参数e的生成方式做了自然的修改并增加了保密性,以有效减少协议执行中杂凑的次数和抵抗反射攻击。为了证明协议的安全性,没有沿用HMQV协议证明签名机制不可伪造性的方法,而是通过构造区分器将新协议的安全性紧凑地归约到DDH问题上。事实证明,设计临时指数可泄露的安全密钥协商协议是可行的。

关键词: CMQV,eCK,形式化安全模型,可证明安全性

Abstract: Based on the assumption of ephemeral exponential leakage in eCK model,this paper analyzed the effect of this hidden trouble and built a new formal security model in which a much stronger adversary can be resisted and also a new security attribute can be satisfied．Futher more,a provable secure key agreement protocol-HCMQV was designed in this new model．The protocol modifies the generation function of e in a natural way and makes it in secrecy.The method reduces the times of HASH and also the reflect attack can be avoided．In order to prove the security of HCMQV,we did not prove the unforgeability for the signature scheme like HMQV,but a distinguisher was constructed to reduce the security of protocol to DDH assumption tightly．Actually,designing a secure key agreement protocol in which ephemeral exponential can be leaked is possible.

Key words: CMQV,eCK,Formal security model,Provable security

陶文君,胡斌. 一个可抵抗临时指数泄露的密钥协商协议形式化安全模型[J]. 计算机科学, 2013, 40(11): 98-102. https://doi.org/

TAO Wen-jun and HU Bin. Formal Security Model Resist ing Session Exponential Reveal for Key Agreement Protocol[J]. Computer Science, 2013, 40(11): 98-102. https://doi.org/

参考文献

[1] Canetti R,Krawczyk H．Analysis of Key-Exchange Protocolsand Their Use for Building Secure Channels[C]∥Advances in Cryptology — EUROCRYPT ’01．Springer-Verlag,2001:453-474
[2] LaMacchia B,Lauter K,Mityagin．A Stronger security of authenticated key exchange[C]∥Lecture Notes in Computer Science 4784．Berlin:Springer,2007:1-16
[3] Krawczyk H．HMQV:A High-Performance Secure Diffie-Hellman Protocol[C]∥Advances in Cryptology CRYPTO’05,LNCS3621．Springer-Verlag,2005:546-566
[4] Cas J F,Cremers．Formally and practically relating the CK,CK-HMQV and eCK security models for authenticated key exchange．http://eprint.iacr.org/2009/253.pdf
[5] Cheng Qing-feng,Ma Chuang-gui, Wei Fu-shan.A modified eCK model with stronger security for tripartite authenticated key exchange．http://eprint.iacr.org/2010/ 042.pdf
[6] Zhao Jian-jie,Gu Da-wei．Provably secure two-party authenticated key exchange protocol in eCK model[J]．Chinese journal of computers,2011,34(1)
[7] Zhou Qing-lei,Yang Zeng-fu．TUP:A new eCK-secure AKEprotocol under the CDH assumption[J]．International Journal of Communications,Network and System Sciences,2012:5(6):332
[8] Pan Jin-xin,Wang Li-lin．TMQV:A strongly eCK-secure Diffie-Hellman protocol without Gap assumption[J].Journal of international services and informatin security,2012,1(2/3):107-124
[9] Fujioka A,Suzuki K．Designing Efficient Authenticated Key Ex-change Resilient to Leakage of Ephemeral Secret Keys[J]．Lecture Notes in Computer Science,2011,6558:121-141
[10] Ustaoglu B．Obtaining a secure and efficient key agreement Drotocol from(H) MQV and NAXOS[J]．Designs,Codes and Cryptography,2008,46(3):329-342
[11] 贾小英,李宝,刘亚敏．随机谕言模型[J]．软件学报,2012,23(1)141-151

Metrics

Viewed

Full text

Abstract

Cited

Shared

Discussed