CN113094722B - Three-party password authentication key exchange method - Google Patents
Three-party password authentication key exchange method Download PDFInfo
- Publication number
- CN113094722B CN113094722B CN202110320058.4A CN202110320058A CN113094722B CN 113094722 B CN113094722 B CN 113094722B CN 202110320058 A CN202110320058 A CN 202110320058A CN 113094722 B CN113094722 B CN 113094722B
- Authority
- CN
- China
- Prior art keywords
- client
- server
- value
- random number
- rec
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
Abstract
The invention discloses a three-party password authentication key exchange method, which designs an implicit three-party authentication method, simplifies an authentication structure and reduces the hash times and the communication traffic compared with the prior common explicit authentication method which needs hash operation for many times and has large message transmission quantity. Secondly, the invention considers the condition of modular multiplication of two polynomials, carries out a more convergent parameter analysis mode, balances the variance, the module, the dimension, the sampling parameter and the error rate, and greatly reduces the modulus, thereby ensuring that the key exchange is more efficient. Due to the central binomial distribution of the parameter d, the standard deviation isThe discrete Gaussian distributions are similar, and timing attack can be prevented, so that the central binomial distribution which can be more efficiently realized on hardware and software is selected during sampling. The sampling mode is simpler, a large table does not need to be introduced, high-precision calculation is not needed, and the sampling efficiency is higher.
Description
Technical Field
The invention belongs to the technical field of passwords, and relates to a three-party password authentication key exchange method based on RLWE (Ring Learning with Errors, on-Ring error Learning).
Background
Key exchange allows two or more communicating entities to share a common key in an insecure channel. Key exchange that does not support authentication can only provide passive attack security, while authenticated key exchange can ensure that a participant in a session can share a session key with another honest participant against an active attack. Compared with other key exchange modes, the password-based authentication key exchange does not need a public key infrastructure or a user to store a long symmetric key, but allows all parties to share a simple, low-entropy and easy-to-remember password, has the advantages of small data volume, high speed and the like, and is widely applied.
Most of the existing key exchanges only aim at the situation of two-party communication, and in the actual scene of the internet, along with the increasing number of business participants, such as communication among a mobile phone terminal, a local server and a remote server, and interference among buyers, sellers and third-party platforms in electronic commerce, the insecurity of the application scenes makes the research of three-party key exchange necessary. When the number of communication entities increases, the number of passwords that need to be prestored in the entire network increases, and a 2 token (Password Authenticated Key Exchange) Key agreement manner is not suitable for a user-user communication scenario. Specifically, if n users participate in the communication, and every two users negotiate and share a session key, n (n-1)/2 passwords need to be prestored in the whole communication network. In order to solve the limitation of 2PAKE, a cryptologist proposes Three-way Password Authenticated Key Exchange (3 PAKE), introduces a trusted server, each client only needs to share the Password with the server, and information of other clients does not need to be prestored, so that the problems of Password storage, management and updating are reduced. The server stores the password hash values of all the clients, authenticates the identity of both communication parties and helps them to generate a session key.
At present, the security of the 3PAKE protocol mainly depends on the difficulty of classical mathematical problems such as large integer decomposition and discrete logarithm. With the development of quantum computing, most of the classical problems can be solved in polynomial time through quantum computing, which brings challenges to 3PAKE under the traditional public key cryptosystem. Therefore, it is important to design an authenticated key exchange protocol with post-quantum security. The lattice-based cryptographic algorithm has excellent performance in the aspects of flexibility, safety, calculation amount and the like, and is one of the most common mathematical bases of the post-quantum cryptographic algorithm. Due to the fact that R is based on ideal latticeIn the key agreement constructed by the LWE difficult problem, each participant will randomly introduce a small error item to ensure the post-quantum security, so an error coordination mechanism is needed to restore the approximate key containing errors to a consistent session key. In the Peikert error coordination mechanism, a rounding function [ x ] is defined]2:=[2x/q]mod2, cross rounding functionRandom doubling functionAnd a recovery functionWherein the modulus q is a prime number, Z is an integer set, and the interval I0={0,1,...,[q/4]-1},I1={-[q/4],.., -1}, an error interval E [ -q/8, q/8) # Z (modq)),is a uniform random value independent of v. In conjunction with the above functions, one can define:
calculation of the coordination function (k, ω) ═ HelpRec (v)Signal values to assist coordinationCoordination valueAnd (k, ω) is returned.
Recovery function k' ═ Rec (2w, ω): the w and ω are input, and the coordination value k' is returned.
In a polynomial ring Rq=Zq/(Xn+1), for two approximate ring elements v ═ (v)0,...,vn-1)∈Rq,w=(w0,...,wn-1)∈RqThe calculation of (k, b) ═ hellpec (v) } hellpec (v) can be performed0),...,HelpRec(vn-1)). According to binary coordination vector b ═ b0,...,bn-1)∈{0,1}nIt is possible to calculate k' ═ Rec (2w, b) ═ Rec (v)0,b0),...,Rec(vn-1,bn-1)). As long as the error of two ring elements satisfies | | w-v | | luminance∞<q/8, the same k-k' can be obtained by the above function.
At present, the grid-based password authentication key exchange protocols are relatively few, and most of the two parties need to pre-share the password hash values of all users communicating with the grid-based password authentication key exchange protocols, so that the resource and security loss is caused on the storage, updating and management of the password, and the grid-based password authentication key exchange protocols are not suitable for the scenes of more users and user-user communication.
Disclosure of Invention
Aiming at the problems in the prior art, the invention aims to provide an implicit three-party password authentication key exchange method based on the RLWE problem.
Firstly, in order to reduce the communication complexity of password authentication and key exchange in a client-server-client scene and improve the protocol operation efficiency, the invention designs an implicit three-party authentication method, and compared with the current common display authentication method which needs to carry out hash operation for many times and has large message transmission quantity, the scheme of the invention simplifies the authentication structure and reduces the hash times and the communication traffic. Secondly, the invention considers the condition of modular multiplication of two polynomials, carries out a more convergent parameter analysis mode, balances the variance, the module, the dimension, the sampling parameter and the error rate, and greatly reduces the modulus, thereby ensuring that the key exchange is more efficient. Due to the central binomial distribution of the parameter d, the standard deviation isThe discrete Gaussian distributions are similar and can prevent timing attacks, so that the method can select more efficiently during samplingThe central two-term distribution realized on hardware and software. The sampling mode is simpler, a large table does not need to be introduced, high-precision calculation is not needed, and the sampling efficiency is higher. Meanwhile, the scheme can be combined with an NTT-based Fast Lattice Library to accelerate the polynomial multiplication process and further improve the calculation efficiency of the whole protocol.
Each time a new key exchange session is performed, the server generates a new seed, and then extends it to a public parameter a (the public parameter a is used for generating various keys, for example, p ═ as + e, s and e are secrets, and p is a key) by using a pseudo-random function (such as a hash function), instead of using a fixed public parameter. The output of the hash function is expanded into a, so that the situation that an untrustworthy party selects a with a specific structure, and an adversary guesses the secret value of a protocol party through a trapdoor attack and an all-for-the-price-of-one attack can be avoided. Meanwhile, the method uses a Peikert error coordination mechanism to coordinate the two approximate keys into the same coordination value. The Peikert coordination mechanism defines a random multiply-add function, whereThe probability of (a) is 1/2,the probability of (2) is 1/4, the output of the multiplication function is randomly uniform, so that the generated signal values are uniformly and randomly distributed, and the two parties can directly obtain uniform common bits. Even if the adversary obtains the signal value, the advantage of deducing the coordination value from it is negligible, thus ensuring the safety of the error coordination mechanism.
The technical scheme of the invention is as follows:
a three-party password authentication key exchange method comprises the following steps:
1) when the client A and the client B have a session each time, the client A sends a message to the server S<IDA,IDB>To initiate a session; wherein, IDAIdentity information and ID of user logged in by client ABIdentity information of a user who logs in a client B, and a password verification of each user stored in a server SCertificate value, IDSIdentity information for the server S;
2) the server S randomly generates a random number seed for the current session, then calculates and publishes a public parameter a according to the random number seed, and generates a random number S1,s2,e1,e2,eSA,eSB(ii) a Then calculate The server S will thenRespectively sending the data to a client A and a client B;password pw of user logged in for client AAThe verification value of (a) is set,password pw of user logged in for client BBA verification value of (a);
3) client A computationAnd generates a random number sA,eA(ii) a Client a checks what is receivedIf it is notThe client a terminates the interaction; otherwise, client A calculatespA=asA+eA、(σAS,ωAS)=HelpRec(kAS)、And sends to the server S<xAS,ωAS>(ii) a Client B computation And generates a random number sB,eBChecking receivedWhether or not to satisfyIf not, terminating the interaction; otherwise, client B calculatespB=asB+eB、(σBS,ωBS)=HelpRec(kBS)、And will be<xBS,ωBS>Sending the data to a server S; wherein the hash function H1、H2、H3、H4Is defined as H1:{0,1}*→Rq、H2:{0,1}*→Rq、H3:{0,1}*→Rq、H4:{0,1}*→{0,1}λλ represents the number of bits of the session key that are finally shared;
4) the server S detects the receipt<xAS,xBS,ωAS,ωBS>If it is determined thatS terminates the interaction; otherwise calculatekSA=pA·s1、kSB=pB·s2、σSA=Rec(2kSA,ωAS)、σSB=Rec(2kSB,ωBS)、ySA=pB+H3(σSA) And ySB=pA+H3(σSB) (ii) a Then will be<ySA,ySB,xBS>Sent to the client A and is to be<ySA,ySB,xAS>Sending the data to a client B;
5) client B checks what is received<ySA,ySB,xAS>If, ifB, terminating the interaction; otherwise, p is calculatedA=ySB-H3(σBS)、kB=pA·sBObtaining a signal value omega for coordination, a coordination value k and a session key SKB=H3(IDA,IDB,IDS,xAS,xBS,ySA,ySBω, k) and sends ω to a;
6) the client A receives<yAS,ySB,xBS,ω>Calculating to obtain a coordination value k and a session key SKA=H3(IDA,IDB,IDS,xAS,xBS,ySA,ySB,ω,k)。
Further, the server S randomly selects a parameter defined as seed ← {0, 1.., 255}32The seed of (1); then generating a common parameter a epsilon R according to the seed and the SHAKE-128 functionq。
Further, the signal value ω ← HelpRec (k)B) The coordination value k is Rec (2 k)Bω); wherein, HelpRec () is a coordination function and Rec () is a recovery function.
Further, in step 6), the client a first receives the request<yAS,ySB,xBS,ω>Calculating pB=ySA-H3(σAS)、kA=pB·sAThen, the coordination value k ═ Rec (2 k) is calculated from the signal value ω and the recovery function RecAω), finally the session key SK is obtainedA=H3(IDA,IDB,IDS,xAS,xBS,ySA,ySB,ω,k)。
Further, in step 2), random number s is generated from random sampling on the central binomial distribution1,s2,e1,e2,eSA,eSB(ii) a In step 3), the client A randomly samples from the central binomial distribution to generate a random number sA,eA(ii) a The client B randomly samples from the central binomial distribution to generate a random number sB,eB。
Further, the central binomial distribution isEach coefficient for the generated n-dimensional polynomial is taken from a central binomial distribution with an expected value of 0 and a variance of d/2.
Compared with the prior art, the invention has the following positive effects:
in terms of safety, the method selects reasonable parameters meeting the correctness requirement based on the RLWE problemUnder the Dual and Primal attack mode, the post-quantum security of the scheme reaching 255-bit can be analyzed, the quantum adversary can be resisted, and the quantum environment is safe. According to the BPR model in the three-party environment, the method can be proved to be capable of resisting dictionary attack and man-in-the-middle attack, and has mutual authentication security and forward confidentiality.
Drawings
FIG. 1 is a flow chart of a method of the present invention;
fig. 2 is an architectural diagram of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings.
The protocol comprises a client a and a client B and a server S. The server is trusted and stores the hash of each client's password, is responsible for mutual authentication with each client, and passes messages between clients. The client performs authentication with the server through a password and establishes a final session key with other clients with the help of the server S.
In this method, a polynomial ring Rq=Zq[x]/(Xn+1). Hash function H1、H2、H3、H4Is defined as H1:{0,1}*→Rq、H2:{0,1}*→Rq、H3:{0,1}*→Rq、H4:{0,1}*→{0,1}λWhere λ represents the number of bits of the session key that are ultimately shared. The identity information of the client A, the client B and the server S are respectively represented as IDA、IDBAnd IDS. S randomly selects a definition as seed ← {0, 1.., 255}32The seed of (1). According to the seed and the SHAKE-128 function, each client extends to generate the same public ring element a e Rq. Client A holds password pwAThe client B holds the password pwBThe server S stores the password verification hash value of the client a:password verification hash value of client B:in the following scheme, si∈RqIs based on central binomial distributionRandomly sampled secret value, ei∈RqIs formed byThe generated random small error terms are sampled. Wherein the content of the first and second substances,each coefficient of the generated n-dimensional polynomial (ring element) e is taken from a central binomial distribution ψ of an expected value of 0 and a variance d/2d。
1) And (5) protocol initiation. Client A sends to server S<IDA,IDB>To initiate a session; IDA、IDBRespectively, the identity information of the user to which client A, B corresponds.
2) The first response. Server S randomly generates seed ← {0,1, ·,255}32Calculating and publishing common parameter a ← Parse (SHAKE-128(seed)), and randomly sampling generation from central two-item distributionComputing Then, S willAnd respectively sending the data to a client A and a client B.Password pw of user logged in for client AAThe verification value of (a) is set,password pw of user logged in for client BBThe verification value of (1).
3) And (5) responding for the second time. The two clients may respond simultaneously, respectively.Client A computation Random sample generation from central binomial distributionUpon receiving a message from SThen, A checks ifThe client a terminates the protocol. Otherwise, A continues to calculatepA=asA+eA,(σAS,ωAS)=HelpRec(kAS),And sends to the server S<xAS,ωAS>. At the same time, client B calculates Random sample generation from central binomial distributionChecking received messagesWhether or not to satisfyIf not, the protocol is terminated. Otherwise, B calculatespB=asB+eB,(σBS,ωBS)=HelpRec(kBS),And will be<xBS,ωBS>And sent to the server S. Among them, HelpRec () is a coordination function.
4) And the third response. Receiving messages from A and B at server S<xAS,xBS,ωAS,ωBS>Then, if receivedThe S terminates the protocol. Otherwise, S is from message x of client AASExtracts the secret key p generated by AAMessage x from client BBSSecret key p in which B is calculatedBContinue to calculate kSA=pA·s1,kSB=pB·s2,σSA=Rec(2kSA,ωAS),σSB=Rec(2kSB,ωBS),ySA=pB+H3(σSA),ySB=pA+H3(σSB). Then, S will<ySA,ySB,xBS>Is sent to A, will<ySA,ySB,xAS>And sending the data to B.
Where Rec () is a recovery function.
5) The fourth response. The client B receives the message from the S<ySA,ySB,xAS>Thereafter, client B first checks ifB is aborted. Otherwise, message y of client B from the serverSBExtracts the secret key p generated by the client AAAnd calculate kB=pA·sBThe coordination value and the signal value (k, ω) are obtained as HelpRec (k)B) Final session key SKB=H3(IDA,IDB,IDS,xAS,xBS,ySA,ySBω, k) and sends ω to client a.
6) The protocol is complete. Client a receives messages from server S and client B<yAS,ySB,xBS,ω>Thereafter, the client A follows the message y of the server SSAExtracts the secret key p of the client BBCalculating kA=pB·sAThe coordination value k ═ Rec (2 k) is calculated from the signal value ω and the recovery function RecAω), finally the session key SK is obtainedA=H3(IDA,IDB,IDS,xAS,xBS,ySA,ySB,ω,k)。
Authentication of the client: in steps 3, 5 and 6, after receiving the message from the server, only the correct password pw is heldiThe client side i of the hash value belongs to { A, B }, and p can be successfully calculatediThereby obtaining the harmony value k. If one client does not know the password but participates in the protocol, k' consistent with other honest clients cannot be calculated, key agreement fails, and subsequent communication cannot be carried out.
Authentication of the server: in step 4, the client keys the key piHidden in the message to which the password hash value is added. After receiving the message of the client, only the server storing the hash value of the real password can obtain the correct secret information p of the client from the messageiGenerating the correct sigmaSiThereby enabling both parties to obtain a consistent session key.
When the protocol is correctly executed according to the flow, the client A, the client B and the serviceThe passwords of the devices are matched with each other, the authentication is successfully completed, and | | | kA-kB||∞<q/8, two clients can recover the same coordination value k, so that (ID)A,IDB,IDc,xA,xB,ySA,ySBω, k) are identical and the same session key SK is obtainedA=SKB. Both parties can use the session key to realize symmetric encryption so as to ensure the security of subsequent communication.
In cryptographic algorithms based on the RLWE problem, the most time consuming operation is polynomial computation. When n is 1024, the invention selects the modulus q which meets NTT calculation (requirement q is equal to 1(mod2n)) and can ensure the protocol correctness to 12289, so the invention can use NTT-based Fast Lattice Library algorithm to accelerate the polynomial calculation, and combines with a more compact analysis mode and a simplified implicit authentication mode for the modulus, and can greatly improve the calculation speed while ensuring the post-quantum security strength.
It is noted that the disclosed embodiments are intended to aid in further understanding of the invention, but those skilled in the art will appreciate that: various substitutions and modifications are possible without departing from the spirit and scope of the invention and appended claims. Therefore, the invention should not be limited to the embodiments disclosed, but the scope of the invention is defined by the appended claims.
Claims (5)
1. A three-way password authenticated key exchange method, comprising the steps of:
1) when the client A and the client B have a session each time, the client A sends a message to the server S<IDA,IDB>To initiate a session; wherein, IDAIdentity information and ID of user logged in by client ABIdentity information of a user logged in by a client B, and a verification value and an ID of a password of each user stored in a server SSIdentity information for the server S;
2) the server S randomly generates a random number seed for the current session, then calculates and publishes a public parameter a according to the random number seed, and generates a random number S1,s2,e1,e2,eSA,eSB(ii) a Then calculate The server S will thenRespectively sending the data to a client A and a client B;password pw of user logged in for client AAThe verification value of (a) is set,password pw of user logged in for client BBA verification value of (a);
3) client A computationAnd generates a random number sA,eA(ii) a Client a checks what is receivedIf it is notThe client a terminates the interaction; otherwise, client A calculatespA=asA+eA、(σAS,ωAS)=HelpRec(kAS)、And sends to the server S<xAS,ωAS>(ii) a Client B computation And generates a random number sB,eBChecking receivedWhether or not to satisfyIf not, terminating the interaction; otherwise, client B calculatespB=asB+eB、(σBS,ωBS)=HelpRec(kBS)、And will be<xBS,ωBS>Sending the data to a server S; wherein the hash function H1、H2、H3、H4Is defined as H1:{0,1}*→Rq、H2:{0,1}*→Rq、H3:{0,1}*→Rq、H4:{0,1}*→{0,1}λWhere λ represents the number of bits of the session key that are ultimately shared, RqIs a polynomial ring, HelpRec () is a coordination function, and Rec () is a recovery function;
4) the server S detects the receipt<xAS,xBS,ωAS,ωBS>If x isAS,S terminates the interaction; otherwise calculatekSA=pA·s1、kSB=pB·s2、σSA=Rec(2kSA,ωAS)、σSB=Rec(2kSB,ωBS)、ySA=pB+H3(σSA) And ySB=pA+H3(σSB) (ii) a Then will be<ySA,ySB,xBS>Sent to the client A and is to be<ySA,ySB,xAS>Sending the data to a client B;
5) client B checks what is received<ySA,ySB,xAS>If y isSA,ySB,The client B terminates the interaction; otherwise, p is calculatedA=ySB-H3(σBS)、kB=pA·sBObtaining a signal value omega for coordination, a coordination value k and a session key SKB=H3(IDA,IDB,IDS,xAS,xBS,ySA,ySBω, k) and sends ω to the client a;
6) the client A receives<yAS,ySB,xBS,ω>Calculating to obtain a coordination value k and a session key SKA=H3(IDA,IDB,IDS,xAS,xBS,ySA,ySB,ω,k)。
2. The method of claim 1, wherein the server S randomly selects one definition as Seed←{0,1,...,255}32The seed of (1); then generating a common parameter a epsilon R according to the seed and the SHAKE-128 functionq。
3. The method of claim 2, wherein the signal value ω ← HelpRec (k ← HelpRec)B) The coordination value k is Rec (2 k)B,ω)。
4. The method of claim 1, wherein in step 6), the client A first receives the request<yAS,ySB,xBS,ω>Calculating pB=ySA-H3(σAS)、kA=pB·sAThen, the coordination value k ═ Rec (2 k) is calculated from the signal value ω and the recovery function RecAω), finally the session key SK is obtainedA=H3(IDA,IDB,IDS,xAS,xBS,ySA,ySB,ω,k)。
5. The method of claim 1, wherein in step 2), the random number s is generated from random sampling on the central binomial distribution1,s2,e1,e2,eSA,eSB(ii) a In step 3), the client A randomly samples from the central binomial distribution to generate a random number sA,eA(ii) a The client B randomly samples from the central binomial distribution to generate a random number sB,eB。
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110320058.4A CN113094722B (en) | 2021-03-25 | 2021-03-25 | Three-party password authentication key exchange method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110320058.4A CN113094722B (en) | 2021-03-25 | 2021-03-25 | Three-party password authentication key exchange method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN113094722A CN113094722A (en) | 2021-07-09 |
CN113094722B true CN113094722B (en) | 2022-05-24 |
Family
ID=76669742
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202110320058.4A Active CN113094722B (en) | 2021-03-25 | 2021-03-25 | Three-party password authentication key exchange method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN113094722B (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN116614807B (en) * | 2023-07-20 | 2023-10-13 | 山东科技大学 | Lightweight authentication key exchange method for computing wireless local area network and multi-access edge |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101282216A (en) * | 2007-04-02 | 2008-10-08 | 中国科学院研究生院 | Method for switching three-partner key with privacy protection based on password authentication |
CN105763330A (en) * | 2014-12-18 | 2016-07-13 | 中国科学院信息工程研究所 | Light weight certificate suitable for encryption communication of circuit domain and encryption communication method |
CN107154849A (en) * | 2017-05-09 | 2017-09-12 | 哈尔滨工业大学深圳研究生院 | Three-side password authentication and key agreement protocol based on highly reliable smart card |
CN110299995A (en) * | 2019-07-11 | 2019-10-01 | 北京电子科技学院 | A kind of two-way authentication cryptographic key negotiation method and system for supporting domestic cryptographic algorithm based on RLWE |
CN110519219A (en) * | 2019-07-08 | 2019-11-29 | 中国科学院信息工程研究所 | A kind of password authentication key exchange method and system based on lattice |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10764042B2 (en) * | 2015-09-08 | 2020-09-01 | Jintai Ding | Password based key exchange from ring learning with errors |
US10798086B2 (en) * | 2017-05-08 | 2020-10-06 | Amazon Technologies, Inc. | Implicit certificates using ring learning with errors |
CN107592197A (en) * | 2017-05-09 | 2018-01-16 | 哈尔滨工业大学深圳研究生院 | Three-side password authentication and key agreement protocol without smart card |
CN111682938B (en) * | 2020-05-12 | 2022-08-09 | 东南大学 | Three-party authenticatable key agreement method facing centralized mobile positioning system |
-
2021
- 2021-03-25 CN CN202110320058.4A patent/CN113094722B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101282216A (en) * | 2007-04-02 | 2008-10-08 | 中国科学院研究生院 | Method for switching three-partner key with privacy protection based on password authentication |
CN105763330A (en) * | 2014-12-18 | 2016-07-13 | 中国科学院信息工程研究所 | Light weight certificate suitable for encryption communication of circuit domain and encryption communication method |
CN107154849A (en) * | 2017-05-09 | 2017-09-12 | 哈尔滨工业大学深圳研究生院 | Three-side password authentication and key agreement protocol based on highly reliable smart card |
CN110519219A (en) * | 2019-07-08 | 2019-11-29 | 中国科学院信息工程研究所 | A kind of password authentication key exchange method and system based on lattice |
CN110299995A (en) * | 2019-07-11 | 2019-10-01 | 北京电子科技学院 | A kind of two-way authentication cryptographic key negotiation method and system for supporting domestic cryptographic algorithm based on RLWE |
Non-Patent Citations (3)
Title |
---|
Practical Randomized RLWE-Based Key Exchange Against Signal Leakage Attack;Xinwei Gao 等;《IEEE Transactions on Computers》;20180222;第67卷(第11期);全文 * |
基于RLWE的双因子三方认证密钥交换协议;申艳梅 等;《计算机工程与科学》;20201023;第42卷(第9期);全文 * |
基于RLWE的后量子认证密钥交换协议;李子臣 等;《网络与信息安全》;20200108;第56卷(第12期);全文 * |
Also Published As
Publication number | Publication date |
---|---|
CN113094722A (en) | 2021-07-09 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Zeng et al. | E-AUA: An efficient anonymous user authentication protocol for mobile IoT | |
US11722305B2 (en) | Password based threshold token generation | |
Katz et al. | Scalable protocols for authenticated group key exchange | |
KR101486782B1 (en) | One-time password authentication with infinite nested hash chains | |
Chang et al. | A communication-efficient three-party password authenticated key exchange protocol | |
Lee et al. | Simple password-based three-party authenticated key exchange without server public keys | |
US8422670B2 (en) | Password authentication method | |
Huang | A simple three‐party password‐based key exchange protocol | |
Dabra et al. | LBA-PAKE: Lattice-based anonymous password authenticated key exchange for mobile devices | |
Qu et al. | Two-factor user authentication with key agreement scheme based on elliptic curve cryptosystem | |
Chakrabarti et al. | Password-based authentication: Preventing dictionary attacks | |
Nam et al. | DDH-based group key agreement in a mobile environment | |
Xiong et al. | Finding and fixing vulnerabilities in several three-party password authenticated key exchange protocols without server public keys | |
Mahmood et al. | PUF enable lightweight key-exchange and mutual authentication protocol for multi-server based D2D communication | |
Yin et al. | Two-round password-based authenticated key exchange from lattices | |
CN113094722B (en) | Three-party password authentication key exchange method | |
CN111065097A (en) | Channel protection method and system based on shared secret key in mobile internet | |
Ruan et al. | Provably leakage-resilient password-based authenticated key exchange in the standard model | |
CN110519219B (en) | Lattice-based password authentication key exchange method and system | |
CN106487502B (en) | Lightweight key negotiation method based on password | |
Schliep et al. | Consistent synchronous group off-the-record messaging with sym-gotr | |
Lin et al. | On ‘a simple three‐party password‐based key exchange protocol’ | |
TWI387292B (en) | Secure video conferencing systems and methods | |
Shin et al. | A verifier-based password-authenticated key exchange using tamper-proof hardware | |
Fushan et al. | An efficient and practical threshold gateway-oriented password-authenticated key exchange protocol in the standard model |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |