On Construction Of Lattice-Based Cryptographic Protocols And Analysis

The security of the existing number-theoretic cryptography,such as the Diffie-Hellman cryptographic protocols and RSA cryptosystems,rely on the discrete logarithm problems and large integer factoring problems,respectively.However,since the bringing forward of quantum cryptography and the rapid development of the special computing power of quantum computers,these traditional pubic key cryptosystems will lose their security completely.With human's entering the quantum computing era,the research and design of post-quantum secure cryptography is brought into schedule gradually.Therefore,there is urgent realistic meaning and profound theoretical meaning for the designing new cryptographic schemes,which are recognized to have resistance to quantum computing attacks.As one of the representatives of post-quantum secure cryptosystems,lattice-based cryptography has wide applications and prospects for development.In recent years,lattice-based cryptosystem is rapidly becoming the new hot spot of research in cryptography and has gotten a series of splendid achievements due to its obvious advantages of higher asymptotic efficiency,parallelizable computation,and resistance to quantum computing attacks.On the one hand,lattice-based cryptography has the above-mentioned advantages.Especially noteworthy is that the lattice-based cryptographic schemes enjoy strong security guarantees,which are proved secure supposing the hardness of worst-case problems or assumptions.There exist some disadvantages in lattice-based cryptography,such as the space size is too large and communication efficiency is so low,which produce great limitations on immediate applications of lattice-based pubic key cryptosystem,although it has achieved most compelling results.Thus,it is urgent to design lattice-based public key cryptographic algorithms exquisitely,so improving the communication efficiency.On the other hand,the hard problems from lattices,however,awaits being theoretically unearthed deeply further.It has great significance to design and construct lattice-based cryptographic schemes with more fine cryptographic properties for further enriching and improving the connotation of lattice-based cryptography.Based on these considerations above,this dissertation carries out several kinds of designs and constructions of lattice-based cryptography in the following three dimensions,such as lattice-based key encapsulation mechanism(KEM),lattice-based two-party authenticated key exchange(AKE)protocols,and lattice-based group authenticated key transfer protocol,of which research results over lattices realize new lattice-based cryptographic function,and improve the efficiency of the schemes.The main results are given as follows:(1).The construction of lattice-based key encapsulation mechanism: Key encapsulation mechanism(KEM)is an important key distribution mechanism that not only allows both sender and receiver to safely share a random session key,but also can be mainly applied to construct a hybrid public key encryption scheme.We design an efficient KEM scheme in standard model based on ideal lattices.We prove that the proposed scheme captures indistinguishability against active chosen ciphertext attacks(IND-CCA)under the ring learning with errors(RLWE)hard problem,or more formally,IND-CCA security.Compared with the current IND-CCA secure KEM schemes based on lattices in the standard model,our scheme has shorter public key,shorter secret key and shorter encapsulation ciphertext overhead.Thus,this KEM scheme has obtained obvious improvement in terms of efficiency and practicability.(2).The designs of lattice-based two-party authenticated key exchange(AKE)protocols:Authenticated key exchange(AKE)protocol is an important cryptographic primitive that assists communicating entities,who are communicating over an insecure network,to establish a shared session key to be used for protecting their subsequent communication.Latticebased cryptographic primitives are believed to provide resilience against attacks from quantum computers.Firstly,we design a method that maps arbitrary bit string to an element,which follows the discrete Gaussian distribution.Then,an efficient AKE protocol with short secret key size over ideal lattices is constructed in this dissertation,which nicely inherits the design idea of the high-performance Diffie-Hellman protocol.Our protocol does not use auxiliary cryptographic primitives such as signatures or message authentication codes(MACs),so simplifying our protocol.Under the hard assumption of ring learning with errors(RLWE)hard assumption,the security of the proposed protocol is proved in the BellareRogaway model,which achieves weak Perfect Forward Secrecy(w PFS)additionally.Using the hard assumption of Ring Decision Learning with Errors(RDLWE)in the lattice,two new variant authenticated key exchange(AKE)protocols are proposed,which are based on the reconciliation technique.Compared with the current key exchange(KE)protocols based on the LWE hard assumption,the proposed protocols protect the shared session key with balanced key derivation function(KDF).(3).The designs of lattice-based group authenticated key transfer protocols: We firstly construct a simple and practical secure sketch function that serves as the robust extractor,and build a novel passively secure secret sharing scheme under learning with errors(LWE)hard problem based on the proposed robust extractor.Then,we extend it to a secret sharing scheme under ring learning with errors(RLWE)hard problem.We show the security analysis of our secret sharing schemes based on the LWE hard assumption and the security property of secure sketch,in the random oracle model(ROM).Based on the proposed secret sharing scheme from LWE hard assumption,we build a group authenticated key transfer protocol and then prove its security under the LWE hard assumption and the secure property of secure sketch,in the ROM.The proposed group authenticated key transfer protocol not only captures authenticated key exchange(AKE)security and mutually authenticated security,but also needs only two round communications to negotiate a shared session key.