Research On Password-Based Authenticated Key Exchange Protocols From Lattices

To realize secure communication in the public network,it is necessary to establish a shared symmetric key among all communication parties.The password-based authenticated key exchange(PAKE)protocols only use a memorizable password,which enables the communication parties to realize mutual authentication on the insecure channel and negotiate to reach this kind of shared key.Because of its good user-friendliness and economy,the research and design of PAKE protocols have always been the focus of cryptography research.Most of the existing PAKE protocols are based on traditional number theoretic problems(such as large integer factorization problem,discrete logarithm problem,etc.).With the development of quantum computer technology,the security of these protocols,as well as all other schemes or protocols based on number theoretic problems,is increasingly threatened.Because lattice cryptosystem can resist quantum attacks and has the advantages of high progressive efficiency,parallel computing,provable security and so on,the research of PAKE protocols based on problems from lattices has become a hot spot in the field of cryptographic protocols research.This dissertation focuses on two-party and three-party PAKE protocols based on problems from lattices.The main research results are as follows:1.The existing two-party and three-party PAKE protocols are reviewed in detail,and the performance comparison and analysis are carried out.The results of performance comparison show that the PAKE protocols based on the(ring)learning with errors problem have reasonable traffic and more efficient calculation,which is one of the hopes of the post-quantum authentication key exchange protocols.Besides,we analyze and summarize the important problems in the research of two-party and three-party lattice-based PAKE protocols.2.Based on the protocol CAPAKE proposed by Abdalla et al.,a two-party PAKE protocol based on the ring learning with errors problem is proposed,and its security is proved in detail under the universally composable framework.This protocol not only keeps the advantage of CAPAKE,but also can resist quantum attacks.Moreover,unlike the CAPAKE,this protocol does not store the password directly on the server in the form of plain text,which greatly reduces the harm of the server after being captured.This protocol adopts Peikert's error reconciliation mechanism which is more efficient than other reconciliation mechanisms.Compared with the existing two-party PAKE protocols,the result shows that the protocol has higher security and computing efficiency.3.A three-party PAKE protocol based on verifier from ideal lattices is proposed.The underlying problem of the protocol is the ring learning with errors problem.We still use Peikert's error reconciliation mechanism to solve the error problem.Similarly,the security of the protocol is also proved in detail under the universally composable framework.The new protocol can effectively resist the server compromise attacks and is more secure than the existing protocols.In terms of computing efficiency and communication performance,the new protocol maintains the computing and communication efficiency of the existing three-party PAKE protocols by comparing with the existing three-party PAKE protocols.