Research On Lattice-based Post-quantum Key Exchange Protocol

With the rapid development and wide application of Internet technology,the importance of information security is increasingly prominent.The key exchange protocol is one of the most fundamental cryptographic primitives in modern cryptography.It enables communication parties to reach a key agreement on an open channel,and then establish secure communication.Key exchange protocol has been widely used in Internet protocol,electronic commerce,secure communication and other fields.With the fast development of quantum computer and the proposal of quantum algorithm,the key exchange protocol based on the traditional number theory hard problem is facing challenges.Therefore,it is urgent to deploy and apply the key exchange protocol against quantum computer attack as soon as possible.The cryptosystem based on lattice theory can reach excellent post-quantum security,so it has become the focus of research and attention.Plenty of post-quantum key exchange protocols based on lattice theory have been proposed in recent years,but these protocols still have weakness in security,computational efficiency and communication complexity.This thesis has done the following research on lattice-based key exchange protocol: 1.This thesis constructs an authenticated key exchange protocol based on message-recovery signature.Most of the existing lattice-based authenticated key exchange protocols are implicit authenticated protocols,which do not rely on additional cryptography primitives to achieve authentication,but directly utilize the structure of the scheme itself.Research shows that implicit authenticated protocol cannot achieve perfect forward secrecy,and it is also not suitable for PKI-based digital certificate system.In this scheme,we first construct an IND-CPA-secure key encapsulation mechanism,and then combine it with a digital signature scheme with message recovery mode to construct a post-quantum authenticated key exchange protocol.This protocol reduces the communication overhead while achieving authentication.Compared with the existing schemes,this protocol reduces the communication cost by 21.7%～25.7% under the same post-quantum security strength,and its computational efficiency has also been improved.Furthermore,our protocol has been improved in terms of security,which can achieve perfect forward secrecy under the BCK security model.This protocol is applicable to bandwidth-limited scenarios and PKI-based authentication system,such as smart cards,handheld terminals and other Internet of things applications.2.This thesis proposed a key exchange protocol based on error reconciliation mechanism.Most of the existing key exchange protocols based on LWE problem are constructed by using key encapsulation mechanism.Although the construction is relatively simple,it generally brings high communication complexity.This scheme uses Peikert error reconciliation mechanism to construct a passively secure key exchange protocol based on the modular-LWE problem.Compared with the protocol using key encapsulation mechanism,this scheme saves the communication cost by fixed length,and reduces the probability of decryption error with the same computational efficiency and security strength.Moreover,the security of this scheme directly relies on the hardness of the modular LWE problem,which is more robust than the original scheme.Because of the module-LWE problem,this protocol can achieve balance between efficiency and security by adjusting the parameters expediently.This scheme is similar to Diffie-Hellman key exchange protocol.The protocol process is relatively symmetrical compared with other schemes,which can ensure that the computing and communication costs of both parties are roughly the same.Therefore,our protocol is applicable to secure communication between users of the same level,such as application in the scenarios of vehicle interconnection.