Key exchange protocol allows two or more users to compute share session key via exchange information in the open communication channel , and uses the session key to finish cryptography tasks ,such as secure communication and authentication .Recently ,it becomes a hotspot research question that how to design authenticated key exchange protocol with lattice‐based one‐way function . Several lattice‐based two‐party authenticated key exchange protocols have been proposed .However , how to extend them to the identity‐based cryptography background still remains open question .In this paper ,an identity‐based authenticated key exchange protocol from the learning with errors (LWE) problem over cyclotomic ring is proposed .The protocol generates master key by ring LWE (RLWE) sample algorithm ,and further extracts the users’ secret key ,and computes key materials which derive the share session key via exchanging Diffie‐Hellman ephemeral key .The protocol introduces error item ,uses encoding bases of ideal lattice as the tool for analyzing error tolerance , and makes reasonable suggests for parameters setting . The protocol achieves provable AKE secure and PKG forward secure in the ID‐BJM model .Furthermore ,the session key is also secure even if both long private keys are leaked or both ephemeral private key are leaked or A’s ephemeral key and B’s long private key are leaked .%提出了一个基于分圆环上错误学习(learning with errors ,LWE)问题的身份基认证密钥交换协议,其基本思想是利用环上错误学习(ring learning with errors ,RLWE)采样生成系统主私钥,进一步生成用户私钥,通过交换Diffie‐Hellman临时公钥,计算用于派生会话密钥的密钥材料。该协议与传统密钥交换协议的区别在于,协议中引入了错误项,以理想格的解码基为工具,详细分析协议的容错性,给出了合理的参数设置建议,从而保证协议以显著概率计算出相同的会话密钥。协议在ID‐BJM 模型下具有可证明AKE安全性和PKG安全性,并且在双方临时私钥泄露、双方长期私钥泄露以及 A 的长期私钥和B的临时私钥泄露这3种情况下也可以保证协议的AKE安全。
展开▼
