信息安全研究第10卷第1期2024年1月JournalotinformationSecurityResearchVol.10No.1Jan.2024DOl:10.12379/j.issn.2096-1057.2024.01.03基于NTRU密钥协商协议设计郑鉴学张道法徐松艳宋苏鸣(北京遥测技术研究所北京100094)(16271209@bjtu.edu.cn)TheDesignofaKeyAgreementProtocolBasedonNTRUZhengJianxue,ZhangDaofa,XuSongyan,andSongSuming(BeijingResearchInstituteofTelemetry,Beijing100094)AbstractNTRUistheearliestpublic-keycryptosystemthatreducesthedifficultyofthecryptosystemtothelattice-hardproblem.ThefeaturesofNTRUaresimple,andthestoragespacerequiredissmall.Therefore,NTRUismoresimpleandefficientalgorithmforestablishingacryptosystembasedonlattice-hardproblems.However,therearefewrelevantreferencestodesignNTRU-basedkeyagreementprotocols.TheexistingNTRU-basedkeyagreementprotocolsdonotprotectthekeyssufficiently,whichiseasytoleaveconvenienceforadversaryattacks.Theproofisnotsufficientandincomplete.Inordertosolvethisproblem,thispaperproposestwokeyagreementprotocolsbasedonNTRUlattice,addingtemporarysecretinformation,sothattheschemehasstrongforwardsecurity,andproposesadetailedsecurityproof.TheproofisbasedontheunforgeabilityofthesessionkeyundertheSVPassumptiononthelattice.ThesecurityproofisbasedontheeCKmodel.ComparedwithtraditionalkeyagreementschemessuchasDHandECDH,thisNTRUschemeisbasedonpolynomialrings,andhashighercomputationalefficiency.Itssecuritycanbereducedtosolvingdifficultproblemsonlattices,anditcanresistquantumattacks.Keywordslattice;NTRU;keyagreementprotocol;provablesecurity;eCKmodel摘要NTRU是最早将密码系统困难性规约到格上困难问题的公钥密码体制.NTRU的特征简洁,密钥生成不复杂,运算速度快并且需要的存储空间小,所以目前基于格上困难问题建立密码体制的算法中,NTRU更加简便高效.然而基于NTRU的密钥协商协议相关研究较少,现存的基于NTRU的密钥协商协议消息传递过程中密钥的保护不充分,易为敌手攻击留下后门,且协议的安全性论证不充分不完备.鉴于此,提出了2个基于NTRU格上的密钥协商协议,增加临时秘密信息,使方案具有强前向安全性,并且提出了详细的安全证明,在不泄露响应方密钥和要伪造的会话密钥的情况下,该证明是基...
