The Design of a Key Agreement Protocol Based on NTRU

Abstract

Abstract: NTRU is the earliest publickey cryptosystem that reduces the difficulty of the cryptosystem to the latticehard problem. The features of NTRU are simple, and the storage space required is small. Therefore, NTRU is more simple and efficient algorithm for establishing a cryptosystem based on latticehard problems. However, there are few relevant references to design NTRUbased key agreement protocols. The existing NTRUbased key agreement protocols do not protect the keys sufficiently, which is easy to leave convenience for adversary attacks. The proof is not sufficient and incomplete. In order to solve this problem, this paper proposes two key agreement protocols based on NTRU lattice, adding temporary secret information, so that the scheme has strong forward security, and proposes a detailed security proof. The proof is based on the unforgeability of the session key under the SVP assumption on the lattice. The security proof is based on the eCK model. Compared with traditional key agreement schemes such as DH and ECDH, this NTRU scheme is based on polynomial rings, and has higher computational efficiency. Its security can be reduced to solving difficult problems on lattices, and it can resist quantum attacks.

Key words: lattice, NTRU, key agreement protocol, provable security, eCK model

摘要： NTRU是最早将密码系统困难性规约到格上困难问题的公钥密码体制.NTRU的特征简洁，密钥生成不复杂，运算速度快并且需要的存储空间小，所以目前基于格上困难问题建立密码体制的算法中，NTRU更加简便高效.然而基于NTRU的密钥协商协议相关研究较少，现存的基于NTRU的密钥协商协议消息传递过程中密钥的保护不充分，易为敌手攻击留下后门，且协议的安全性论证不充分不完备.鉴于此，提出了2个基于NTRU格上的密钥协商协议，增加临时秘密信息，使方案具有强前向安全性，并且提出了详细的安全证明，在不泄露响应方密钥和要伪造的会话密钥的情况下，该证明是基于格上最短向量计算困难性SVP假设下会话密钥的不可伪造性.该安全证明在eCK模型下可证明安全的.相较于DH,ECDH等传统的密钥协商方案，NTRU方案是基于多项式环上的，运算效率更高，其安全性可以归约到求解格上的困难问题，可以抵御量子攻击.

关键词: 格, NTRU, 密钥协商协议, 可证明安全, eCK模型

CLC Number:

TP309.2

郑鉴学, 张道法, 徐松艳, 宋苏鸣, . 基于NTRU密钥协商协议设计[J]. 信息安全研究, 2024, 10(1): 12-.

References

［1］Hoffstein J, Pipher J, Silverman J H. NTRU: A ringbased public key cryptosystem［G］ LNCS 1423: Algorithmic Number Theory. Berlin: Springer, 1998: 206288［2］Lyubashevsky V, Micciancio D. Asymptotically efficient latticebased digital signatures［C］ Proc of TCC 2008. Berlin: Springer, 2008: 3754［3］Gentry C, Peikert C, Vaikuntanathan V. Trapdoors for hard lattices and new cryptographic constructions［C］ Proc of the fortieth Annual ACM Symp on Theory of Computing. New York: ACM, 2008: 197206［4］胡予濮. 一个新型的NTRU类数字签名方案［J］. 计算机学报, 2008, 30(9): 16611666［5］Bellare M, Rogaway P. Entity authentication and key distribution［C］ Proc of the 13th Annual Int Cryptology Conf. Berlin: Springer, 1993: 232249［6］Canetti R, Krawczyk H. Analysis of keyexchange protocols and their use for building secure channels［C］ Proc of EUROCRYPT 2001. Berlin: Springer, 2001: 453474［7］LaMacchia B, Lauter K, Mityagin A. Stronger security of authenticated key exchange［C］ Proc of the 1st Int Conf on Provable Security. Berlin: Springer, 2007: 116［8］Sarr A, ElbazVincent P, Bajard J. A new security model for authenticated key agreement［C］ Proc of Int Conf on Security and Cryptography for Networks. Berlin: Springer, 2010: 219234［9］Liu Xiangyu, Liu Shengli, Gu Dawu. Twopass authenticated key exchange with explicit authentication and tight security［C］ Proc of ASIACRYPT 2020. Berlin: Springer, 2020: 785814［10］Xiao Yuting, Zhang Rui, Ma Hui. Tightly secure twopass authenticated key exchange protocol in the CK model［C］ Proc of the Cryptographers’ Track at the RSA Conf 2020. Berlin: Springer, 2020: 171198［11］李子臣, 张亚泽, 张峰娟. 基于NTRU新型认证密钥协商协议的设计［J］. 计算机应用研究, 2018, 35(2): 532535, 541［12］孙海燕. 认证密钥协商协议及其应用［D］. 北京: 北京邮电大学, 2014［13］王龙安. 基于格的匿名认证和密钥协商方案研究［D］. 重庆: 重庆邮电大学, 2020［14］倪亮, 王念平, 谷威力, 等. 基于格的抗量子认证密钥协商协议研究综述［J］. 计算机科学, 2020, 47(9): 299309［15］韩新光. 基于LWE问题认证密钥协商协议的研究与设计［D］. 西安: 西安电子科技大学, 2020

[1]	. Comparison Research on Intrusion Detection Model Based on Machine Learning [J]. Journal of Information Security Reserach, 2023, 9(8): 739-.
[2]	. Detection and Classification Method of Network Attacks Based on Generalized Neural Networks [J]. Journal of Information Security Reserach, 2023, 9(6): 593-.
[3]	. A Practical ORAM Scheme for Untrusted Offchip Memory [J]. Journal of Information Security Reserach, 2023, 9(3): 280-.
[4]	. Research on Malicious Behavior Detection and Identification Model Based on Deep Learning [J]. Journal of Information Security Reserach, 2023, 9(12): 1152-.
[5]	. A Scalable Realtime Multistep Attack Scene Reconstruction Method#br# #br# [J]. Journal of Information Security Reserach, 2023, 9(12): 1173-.
[6]	. Intrusion Detection Method Based on Multiscale Spatialtemporal Residual Network [J]. Journal of Information Security Reserach, 2023, 9(11): 1045-.
[7]	. An Authenticated Key Exchange Protocol for Telecare Medical Information Systems [J]. Journal of Information Security Reserach, 2023, 9(11): 1102-.
[8]	. A CNN-LSTM Method Based on Attention Mechanism for In vehicle CAN Bus Intrusion Detection [J]. Journal of Information Security Reserach, 2023, 9(10): 961-.
[9]	. Design and Implementation of Anomaly Detection System for Programmable Data Plane System [J]. Journal of Information Security Reserach, 2022, 8(2): 135-.
[10]	. Survey of Network Intrusion Detection Based on Deep Learning [J]. Journal of Information Security Reserach, 2022, 8(12): 1163-.
[11]	. Cloud Host Security Management Platform Construction [J]. Journal of Information Security Reserach, 2021, 7(E1): 58-.
[12]	. Topsec Industrial Intrusion Detection and Audit System [J]. Journal of Information Security Reserach, 2021, 7(E1): 67-.
[13]	. Research on Host Intrusion Fetection Method Based on System Call Behavior Similarity Clustering [J]. Journal of Information Security Reserach, 2021, 7(9): 828-835.
[14]	. Design of the standard architecture of the network security situation awareness [J]. Journal of Information Security Reserach, 2021, 7(9): 844-848.
[15]	. Design of Medical Information Security Storage System Based on Level Protection [J]. Journal of Information Security Reserach, 2021, 7(9): 879-884.