簡易檢索 / 詳目顯示

回結果列表
研究生: 周世峯
Shih-Feng Chou
論文名稱: 植基於雙線性配對運算的鑑別式金鑰協議協定
An ID-based Authenticated Tripartite Key Agreement Protocol Based on Bilinear Pairings
指導教授: 王有禮
Yue-Li Wang
口試委員: 陳恭
Kung Chen
徐俊傑
Chiun-Chieh Hsu
學位類別: 碩士
Master
系所名稱: 管理學院 - 資訊管理系
Department of Information Management
論文出版年: 2006
畢業學年度: 94
語文別: 中文
論文頁數: 58
中文關鍵詞: 認證雙線性配對身分基礎金鑰協議
外文關鍵詞: authentication, bilinear pairing, ID-based, key agreement
相關次數: 點閱:301下載:11
分享至:
查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報

    • 在密碼學上,金鑰協議(金鑰交換)是指兩個或多個成員在不安全的網際網路環境下,透過相互間訊息的交換,彼此能夠共享一個秘密的資訊。金鑰交換的觀念最早是在1976年,由Diffie和Hellman兩位學者所提出。但是,原始的方法卻無法有效抵擋中間人的攻擊,原因在於,Diffie和Hellman的方法中並無法鑑別參與通訊成員的身分。
    近年來,由於雙線性配對函數運算的特性與優點,使得該函數在密碼系統的應用上,躍升成為研究發展的主流。特別是在2000年,Joux首先提出一套僅需一次通訊量的三方式金鑰協議協定。Joux不僅破除了大家對雙線性配對函數的使用疑慮,對於金鑰協議協定的發展更是一大突破。然而,如同原始Diffie和Hellman方法中沒有驗證參與者的身分一樣,Joux的協定仍然面臨了中間人攻擊的問題。為了要防止這項缺點,Al-Riyami等人則針對身分鑑別問題加以研究,並提出了多個具有鑑別能力的三方式金鑰協議協定。
    在2003年,Liu等人則是以身分碼密碼系統為考量基礎,設計了一套能夠防止中間人攻擊的三方式金鑰協議協定(簡稱:LZC金鑰協議協定)。Liu等人聲稱此方法合乎所有的安全需求,並且在一次訊息交換後,能同時產生八把共享的交談金鑰。但是,Shim等人在2005年發表的論文中,指出LZC金鑰協議協定仍然無法有效防範未知金鑰分享的攻擊。並且發表了一套改進的金鑰協議協定(簡稱:Shim-Woo金鑰協議協定)。
    在本論文中,我們將提出一套更快速的植基於雙線性配對運算的鑑別式金鑰協議協定。我們所提出的金鑰協議協定的執行效率,不僅優於先前提出的LZC金鑰協議協定和Shim-Woo金鑰協議協定,同時亦能符合「已知金鑰安全」、「完美前推安全」、「金鑰洩露模仿安全」、「未知金鑰分享安全」以及「金鑰支配安全」…等所有的安全需求。

    The key agreement (also called key exchange), which allows two or more parties to establish a shared secret by exchanging messages over an insecure network, was first proposed by Diffie and Hellman in 1976. However, the basic Diffie-Hellman protocol does not authenticate the two communication entities in the sense that an active adversary who has control over the channel can mount a man-in-the-middle attack to agree upon two separate keys with the users without the users being aware of this.
    Recently, there have been proposed several new cryptosystems based on bilinear pairings. Especially in year 2000, Joux showed that the Weil pairing can be used for “good” by using it in a protocol to construct three-party one-round Diffie-Hellman key aggrement. This was one of the breakthroughs in key agreement protocols. However, like the basic Diffie–Hellman key agreement protocol, Joux’s protocol also suffers from the man-in-the-middle attack because it does not attempt to authenticate the communicating entities. Al-Riyami et al. lately presented several protocols to provide authenticity for tripartite key agreement.
    In 2003, Liu et al. proposed an ID-based one round authenticated tripartite key agreement protocol (LZC protocol) to resist the security flaw appeared in Joux’s protocol which creates eight session keys per one instance. They claimed that their protocol satisfies all the security attributes. But later, Shim et al. pointed out that the LZC protocol is vulnerable to an unknown key-share attack. And then proposed a new protocol to overcome the attack.
    In this thesis, we propose a new ID-based authenticated tripartite key agreement protocol based on bilinear pairings which satisfies all the required security attributes: implicit key authentication, known-key security, perfect forward secrecy, key-compromise impersonation resilience and unknown key-share resilience. Also, our protocol is more efficient than the previous LZC protocol and Shim-Woo protocol.

    中文摘要 I Abstract III 誌  謝 V 目  錄 VII 圖表索引 IX 第一章 緒論 1 第一節 研究背景 1 第二節 研究動機與目的 8 第三節 論文架構 10 第二章 文獻探討 11 第一節 Diffie-Hellman金鑰交換方法 11 第二節 雙線性配對與相關假設 14 第三節 安全需求 18 第四節 Joux金鑰協議協定 21 第五節 LZC金鑰協議協定 25 第六節 Shim-Woo金鑰協議協定 29 第三章 鑑別式金鑰協議協定 35 第一節 系統初始階段 36 第二節 鑑別式金鑰協議協定 38 第四章 安全性與效率分析 44 第一節 安全性分析 44 第二節 效率分析 48 第五章 結論 50 參考文獻 52 作者簡介 58

    [1] S.S. Al-Riyami and K. G. Paterson. “Tripartite Authenticated Key Agreement Protocols from Pairings”, In Proceedings of IMA Conference of Cryptography and Coding 2003, LNCS 2898, pp. 332-359. Also available at http://eprint.iacr.org/2002/035.

    [2] F. Bao, R. Deng, H. Zhu, “Variations of Diffie–Hellman problem”, In Proceedings of ICICS 2003, LNCS 2836, Springer-Verlag, 2003, pp. 301–312.

    [3] P.S.L.M. Barreto, H. Y. Kim and M. Scott. “Efficient Algorithms for Pairing Based Cryptosystems”, In Proceedings of Crypto 2002, LNCS 2442, Springer-Verlag, 2002, pp. 354-368. Also available at http://www.iacr.org/2002/008.

    [4] R. Barua, R. Dutta, P. Sarkar. “Extending Joux Protocol to Multi Party Key Agreement”, In Proceedings of Indocrypt 2003, LNCS 2904, Springer-Verlag, 2003, pp. 205-217. Also available at http://eprint.iacr.org/2003/062.

    [5] S. Blake-Wilson & A. Menezes, “Authenticated Diffie-Hellman key agreement protocols”, In Proceedings of the 5th Annual Workshop on Selected Areas in Cryptography (SAC'98), Kingston, Canada, 1999, pp. 339-361.

    [6] S. Blake-Wilson, D. Johason and A. Menezes. “Key Agreement Protocols and Their Security Analysis”, In Proceedings of the 6th IMA International Conference on Cryptography and Coding, LNCS 1355, Springer-Verlag, 1997, pp. 30-45.

    [7] S. Blake-Wilson, D. Johnson, A. Menezes, “Unknown key-share attacks on the station-tostation (STS) protocol”, In Proceedings of PKC 1999, LNCS 1560, Springer-Verlag, 1999, pp. 154–170.

    [8] D. Boneh. and M. Franklin. “Identity-based Encryption from the Weil pairing”, SIAM Journal of Computing, 32(3):586-615, 2003. Extended abstract in Advances in Crptology-Crypto'01, LNCS 2139, Springer-Verlag, 2001, pp.213-229.

    [9] C. Boyd and J. M. G. Nieto. “Round-optimal Contributory Conference Key Agreement”, In Proceedings of PKC 2003, LNCS 2567, Springer-Verlag, 2003, pp. 161-174.

    [10] E. Bresson and D. Catalano. “Constant Round Authenticated Group Key Agreement via Distributed Computing”, In Proceedings of PKC 2004, LNCS 2947, Springer-Verlag, 2004, pp. 115-129.

    [11] E. Bresson, O. Chevassut, A. Essiari and D. Pointcheval. “Mutual Authentication and Group Key Agreement for Low-power Mobile Devices”, Computer Communication, 27(17), pp. 1730-1737, 2004. A preliminary version appeared in Proceedings of the 5th IFIP-TC6/IEEE 2003, MWCN 2003, pp. 59-62.

    [12] E. Bresson, O. Chevassut, and D. Pointcheval. “Provably Authenticated Group Diffie-Hellman Key Exchange - The Dynamic Case”, In Proceedings of Asiacrypt 2001, LNCS 2248, Springer-Verlag, 2001, pp. 290-309,.

    [13] W. Diffie, M. Hellman. “New Directions In Cryptography”, IEEE Transaction on Information Theory, IT-22(6): 644-654, November, 1976.

    [14] R. Dutta. and R. Barua. “Overview of Key Agreement Protocols”, Cryptology ePrint Archive, Report 2005/289, Also available at http://eprint.iacr.org/2005/289.

    [15] S. Galbraith, K. Harrison and D. Soldera. “Implementing the Tate Pairing”, In Proceedings of Algorithm Number Theory Symposium - ANTS V, LNCS 2369, Springer-Verlag, 2002, pp. 324-337.

    [16] F. Hess. “Efficient Identity Based Signature Schemes Based on Pairings”, In Proceedings of SAC 2002, LNCS 2595, Springer-
    Verlag, 2002, pp. 310-324.

    [17] A. Joux. “A One Round Protocol for Tripartite Diffie-Hellman”, In Proceedings of ANTS 4, LNCS 1838, Springer-Verlag, 2000, pp. 385-394.
    [18] Y. Kim, A. Perrig, and G. Tsudik. “Communication-efficient Group Key Agreement”, In Proceedings of the 17th International Information Security Conference, IFIP SEC 2001, pp. 229-244.

    [19] Y. Kim, A. Perrig, and G. Tsudik. “Tree Based Group Key Agreement”, Cryptology ePrint Archive, Report 2002/009, Also available at http://eprint.iacr.org/2002/009.

    [20] L. Law, A. Menezes, M. Qu, J. Solinas, and S. Vanstone. “An Efficient Protocol for Authenticated Key Agreement”, Technical Report CORR 98-05, Department of C & O, University of Waterloo, 1998. Also available at http://citeseer.nj.nec.com/law98efficient.

    [21] S. Liu, F. Zhang, K. Chen, “ID-based tripartite key agreement protocol with pairing”, 2003 IEEE International Symposium on Information Theory, 2003, pp. 136–143, or available at Cryptology ePrint Archive, Report 2002/122, Also available at http://eprint.iacr.org/2002/122.

    [22] T. Matsumoto, Y. Takashima and H. Imai. “On Seeking Smart Public-key Distribution Systems”, In Transactions of the IECE of Japan 1986, E69, pp. 99-106.

    [23] A. Menezes, T. Okamoto, and S. Vanstone, “Reducing elliptic curve logarithms to logarithms in a finite field”, IEEE Transaction on Information Theory 1993, Vol.39, pp.1639-1646.
    [24] D. Nalla and K. C. Reddy. “ID-Based Tripartite Authenticated Key Agreement Protocolsfrom Pairings”, Cryptology ePrint Archive, Report 2003/004, Also available at http://eprint.iacr.org/2003/004.

    [25] D. Nalla and K. C. Reddy. “Identity Based Authenticated Group Key Agreement Protocol”, In Proceedings of Indocrypt 2002, LNCS 2551, Springer-Verlag, 2002, pp. 215-233.

    [26] D. Nalla. “ID-Based Tripartite Key Agreement with Signature”, Cryptology ePrint Archive, Report 2003/1444, Also available at http://eprint.iacr.org/2003/144.

    [27] J. Nam, S. Kim, S. Kim and D.Won. “Provably-Secure and Communication-Efficient Scheme for Dynamic Group Key Exchange”, Cryptology ePrint Archive, Report 2004/115, Also available at http://eprint.iacr.org/2004/115.

    [28] A. Shamir. “Identity-based Cryptosystems and Signature Schemes”, In Advances in Cryptology: Crypto'84, LNCS 196, Springer-Verlag 1984, pp. 47-53.

    [29] K. Shim and S. Woo. “Weakness in ID-based One Round Authenticated Tripartite Multiple-key Agreement Protocol with Pairings”, Applied Mathematics and Computation 2005, Vol. 166, pp. 523-530.

    [30] K. Shim. “Efficient ID-based Authenticated Key Agreement Protocol Based on the Weil Pairing”, In Electronic Letters 2003, Vol. 39(8), pp. 653-654.

    [31] N. P. Smart. “An Identity-based Authenticated Key Agreement Protocol Based on the Weil Pairing”, In Electronic Letters 2002, 38, pp. 630-632, Also available at http://www.iacr.org/2001/111.

    [32] D. R. Stinson, “Cryptography: Theory and Practice”, CRC Press, 1995.

    QR CODE