Journal of Frontiers of Computer Science and Technology ›› 2019, Vol. 13 ›› Issue (4): 629-638.DOI: 10.3778/j.issn.1673-9418.1801035

Previous Articles     Next Articles

Key Encapsulation Mechanism from Lattice in Standard Model

ZHAO Zongqu, FAN Tao, PENG Tingting, YE Qing, QIN Panke+   

  1. College of Computer Science and Technology, Henan Polytechnic University, Jiaozuo, Henan 454150, China
  • Online:2019-04-01 Published:2019-04-10

标准模型下格上的密钥封装机制

赵宗渠,范  涛,彭婷婷,叶  青,秦攀科+   

  1. 河南理工大学 计算机科学与技术学院,河南 焦作 454150

Abstract: Key encapsulation mechanisms (KEM) make both sides of the session can safely share a random session key. It is one of the effective solutions for key distribution and key management problems in large-scale networks, which can copy with the problem of space constraints when using public key to encrypt plaintext. This paper constructs a secure and efficient key encapsulation mechanism in the standard model from lattice by combining new trapdoor function and dual-LWE (learning with errors) algorithm organically, and involves the identity information of the participant to guarantee the confidentiality and authentication. The mechanism can resist the existing known quantum algorithm attacks. At the same time, ciphertext compression technology is used to improve transmission efficiency in the analysis results. The security of the proposed mechanism is proven to chosen-ciphertext security and strictly reduced to the hardness of decisional LWE problem in the standard model. The new mechanism is suitable for various types of authenticated key exchange protocols based on lattice cryptography.

Key words: lattice, key encapsulation mechanism (KEM), confidentiality, authentication, standard model

摘要: 密钥封装机制(key encapsulation mechanism,KEM)使得会话双方能够安全地共享一个随机的会话密钥,改善了使用公钥加密明文时空间受限的问题,是大规模网络中密钥分发和密钥管理问题的有效解决方案之一。提出一种标准模型下安全高效的格上的密钥封装机制,将陷门函数与带误差学习问题(learning with errors,LWE)算法相结合,并引入参与者的身份信息,保证密钥封装机制的机密性和可认证性,可抵抗现有已知量子算法攻击。采用密文压缩技术,对封装后的密文元素进行压缩,分析结果表明,能够有效提高传输效率。在标准模型下,该机制安全性归约至判定性LWE的难解性,并包含严格的安全性证明。其安全性为可证明的选择密文安全,适用于多种类型基于格的密钥交换协议方案。

关键词: 格, 密钥封装机制(KEM), 机密性, 可认证性, 标准模型