Method for generating three parts cipher key negotiation

Abstract

The invention belongs to the communication technical field, relating to the safety problem of network communication, in particular to the three party key exchange protocol, namely, 3PAKE protocol focusing on password authentication of a network structure. Basing on the CDH assumption and using the difficulty of discrete logarithm and the unilateralism of hash function, the invention includes three key steps that firstly, the certifications of the two users asking for communication are certified by the server; secondly, the certification of the server is verified by the two users asking for communication; thirdly, certifications of the two users asking for communication are mutually verified. The invention overcomes the vulnerabilities of masquerading attack for the starter, masquerading attack from the responder, the attack from the middleman and the on-line password guess attack all existed in the S-3PAKE protocol; has the capacities of resisting frequent attack, the attack from the middleman, the masquerading attack from the starter, the masquerading attack from the responder, the off-line guess attack and the replay attack; has forward security and known key security; and also has the characteristic of perfectly resisting on-line guess attack.

Description

technical field [0001] The invention belongs to the technical field of communication, relates to the security problem of network communication, and particularly relates to a three-party key exchange protocol (3PAKE protocol) based on password authentication of a "user-server-user" network structure. Background technique [0002] With the continuous development of computer network technology and the wide application of network, more and more attention has been paid to the security issues in network communication. In the field of secure communication, the key agreement protocol is one of the important cryptographic mechanisms. The key agreement protocol is a protocol for two entities to negotiate a communication key on a public network. The final result of the agreement is that both parties can confirm that only the other party can have the negotiated communication key, and other third parties cannot obtain the communication key. [0003] In 2004, Lee et al. proposed two thre...

AI Technical Summary

Problems solved by technology

In 2005, Wen et al. proposed a three-party key encryption protocol (3PAKE protocol) based on password authentication using Weil pairs, and pointed out that their protocol has provable security. However, Nam et al. found that 3PAKE The protocol is not immune to man-in-the-middle attacks

[0004] In 2006, Lu et al. proposed a method based on the CDH assumption (that is, using the intractable assumption of discrete logarithms that g x with g y , can not find g xy ) S-3PAKE protocol, the design idea of ​​this protocol is to assume that two users (user A and user B) are trying to negotiate a session key, but before the key negotiation, there is no shared information between them , so neither party in the communication can directly verify the identity of the other party, which means that neither party can directly confirm whether the identity of the other party is true. Authenticating the identity of the other party, then user A will mistakenly think that he is communicating with user B. Obviously, this communication is not safe

Therefore, we believe that the S-3PAKE protocol cannot effectively resist online password guessing attacks when the attacker itself is a legitimate user with an authentication password with the server

Images