论文部分内容阅读
It is traditionally assumed that the legal two parties in authentication key exchange (AKE) communications are both credible. However, in more and more network applications nowadays, it is often required that such protocols be run under the circumstances where ones do not trust in each other. Therefore, in this paper we propose the idea of fair authentication key exchange (FAKE), which has not only the basic properties of AKE protocols, but also some new properties: the “session proof” embedded in the input of protocols by the customer; and if not revealed, the protocols have the deniability, otherwise the transcript of protocol is binding for the identifications. Such a method is capable of solving the contradiction between protecting privacy and the dissension on network service. Then the security model of FAKE protocols is formulated systematically and a flaw of the security model of current signature schemes proposed by Kudla is also corrected. Finally, a kind of FAKE protocol based on current signature schemes is designed and the mBJM-AK security, conditional deniability and fairness of FAKE protocols are proved in the random oracle model.
It is traditionally assumed that the legal two parties in authentication key exchange (AKE) communications are both credible. However, in more and more network applications nowadays, it is often required that such protocols be run under the circumstances where ones do not trust in each other, Therefore this paper we propose the idea of fair authentication key exchange (FAKE), which has not only the basic properties of AKE protocols but also some new properties: the “session proof ” embedded in the input of protocols by the customer; and if not revealed, the protocols have the deniability, otherwise the transcript of protocol is binding for the identifications. Such a method is capable of solving the contradiction between home privacy and the dissension on network service. Then the security model of FAKE protocols is formulated systematically and a flaw of the security model of current signature schemes proposed by Kudla is also corrected. Finally, a kind of FAKE protocol ba sed on current signature schemes is designed and the mBJM-AK security, conditional deniability and fairness of FAKE protocols are proved in the random oracle model.