一种基于椭圆曲线的轻量级身份认证及密钥协商方案

无证书公钥密码体制不存在用户密钥托管问题,也不需要使用证书,可以解决传统公钥密码体制在应用过程中耗时耗资源都比较多的问题.基于素域上的椭圆曲线加法群,提出了一个无证书的身份认证及密钥协商方案,其主要包括认证协议与核心算法.该方案消除了双线性对运算,完成双向认证只需要两次通信,提高了认证和密钥产生的效率,效率比已有协议提高了至少10％;充分利用椭圆曲线上的点加运算,加快了计算速度,在不考虑网络通信耗时的情况下双向认证及产生共享密钥只需要20ms左右.同时该方案能满足已知会话密钥的通信安全、主密钥的前向保密性、抗密钥泄露后的伪装攻击等安全属性.该方案尤其适合于不活跃网络对象之间的安全通信.

Elliptic Curve Based Light-weight Authentication and Key Agreement Scheme

Certificateless public key cryptosystem has appealing features,namely it does not require the use of certificates and does not have a private key escrow problem,and it can to some extent solve the problem of time consuming and resource consuming of traditional public key cryptography.This paper proposed an elliptic curve based certificateless authentication and key agreement scheme,which includes a protocol and several core algorithms.This scheme can finish two party authentications in double communication without bilinear pairing computing,and greatly increase the efficiency of authentication by 30% compared with the formal protocols.The scheme makes the most of point addition of elliptic curve,increasing the computing speed,and it can complete the authentication and generate the shared key in 20ms without considering the network communication time consuming.The scheme also satisfies communication safety under the exposure of shared key,master key forward secrecy,perfect forward secrecy and key compromise impersonation resilience.The scheme is more suitable for the restricted computing resource of the communication environment,such as wireless sensors,Ad hoc networks,and so on.