Cybertwin中的格上生物特征认证密钥交换协议

针对基于Cybertwin的网络架构中通信双方存在信道安全以及隐私保护的问题，提出新的格上认证密钥交换协议。使用生物特征认证技术实现Cytertwin服务下的用户实名制登录和强身份认证需求，保证Cybertwin服务对用户网络行为的审计和追踪。通过引入通信方身份信息构造格上抗碰撞哈希函数，使身份信息在公共信道传输过程中能够应对量子威胁，同时满足用户匿名性和不可追踪性。最后基于RLWE问题设计了新的和解机制，通过两轮交互共享安全会话密钥。协议在BPR模型下满足理论可证明安全，具有抗量子攻击、抗临时秘密值泄露攻击、抗生物特征猜测攻击等安全特性。仿真实验表明该协议计算和通信开销适用于Cybertwin服务下数量庞大的终端互连需求。

Biometric authentication key exchange protocol from lattice on Cybertwin network

Aiming at the channel security and privacy protection problems of the communication parties in the Cybertwin-based network architecture, this paper proposed a new authentication key exchange protocol from lattice, which used biometric authentication technology to realize the user real-name login and strong identity authentication requirements, to ensure the auditable and traceable of the user''s network behavior under the Cybertwin service. The novel protocol utilized the identity information of the communicating party to construct an anti-collision hash function from lattice, the hash function could deal with quantum threats in the process of public channel transmission, and satisfy the user''s anonymity and untraceable. Designing a new reconciliation mechanism based on the RLWE problem to share the secure session key through two rounds of interaction. The protocol satisfies the theoretical provably security in BPR model, and has security features such as resistance of quantum attack, resistance of ephemeral secret leakage attack, and resistance of biometric leak attack. Experiments prove that the calculation costs and communication costs of the protocol are suitable for a large number of terminal interconnection requirements under Cybertwin service.