With the recent advances in quantum computing,the key agreement algorithm based on traditional cryptography theory,which is applied to the Internet of Things(IoT)scenario,will no longer be secure due to the possibilit...With the recent advances in quantum computing,the key agreement algorithm based on traditional cryptography theory,which is applied to the Internet of Things(IoT)scenario,will no longer be secure due to the possibility of information leakage.In this paper,we propose a anti-quantum dynamic authenticated group key agreement scheme(AQDA-GKA)according to the ring-learning with errors(RLWE)problem,which is suitable for IoT environments.First,the proposed AQDA-GKA scheme can implement a group key agreement against quantum computing attacks by leveraging an RLWE-based key agreement mechanism.Second,this scheme can achieve dynamic node management,ensuring that any node can freely join or exit the current group.Third,we formally prove that the proposed scheme can resist quantum computing attacks as well as collusion attacks.Finally,the performance and security analysis reveals that the proposed AQDA-GKA scheme is secure and effective.展开更多
Security analysis of public-key cryptosystems is of fundamental significance for both theoretical research and applications in cryptography.In particular,the security of widely used public-key cryptosystems merits dee...Security analysis of public-key cryptosystems is of fundamental significance for both theoretical research and applications in cryptography.In particular,the security of widely used public-key cryptosystems merits deep research to protect against new types of attacks.It is therefore highly meaningful to research cryptanalysis in the quantum computing environment.Shor proposed a wellknown factoring algorithm by finding the prime factors of a number n=pq,which is exponentially faster than the best known classical algorithm.The idea behind Shor's quantum factoring algorithm is a straightforward programming consequence of the following proposition:to factor n,it suffices to find the order r;once such an r is found,one can compute gcd(a^(r/2)±1,n)=p or q.For odd values of r it is assumed that the factors of n cannot be found(since a^(r/2)is not generally an integer).That is,the order r must be even.This restriction can be removed,however,by working from another angle.Based on the quantum inverse Fourier transform and phase estimation,this paper presents a new polynomial-time quantum algorithm for breaking RSA,without explicitly factoring the modulus n.The probability of success of the new algorithm is greater than 4φ(r)/π~2 r,exceeding that of the existing quantum algorithm forattacking RSA based on factorization.In constrast to the existing quantum algorithm for attacking RSA,the order r of the fixed point C for RSA does not need to be even.It changed the practices that cryptanalysts try to recover the private-key,directly from recovering the plaintext M to start,a ciphertext-only attack attacking RSA is proposed.展开更多
基金Supported by the National Engineering Research Center of Classified Protection and Safeguard Technology for Cybersecurity(No.C23640-XD-07)the Open Foundation of Key Laboratory of Cyberspace Security of Ministry of Education of China and Henan Key Laboratory of Network Cryptography(No.KLCS20240301)。
文摘With the recent advances in quantum computing,the key agreement algorithm based on traditional cryptography theory,which is applied to the Internet of Things(IoT)scenario,will no longer be secure due to the possibility of information leakage.In this paper,we propose a anti-quantum dynamic authenticated group key agreement scheme(AQDA-GKA)according to the ring-learning with errors(RLWE)problem,which is suitable for IoT environments.First,the proposed AQDA-GKA scheme can implement a group key agreement against quantum computing attacks by leveraging an RLWE-based key agreement mechanism.Second,this scheme can achieve dynamic node management,ensuring that any node can freely join or exit the current group.Third,we formally prove that the proposed scheme can resist quantum computing attacks as well as collusion attacks.Finally,the performance and security analysis reveals that the proposed AQDA-GKA scheme is secure and effective.
基金partially supported by he State Key Program of National Natural Science of China No.61332019Major State Basic Research Development Program of China(973 Program)No.2014CB340601+1 种基金the National Science Foundation of China No.61202386,61402339the National Cryptography Development Fund No.MMJJ201701304
文摘Security analysis of public-key cryptosystems is of fundamental significance for both theoretical research and applications in cryptography.In particular,the security of widely used public-key cryptosystems merits deep research to protect against new types of attacks.It is therefore highly meaningful to research cryptanalysis in the quantum computing environment.Shor proposed a wellknown factoring algorithm by finding the prime factors of a number n=pq,which is exponentially faster than the best known classical algorithm.The idea behind Shor's quantum factoring algorithm is a straightforward programming consequence of the following proposition:to factor n,it suffices to find the order r;once such an r is found,one can compute gcd(a^(r/2)±1,n)=p or q.For odd values of r it is assumed that the factors of n cannot be found(since a^(r/2)is not generally an integer).That is,the order r must be even.This restriction can be removed,however,by working from another angle.Based on the quantum inverse Fourier transform and phase estimation,this paper presents a new polynomial-time quantum algorithm for breaking RSA,without explicitly factoring the modulus n.The probability of success of the new algorithm is greater than 4φ(r)/π~2 r,exceeding that of the existing quantum algorithm forattacking RSA based on factorization.In constrast to the existing quantum algorithm for attacking RSA,the order r of the fixed point C for RSA does not need to be even.It changed the practices that cryptanalysts try to recover the private-key,directly from recovering the plaintext M to start,a ciphertext-only attack attacking RSA is proposed.
