论文部分内容阅读
Certificateless authenticated key agreement(CL-AKA) protocols have been studied a great deal since they neither suffer from a heavy certificate management burden nor have the key escrow problem. Recently, many efficient CL-AKA protocols without pairings have been built. However, these pairing-free CL-AKA protocols are either not proved in any formal security model or proved under the gap Diffie-Hellman(GDH)assumption, a non-standard and strong assumption. With available implementation technologies, pairings are needed to realize the GDH assumption, which means that these pairing-free CL-AKA protocols are not pure pairing-free. Furthermore, these protocols are insecure in the strengthened e CK(se CK) model, which encompasses the e CK model and considers leakages on intermediate results. In this paper, we present a pure pairing-free CL-AKA protocol, which is provably secure in the se CK model under the standard computational Diffie-Hellman(CDH) assumption. Compared with the existing CL-AKA protocols, the proposed protocol has advantage over them in security or efficiency.
Many, validators of the key certificate escrow problem have been studied. However, these, many of them suffer from a heavy certificate management burden nor have the key escrow problem. Recently, many efficient CL-AKA protocols without pairings have been built. However, these pairing-free CL-AKA protocols are either not proven in any formal security model or proved under the gap Diffie-Hellman (GDH) assumption, a non-standard and strong assumption. With available technologies, pairings are needed to realize the GDH assumption , these means that these pairing-free CL-AKA protocols are not pure pairing-free. Furthermore, these protocols are insecure in the strengthened e CK (se CK) model, which encompasses the e CK model and issues leakages on intermediate results. In This paper, we present a pure pairing-free CL-AKA protocol, which is provably secure in the se CK model under the standard computational Diffie-Hellman (CDH) assumption. Compared with the existing CL-A KA protocols, the proposed protocol has advantage over them in security or efficiency.