Pushpa Publishing House

Journal Menu

Content

Volume 42 (2025)

Volume 41 (2024)

	Volume 41, Issue 8 Pg 603 - 708 (November 2024)
	Volume 41, Issue 7 Pg 521 - 602 (October 2024)
	Volume 41, Issue 6 Pg 441 - 520 (August 2024)
	Volume 41, Issue 5 Pg 341 - 439 (July 2024)
	Volume 41, Issue 4 Pg 281 - 339 (May 2024)
	Volume 41, Issue 3 Pg 203 - 280 (April 2024)
	Volume 41, Issue 2 Pg 105 - 201 (February 2024)
	Volume 41, Issue 1 Pg 1 - 104 (January 2024)

Volume 40 (2023)

Volume 39 (2023)

Volume 38 (2023)

Volume 29 (2022)

Volume 28 (2021)

Volume 27 (2021)

Volume 26 (2021)

Volume 25 (2020)

Volume 24 (2020)

Volume 23 (2020)

Volume 22 (2019)

Volume 21 (2019)

Volume 20 (2019)

Volume 19 (2018)

Volume 18 (2017)

Volume 17 (2016)

Volume 16 (2015)

Volume 15 (2015)

Volume 14 (2014)

Volume 13 (2014)

Volume 12 (2013)

Volume 11 (2013)

Volume 10 (2012)

Volume 7 (2011)

Volume 6 (2010)

Volume 5 (2010)

Volume 4 (2009)

Volume 3 (2009)

Volume 2 (2008)

Volume 1 (2008)

Advances and Applications in Discrete Mathematics

Advances and Applications in Discrete Mathematics
Volume 41, Issue 1, Pages 1 - 26 (January 2024)
http://dx.doi.org/10.17654/0974165824001

POST-QUANTUM CRYPTOGRAPHY FOR HEALTHCARE: A NUMBER THEORY BASED TWO-FACTOR MUTUAL AUTHENTICATION AND KEY EXCHANGE PROTOCOL OVER LATTICES FOR TMIS

Sidoine Djimnaibeye, Aminata Ngom and Djiby Sow

Abstract:

The telecare medical information system (TMIS) allows patients to access health services from their homes. It is therefore necessary to preserve privacy of the patient and to secure the communications between the patient/user and the gateway/server for TMIS (Gw, briefly).

We propose a new ring learning with error (RLWE) based on two-factor authentication and key exchange protocol, post-quantum secure, for healthcare platform by using a similar protocol of Ding et al. at Cryptographers’ Track at the RSA Conference in 2017 [32]. Our protocol involves four phases: user registration phase, login phase, mutual authentication and key agreement phase, and user’s password change phase.

Gw has a long-term public key (p_s) and a private key (x_s). The user has a password pwd. The user’s personal device/smartphone (PD, briefly) has a long-term secret key x_u. This secret key x_u is encrypted by pwd and stored on PD. The PD and the Gw share a long-term password S. This shared password S is calculated by Gw from its secret and the hash of the user’s id (H₁(..., id, x_u)) Gw sends S to PD through a secure channel. At user’s side, S is encrypted (stored on PD) with pwd and the PD’s long-term secret key x_u. Note that S and id are not stored on Gw. For privacy, all the information required for user’s authentication are securely stored on PD and no information of the user is stored on Gw. pwd can be frequently changed offline (inside the PD).

Keywords and phrases:

lattices, number theory, healthcare, security, RLWE, authentication and key exchange, post quantum cryptography.

Received: January 7, 2023; Accepted: February 25, 2023; Published: December 4, 2023

How to cite this article: Sidoine Djimnaibeye, Aminata Ngom and Djiby Sow, Post-quantum cryptography for healthcare: a number theory based two-factor mutual authentication and key exchange protocol over lattices for TMIS, Advances and Applications in Discrete Mathematics 41(1) (2024), 1-26. http://dx.doi.org/10.17654/0974165824001

This Open Access Article is Licensed under Creative Commons Attribution 4.0 International License

References:
[1] M. Abdalla and M. Bellare, Increasing the lifetime of a key: a comparative analysis of the security of re-keying techniques, International Conference on the Theory and Application of Cryptology and Information Security, Springer, Berlin, Heidelberg, 2000, pp. 546-559.
[2] Victor Boyko, Philip MacKenzie and Sarvar Patel, Provably secure password-authenticated key exchange using Diffie-Hellman, International Conference on the Theory and Applications of Cryptographic Techniques, Springer, Berlin, Heidelberg, 2000, pp. 156-171.
[3] J. W. Bos, C. Costello, M. Naehrig and D. Stebila, Post-quantum key exchange for the TLS protocol from the ring learning with errors problem, 2015 IEEE Symposium on Security and Privacy, 2015, pp. 553-570.
[4] J. Zhang, Z. Zhang, J. Ding, M. Snook and Ö. Dagdelen, Authenticated key exchange from ideal lattices, Annual International Conference on the Theory and Applications of Cryptographic Techniques, Springer, Berlin, Heidelberg, 2015, pp. 719-751.
[5] S. Fluhrer, Cryptanalysis of ring-LWE Based key exchange with key share reuse, Cryptology ePrint Archive, 2016.
[6] D. Jost, U. Maurer and M. Mularczyk, Efficient ratcheting: almost-optimal guarantees for secure messaging, Annual International Conference on the Theory and Applications of Cryptographic Techniques, Springer, Cham, 2019, pp. 159-188.
[7] E. Eaton, D. Jao, C. Komlo and Y. Mokrani, Towards post-quantum key-updatable public-key encryption via supersingular isogenies, International Conference on Selected Areas in Cryptography, Springer, Cham, 2022, pp. 461 482.
[8] J. Ding, S. Fluhrer and S. Rv, Complete attack on RLWE key exchange with reused keys, without signal leakage, Australasian Conference on Information Security and Privacy, Springer, Cham, 2018, pp. 467-486.
[9] N. Bindel, D. Stebila and S. Veitch, Improved attacks against key reuse in learning with errors key exchange, International Conference on Cryptology and Information Security in Latin America, Springer, Cham, 2021, pp. 168-188.
[10] Y. Qin, C. Cheng and J. Ding, An efficient key mismatch attack on the NIST second round candidate Kyber, Cryptology ePrint Archive, 2019.
[11] S. Blake-Wilson and A. Menezes, Authenticated Diffie-Hellman key agreement protocols, International Workshop on Selected Areas in Cryptography, Springer, Berlin, Heidelberg, 1998, pp. 339-361.
[12] H. Krawczyk, HMQV: a high-performance secure Diffie-Hellman protocol, Annual International Cryptology Conference, Springer, Berlin, Heidelberg, 2005, pp. 546-566.
[13] P. W. Shor, Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer, SIAM Rev. 41(2) (1999), 303-332.
[14] O. Regev, On lattices, learning with errors, random linear codes, and cryptography, Journal of the ACM (JACM) 56(6) (2009), 1-40.
[15] D. Micciancio and O. Regev, Lattice-based cryptography, Post-quantum Cryptography, Springer, Berlin, Heidelberg, 2009, pp. 147-191.
[16] O. Regev, The learning with errors problem, Invited Survey in CCC 7(30) (2010), 11.
[17] L. Ducas and A. Durmus, Ring-LWE in polynomial rings, International Workshop on Public Key Cryptography, Springer, Berlin, Heidelberg, 2012, pp. 34-51.
[18] D. Dachman-Soled, L. Ducas, H. Gong and M. Rossi, LWE with side information: attacks and concrete security estimation, Annual International Cryptology Conference, Springer, Cham, 2020, pp. 329-358.
[19] J. Bos, C. Costello, L. Ducas, I. Mironov, M. Naehrig, V. Nikolaenko and D. Stebila, Frodo: take off the ring! practical, quantum-secure key exchange from LWE, Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, 2016, pp. 1006-1018. 10.1145/2976749.2978425.
[20] L. Huguenin-Dumittan and S. Vaudenay, Classical misuse attacks on NIST round 2 PQC, International Conference on Applied Cryptography and Network Security, Springer, Cham, 2020, pp. 208-227.
[21] D. Kirkwood, B. C. Lackey, J. McVey, M. Motley, J. A. Solinas and D. Tuller, Failure is not an option: standardization issues for post-quantum key agreement, Workshop on Cybersecurity in a Post-quantum World, 2015, p. 21.
[22] C. Băetu, F. B. Durak, L. Huguenin-Dumittan, A. Talayhan and S. Vaudenay, Misuse attacks on post-quantum cryptosystems, Annual International Conference on the Theory and Applications of Cryptographic Techniques, Springer, Cham, 2019, pp. 747-776.
[23] E. Fujisaki and T. Okamoto, Secure integration of asymmetric and symmetric encryption schemes, Annual International Cryptology Conference, Springer, Berlin, Heidelberg, 1999, pp. 537-554.
[24] D. Stehlé and R. Steinfeld, Making NTRU as secure as worst-case problems over ideal lattices, Annual International Conference on the Theory and Applications of Cryptographic Techniques, Springer, Berlin, Heidelberg, 2011, pp. 27-47.
[25] BlueKrypt Cryptographic Key Recommendation, accessed: 2021-04-07.
https://www.keylength.com.
[26] Project Crystal: NIST Post-quantum Cryptography, accessed: 2021-04-07.
https://pq-crystals.org/kyber/index.shtml.
[27] NTRU: NIST Post-quantum Cryptography, accessed: 2021-04-07.
https://ntru.org/index.shtml.
[28] Classic McEliece: NIST Post-quantum Cryptography, accessed: 2021-04-07. http://classic.mceliece.org.
[29] J. P. D’Anvers, A. Karmakar, S. Sinha Roy and F. Vercauteren, Saber: module-LWR based key exchange, CPA-secure encryption and CCA-secure KEM, International Conference on Cryptology in Africa, Springer, Cham, 2018, pp. 282-305.
[30] L. Fan, J. H. Li and H. W. Zhu, An enhancement of timestamp-based password authentication scheme, Computers and Security 21(7) (2002), 665-667.
[31] N. Radhakrishnan and M. Karuppiah, An efficient and secure remote user mutual authentication scheme using smart cards for telecare medical information systems, Informatics in Medicine Unlocked 16 (2019), 100092.
[32] J. Ding, S. Alsayigh, J. Lancrenon, S. RV and M. Snook, Provably secure password authenticated key exchange based on RLWE for the post-quantum world, Cryptographers’ Track at the RSA Conference, Springer, Cham, 2017, pp. 183-204.
[33] X. Gao, L. Li, J. Ding, J. Liu, R. V. Saraswathy and Z. Liu, Fast discretized Gaussian sampling and post-quantum TLS ciphersuite, International Conference on Information Security Practice and Experience, Springer, Cham, 2017, pp. 551-565.
[34] S. M. Bellovin and M. Merritt, Encrypted Key Exchange: Password-based Protocols Secure Against Dictionary Attacks, IEEE, 1992.
[35] M. Abdalla, F. Benhamouda and D. Pointcheval, Corrigendum: public-key encryption indistinguishable under plaintext-checkable attacks, IET Information Security 14(3) (2020), 365-366.
[36] M. Abdalla, D. Catalano, C. Chevalier and D. Pointcheval, Efficient two-party password-based key exchange protocols in the UC framework, Cryptographers’ Track at the RSA Conference, Springer, Berlin, Heidelberg, 2008, pp. 335-351.
[37] M. Bellare, D. Pointcheval and P. Rogaway, Authenticated key exchange secure against dictionary attacks, International Conference on the Theory and Applications of Cryptographic Techniques, Springer, Berlin, Heidelberg, 2000, pp. 139-155.
[38] B. Kang and J. Han, Cryptanalysis and improvement on three-party protocols for password authenticated key exchange, Proceedings of the 2010 2nd International Conference on Education Technology and Computer, China, Vol. 5, 2010, pp. 5197-5201.
[39] T. Kwon, Authentication and key agreement via memorable password, Cryptology ePrint Archive, 2000.
[40] J. Katz, R. Ostrovsky and M. Yung, Efficient password-authenticated key exchange using human-memorable passwords, International Conference on the Theory and Applications of Cryptographic Techniques, Springer, Berlin, Heidelberg, 2001, pp. 475-494.
[41] R. Canetti, S. Halevi, J. Katz, Y. Lindell and P. MacKenzie, Universally composable password-based key exchange, Annual International Conference on the Theory and Applications of Cryptographic Techniques, Springer, Berlin, Heidelberg, 2005, pp. 404-421.
[42] A. Fujioka, K. Suzuki, K. Xagawa and K. Yoneyama, Practical and post-quantum authenticated key exchange from one-way secure key encapsulation mechanism, Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security, 2013, pp. 83-94.
[43] R. Gennaro, Faster and shorter password-authenticated key exchange, Theory of Cryptography Conference, Springer, Berlin, Heidelberg, 2008, pp. 589-606.
[44] A. Groce and J. Katz, A new framework for efficient password-based authenticated key exchange, Proceedings of the 17th ACM Conference on Computer and Communications Security, 2010, pp. 516-525.
[45] O. Goldreich and Y. Lindell, Session-key generation using human passwords only, Journal of Cryptology 19(3) (2006), 241-340.
[46] M. H. Nguyen and S. Vadhan, Simpler session-key generation from short random passwords, Theory of Cryptography Conference, Springer, Berlin, Heidelberg, 2004, pp. 428-445.
[47] D. P. Jablon, Strong password-only authenticated key exchange, ACM SIGCOMM Computer Communication Review 26(5) (1996), 5-26.
[48] J. Ding, X. Xie and X. Lin, A simple provably secure key exchange scheme based on the learning with errors problem, Cryptology ePrint Archive, 2012.
[49] C. Peikert, Lattice cryptography for the Internet, International Workshop on Post-quantum Cryptography, Springer, Cham, 2014, pp. 197-219.
[50] E. Alkim, L. Ducas, T. Pöppelmann and P. Schwabe, Post-quantum key exchange - a new hope, 25th USENIX Security Symposium (USENIX Security 16), 2016, pp. 327-343.
[51] J. Ding, P. Branco and K. Schmitt, Key exchange and authenticated key exchange with reusable keys based on RLWE assumption, Cryptology ePrint Archive, 2019.