Keywords and phrases: lattices, number theory, healthcare, security, RLWE, authentication and key exchange, post quantum cryptography.
Received: January 7, 2023; Accepted: February 25, 2023; Published: December 4, 2023
How to cite this article: Sidoine Djimnaibeye, Aminata Ngom and Djiby Sow, Post-quantum cryptography for healthcare: a number theory based two-factor mutual authentication and key exchange protocol over lattices for TMIS, Advances and Applications in Discrete Mathematics 41(1) (2024), 1-26. http://dx.doi.org/10.17654/0974165824001
This Open Access Article is Licensed under Creative Commons Attribution 4.0 International License
References: [1] M. Abdalla and M. Bellare, Increasing the lifetime of a key: a comparative analysis of the security of re-keying techniques, International Conference on the Theory and Application of Cryptology and Information Security, Springer, Berlin, Heidelberg, 2000, pp. 546-559. [2] Victor Boyko, Philip MacKenzie and Sarvar Patel, Provably secure password-authenticated key exchange using Diffie-Hellman, International Conference on the Theory and Applications of Cryptographic Techniques, Springer, Berlin, Heidelberg, 2000, pp. 156-171. [3] J. W. Bos, C. Costello, M. Naehrig and D. Stebila, Post-quantum key exchange for the TLS protocol from the ring learning with errors problem, 2015 IEEE Symposium on Security and Privacy, 2015, pp. 553-570. [4] J. Zhang, Z. Zhang, J. Ding, M. Snook and Ö. Dagdelen, Authenticated key exchange from ideal lattices, Annual International Conference on the Theory and Applications of Cryptographic Techniques, Springer, Berlin, Heidelberg, 2015, pp. 719-751. [5] S. Fluhrer, Cryptanalysis of ring-LWE Based key exchange with key share reuse, Cryptology ePrint Archive, 2016. [6] D. Jost, U. Maurer and M. Mularczyk, Efficient ratcheting: almost-optimal guarantees for secure messaging, Annual International Conference on the Theory and Applications of Cryptographic Techniques, Springer, Cham, 2019, pp. 159-188. [7] E. Eaton, D. Jao, C. Komlo and Y. Mokrani, Towards post-quantum key-updatable public-key encryption via supersingular isogenies, International Conference on Selected Areas in Cryptography, Springer, Cham, 2022, pp. 461 482. [8] J. Ding, S. Fluhrer and S. Rv, Complete attack on RLWE key exchange with reused keys, without signal leakage, Australasian Conference on Information Security and Privacy, Springer, Cham, 2018, pp. 467-486. [9] N. Bindel, D. Stebila and S. Veitch, Improved attacks against key reuse in learning with errors key exchange, International Conference on Cryptology and Information Security in Latin America, Springer, Cham, 2021, pp. 168-188. [10] Y. Qin, C. Cheng and J. Ding, An efficient key mismatch attack on the NIST second round candidate Kyber, Cryptology ePrint Archive, 2019. [11] S. Blake-Wilson and A. Menezes, Authenticated Diffie-Hellman key agreement protocols, International Workshop on Selected Areas in Cryptography, Springer, Berlin, Heidelberg, 1998, pp. 339-361. [12] H. Krawczyk, HMQV: a high-performance secure Diffie-Hellman protocol, Annual International Cryptology Conference, Springer, Berlin, Heidelberg, 2005, pp. 546-566. [13] P. W. Shor, Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer, SIAM Rev. 41(2) (1999), 303-332. [14] O. Regev, On lattices, learning with errors, random linear codes, and cryptography, Journal of the ACM (JACM) 56(6) (2009), 1-40. [15] D. Micciancio and O. Regev, Lattice-based cryptography, Post-quantum Cryptography, Springer, Berlin, Heidelberg, 2009, pp. 147-191. [16] O. Regev, The learning with errors problem, Invited Survey in CCC 7(30) (2010), 11. [17] L. Ducas and A. Durmus, Ring-LWE in polynomial rings, International Workshop on Public Key Cryptography, Springer, Berlin, Heidelberg, 2012, pp. 34-51. [18] D. Dachman-Soled, L. Ducas, H. Gong and M. Rossi, LWE with side information: attacks and concrete security estimation, Annual International Cryptology Conference, Springer, Cham, 2020, pp. 329-358. [19] J. Bos, C. Costello, L. Ducas, I. Mironov, M. Naehrig, V. Nikolaenko and D. Stebila, Frodo: take off the ring! practical, quantum-secure key exchange from LWE, Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, 2016, pp. 1006-1018. 10.1145/2976749.2978425. [20] L. Huguenin-Dumittan and S. Vaudenay, Classical misuse attacks on NIST round 2 PQC, International Conference on Applied Cryptography and Network Security, Springer, Cham, 2020, pp. 208-227. [21] D. Kirkwood, B. C. Lackey, J. McVey, M. Motley, J. A. Solinas and D. Tuller, Failure is not an option: standardization issues for post-quantum key agreement, Workshop on Cybersecurity in a Post-quantum World, 2015, p. 21. [22] C. Băetu, F. B. Durak, L. Huguenin-Dumittan, A. Talayhan and S. Vaudenay, Misuse attacks on post-quantum cryptosystems, Annual International Conference on the Theory and Applications of Cryptographic Techniques, Springer, Cham, 2019, pp. 747-776. [23] E. Fujisaki and T. Okamoto, Secure integration of asymmetric and symmetric encryption schemes, Annual International Cryptology Conference, Springer, Berlin, Heidelberg, 1999, pp. 537-554. [24] D. Stehlé and R. Steinfeld, Making NTRU as secure as worst-case problems over ideal lattices, Annual International Conference on the Theory and Applications of Cryptographic Techniques, Springer, Berlin, Heidelberg, 2011, pp. 27-47. [25] BlueKrypt Cryptographic Key Recommendation, accessed: 2021-04-07. https://www.keylength.com. [26] Project Crystal: NIST Post-quantum Cryptography, accessed: 2021-04-07. https://pq-crystals.org/kyber/index.shtml. [27] NTRU: NIST Post-quantum Cryptography, accessed: 2021-04-07. https://ntru.org/index.shtml. [28] Classic McEliece: NIST Post-quantum Cryptography, accessed: 2021-04-07. http://classic.mceliece.org. [29] J. P. D’Anvers, A. Karmakar, S. Sinha Roy and F. Vercauteren, Saber: module-LWR based key exchange, CPA-secure encryption and CCA-secure KEM, International Conference on Cryptology in Africa, Springer, Cham, 2018, pp. 282-305. [30] L. Fan, J. H. Li and H. W. Zhu, An enhancement of timestamp-based password authentication scheme, Computers and Security 21(7) (2002), 665-667. [31] N. Radhakrishnan and M. Karuppiah, An efficient and secure remote user mutual authentication scheme using smart cards for telecare medical information systems, Informatics in Medicine Unlocked 16 (2019), 100092. [32] J. Ding, S. Alsayigh, J. Lancrenon, S. RV and M. Snook, Provably secure password authenticated key exchange based on RLWE for the post-quantum world, Cryptographers’ Track at the RSA Conference, Springer, Cham, 2017, pp. 183-204. [33] X. Gao, L. Li, J. Ding, J. Liu, R. V. Saraswathy and Z. Liu, Fast discretized Gaussian sampling and post-quantum TLS ciphersuite, International Conference on Information Security Practice and Experience, Springer, Cham, 2017, pp. 551-565. [34] S. M. Bellovin and M. Merritt, Encrypted Key Exchange: Password-based Protocols Secure Against Dictionary Attacks, IEEE, 1992. [35] M. Abdalla, F. Benhamouda and D. Pointcheval, Corrigendum: public-key encryption indistinguishable under plaintext-checkable attacks, IET Information Security 14(3) (2020), 365-366. [36] M. Abdalla, D. Catalano, C. Chevalier and D. Pointcheval, Efficient two-party password-based key exchange protocols in the UC framework, Cryptographers’ Track at the RSA Conference, Springer, Berlin, Heidelberg, 2008, pp. 335-351. [37] M. Bellare, D. Pointcheval and P. Rogaway, Authenticated key exchange secure against dictionary attacks, International Conference on the Theory and Applications of Cryptographic Techniques, Springer, Berlin, Heidelberg, 2000, pp. 139-155. [38] B. Kang and J. Han, Cryptanalysis and improvement on three-party protocols for password authenticated key exchange, Proceedings of the 2010 2nd International Conference on Education Technology and Computer, China, Vol. 5, 2010, pp. 5197-5201. [39] T. Kwon, Authentication and key agreement via memorable password, Cryptology ePrint Archive, 2000. [40] J. Katz, R. Ostrovsky and M. Yung, Efficient password-authenticated key exchange using human-memorable passwords, International Conference on the Theory and Applications of Cryptographic Techniques, Springer, Berlin, Heidelberg, 2001, pp. 475-494. [41] R. Canetti, S. Halevi, J. Katz, Y. Lindell and P. MacKenzie, Universally composable password-based key exchange, Annual International Conference on the Theory and Applications of Cryptographic Techniques, Springer, Berlin, Heidelberg, 2005, pp. 404-421. [42] A. Fujioka, K. Suzuki, K. Xagawa and K. Yoneyama, Practical and post-quantum authenticated key exchange from one-way secure key encapsulation mechanism, Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security, 2013, pp. 83-94. [43] R. Gennaro, Faster and shorter password-authenticated key exchange, Theory of Cryptography Conference, Springer, Berlin, Heidelberg, 2008, pp. 589-606. [44] A. Groce and J. Katz, A new framework for efficient password-based authenticated key exchange, Proceedings of the 17th ACM Conference on Computer and Communications Security, 2010, pp. 516-525. [45] O. Goldreich and Y. Lindell, Session-key generation using human passwords only, Journal of Cryptology 19(3) (2006), 241-340. [46] M. H. Nguyen and S. Vadhan, Simpler session-key generation from short random passwords, Theory of Cryptography Conference, Springer, Berlin, Heidelberg, 2004, pp. 428-445. [47] D. P. Jablon, Strong password-only authenticated key exchange, ACM SIGCOMM Computer Communication Review 26(5) (1996), 5-26. [48] J. Ding, X. Xie and X. Lin, A simple provably secure key exchange scheme based on the learning with errors problem, Cryptology ePrint Archive, 2012. [49] C. Peikert, Lattice cryptography for the Internet, International Workshop on Post-quantum Cryptography, Springer, Cham, 2014, pp. 197-219. [50] E. Alkim, L. Ducas, T. Pöppelmann and P. Schwabe, Post-quantum key exchange - a new hope, 25th USENIX Security Symposium (USENIX Security 16), 2016, pp. 327-343. [51] J. Ding, P. Branco and K. Schmitt, Key exchange and authenticated key exchange with reusable keys based on RLWE assumption, Cryptology ePrint Archive, 2019.
|