Cryptanalysis of Lee–Hwang–Li's key authentication scheme
Introduction
The public key cryptography was introduced by Diffie and Hellman in 1976 [1], in such cryptosystem, each user has two keys: a public key and a private key. There is a possible danger event in public key cryptosystem: an intruder can revise the public key from the public key directory and substitute the public key of a target user. In this way, the intruder can impersonate the public key of this target user and, hence, raise a security threat of fabrication. The purpose of key authentication is to verify the public key of a legal user and prevent a forged public key. Therefore, key authentication is very important in secret communications and data security.
Many key authentication schemes have been proposed. In 1996, Horng and Yang [2] proposed a key authentication scheme based on the discrete logarithm problem, but three years later, Zhan et al. [3] pointed out that Horng–Yang's scheme could not prevent from the guessing attack [4] and gave an improved scheme. In [5], Lee, Hwang and Li showed that Zhan et al.'s improved scheme did not achieve non-repudiation of user's public key (i.e., a dishonest legal user can deny his public key), and proposed a new public key authentication scheme for cryptosystems with a trusty server. Their scheme is based on discrete logarithm too, and in their scheme, the certificate of the public key is a combination of user's password and private key. The authors declared that their scheme was secure for the others public key authentication. However, in this paper, we shall show that Lee–Hwang–Li's key authentication scheme is not secure, from the obtained public information, any one can get the private key of the user. And then, we propose an improved scheme. Through our analysis, our new key authentication scheme not only resolves the problems appeared but also is secure.
The organization of this paper is as follows: In Section 2 we describe Lee–Hwang–Li's key authentication scheme, and in Section 3, we propose an attack on this scheme. We propose a new key authentication scheme in Section 4, in Section 5 we give an analysis of our new scheme. We make a concluding remark in the final section.
Section snippets
Lee–Hwang–Li's key authentication scheme
First of all, we review Lee–Hwang–Li's key authentication scheme in brief using the same notation as [5].
The user of the system has Prv as his/her private key and PWD as his/her password. Let Pub of the user's public key bewhere p is a large prime, g is a generator in . The p, g and one-way function are public parameters.
In the user's registration phase, each user chooses a random number such that gcd((PWD+r),Prv)=1, and then calculates f(PWD+r). When gcd((PWD
An attack on Lee–Hwang–Li scheme
In this section, we propose an attack on Lee–Hwang–Li's key authentication scheme. By our attack, any one can recover the private key of any user in their system. The details of our attack are described as follows:
For any one, say Alice, can obtain some public information C, Pub, a, b and f(PWD+r) of any user from the public directory in the network and public password table in the server. We know thatSo we havei.e.,
Improved scheme
In this section, we propose an improved key authentication scheme.
The system parameters of our key authentication scheme are as follows: Let p and q be prime numbers such that q|p−1, g is a generator with order q in . The one-way function f is defined by . The user of the system has Prv as his/her private key and PWD as his/her password. Let Pub of the user's public key beIn the user's registration phase, the certificate of the public key of the user is generated by
Analysis of the new scheme
Our scheme provides verification of a user's public key. Preventing the impersonation of a public key is managed through the difficulty of discrete logarithm problem. If an intruder attempts to forge a user's public key, suppose that he/she wants to substitute a false key Pubfalse for a user's public key, then the false certificate Cfalse should satisfy the key authentication equation:To find Cfalse, the intruder has to compute
Conclusion
In this paper, we have shown that Lee–Hwang–Li's key authentication scheme is not secure, from the obtained public information, any one can get the private key of the user. And then, we proposed an improved scheme, also we gave a ECC version of our new scheme. We conclude that our new key authentication scheme not only withstands the guessing attack but also achieves non-repudiation of the user's public key.
References (7)
- et al.
Key authentication scheme for cryptosystems based on discrete logarithms
Computer Communications
(1996) - et al.
On the security of HY-key authentication scheme
Computer Communications
(1999) - et al.
A new key authentication scheme based on discrete logarithms
Applied Mathematics and Computation
(2003)
Cited by (9)
A new key authentication scheme for cryptosystems based on discrete logarithms
2005, Applied Mathematics and ComputationComment: Cryptanalysis of Lee-Hwang-Li's key authentication scheme
2005, Applied Mathematics and ComputationA secure key authentication scheme based on the hardness of solving elliptic curve discrete logarithm problem
2020, Journal of Computer ScienceA secure key authentication scheme for cryptosystems based on GDLP and IFP
2017, Soft ComputingCryptanalysis of a key authentication scheme based on the chinese remainder theorem and discrete logarithms
2017, Advances in Intelligent Systems and Computing