現今為維護公開通訊的安全,我們依然倚靠著許多以經典數學難題(如整數分解與離散對數問題)為安全假設的公開金鑰基礎架構。然而,在Shor演算法被提出之後,上述兩難題可被量子電腦在多項式時間內破解,因而對現有公鑰基礎架構產生重大衝擊。在後量子的時代,我們需要發展能抵抗量子電腦攻擊的公鑰加密法系統。這篇論文提出了一個綜合安全性與效能考量的晶格密鑰交換協定,提供使用者能匿名的以密碼與伺服器之間建構起一個安全的公開通訊管道,並在允許密鑰重複使用的同時承受已被揭露的訊息洩漏攻擊。經由正式的安全證明,所提出的協定適用於維護行動網路的即時安全。
Nowadays, to maintain the security of public communication, people still rely on public key infrastructures based on classical mathematical hard problems (e.g., integer decomposition and discrete logarithm problems) as security assumptions. However, with the introduction of the Shor's algorithm, these two problems can be compromised by quantum computers in polynomial time, which bring out a strong impact on existing public key infrastructures. In the post-quantum era, we need to develop new public key cryptography systems that are resistant to quantum attacks. This thesis proposes a lattice-based key exchange protocol that combines security and performance considerations, and provides a secure public communication channel between users and servers anonymously just with a simple password string, while allowing key reuse and withstanding known information leakage attacks. The formal security proofs and analysis present that the proposed protocol is practical on real-time security of mobile networks.