免憑證公鑰密碼學(Certificateless public-key cryptography)已經克服了傳統公鑰密碼學的憑證使用及以身份為基礎公鑰密碼學(ID-based public-key cryptography)的金鑰託管問題。免憑證可認證式金鑰交換(Certificateless authenticated key exchange,以下簡稱CLAKE)協定是免憑證公鑰密碼學的一個重要基礎,它可以讓兩個參與者建立一把會話金鑰(session key)並互相認證。而目前現有的公鑰密碼學都會遭遇到一種新型的攻擊,即旁路攻擊(side-channel attacks)。幸運的是,具有洩漏存活特性之密碼學是一個能夠有效抵擋旁路攻擊的方法。到目前為止,已經有許多具有洩漏存活特性的密碼機制或協定被提出,而且同時保留了他們的原始功能。最近,兩種具有洩漏存活特性的免憑證公鑰密碼機制被提出,即洩漏存活免憑證簽章(leakage-resilient certificateless signature,簡稱LR-CLS)和加密(leakage-resilient certificateless encryption,簡稱LR-CLE)。然而,洩漏存活免憑證可認證式金鑰交換協定(即LR-CLAKE)的設計仍未被提出。在本論文中,藉著擴展著名的extended-Canetti–Krawczyk(eCK)模型,我們首先定義了一個新型的攻擊者模型,稱為連續洩漏存活(continual-leakage-resilient eCK,簡稱CLReCK)模型;同時,提出第一個可抵擋旁路攻擊的LR-CLAKE協定,以填補洩漏存活免憑證公鑰密碼學中的空缺。最後,藉著使用generic bilinear group(GBG)模式進行安全性分析,證明所提出的協定在CLReCK模型下是安全的。
Certificateless public-key cryptography has conquered both the certificate management problem in the traditional public-key cryptography and the key escrow problem in the ID-based public-key cryptography. Certificateless authenticated key exchange (CLAKE) protocol is an important primitive of the certificateless public-key cryptography. A CLAKE protocol is employed to provide both mutual authentication and establishing a session key between two participators. Indeed, all conventional public-key cryptographies have encountered a new kind of attack, named “side-channel attacks”. Fortunately, leakage-resilient cryptography is a flexible approach to withstand such attacks. Numerous leakage-resilient cryptographic mechanisms withstanding side-channel attacks have been proposed while remaining the original functionalities of these cryptographic mechanisms. Very recently, two primitive schemes of the leakage-resilient certificateless public-key cryptography, namely, several leakage-resilient certificateless signature (LR-CLS) or encryption (LR-CLE) schemes were proposed. However, the design of leakage-resilient CLAKE (LR-CLAKE) protocols is not studied. In the thesis, by extending the well-known extended-Canetti–Krawczyk (eCK) model, we present the security notions of LR-CLAKE protocols, called continual-leakage-resilient eCK (CLReCK) model. The first LR-CLAKE protocol withstanding side-channel attacks is proposed. By employing the proof technique of the generic bilinear group (GBG) model, we formally prove the security of our protocol in the CLReCK model.