广义椭圆曲线数字签名链口令认证方案

一次性口令是身份认证的重要技术。文章构造了一个基于椭圆曲线数字签名链的一次性口令认证和密钥协商方案。该方案使用了具有消息恢复功能、无须求逆的椭圆曲线数字签名算法,椭圆曲线认证密钥协商协议,密钥进化算法和椭圆曲线数字签名链等。方案有以下优点:服务器无需维护口令和验证列表;允许用户自主选择和更改口令,实现了双向认证;无需系统时钟同步和传输时延限制;能够抵抗重放攻击、离线字典攻击、中间人攻击和内部人攻击;具备口令错误敏感性和强安全修复性;生成的会话密钥具有新鲜性、机密性、已知密钥安全性和前向安全性。经对比,该方案具有更好的安全性能,适合强安全性需求的场合。

Password Authentication Scheme of Generalized Elliptic Curve Digital Signature Chain

one time password is an important technology of the user authentication. In this paper, we develop a novel el- liptic curve digital signature chain based on one time password authentication and key agreement scheme （EAKAS）. The scheme uses many mechanisms such as elliptic curve digital signature algorithm that can recover message and has no inversion, elliptic curve based on authenticated key agreement protocol, key evolutionary algorithm, and elliptic curve digital signature chain, etc. The scheme has the following merits：there is no need for any password or verification table＂ in the server;users can choose or change password freely and achieves mutual authentication; it has no system clock synchronization and no transmission delay constraint;it can resist replay attacks, man-in-the-middle attack, off-line dic- tionary attack and insider attack; it has the feature of password error sensitivity and strong security restoration; the ses- sion keys in proposed scheme have the feature of freshness, confidentiality, known key security and forward security. By comparison, the scheme has better security and is well suited to occasion which requires strong security.