在本論文中,我們設計了兩個具有確認身份的金鑰交換方法,並且利用橢圓曲線密碼學來產生使用者的金鑰。傳統的Diffie-Hellman鑰匙交換方法並無提供通訊雙方身份的驗證,因此,Seo和Sweneey在1999年提出了共享密碼的概念來驗證通訊雙方的身份,並利用冪次方運算產生通訊鑰匙。另外,Joux在2000年利用Wail Pairing的特性提出了三方的Diffie-Hellman金鑰交換協定,在Joux的協定中每個人只需廣播一次公開的訊息就可協議出一把共同的通訊鑰匙,但無法提供使用者的身份驗證,在2003年Kyungah Shim年為了解決Joux協定的問題提出了具有身份驗證的三方金鑰交換協定,Kyungah的協定主要的概念是利用憑證來作身份的驗證,並將Wair Pairing運用在冪次方的運算。 在我們的方法中,第一個方法是先利用共享密碼產生認證訊息,雙方再互相驗證訊息來確認通訊雙方的身份、第二個方法則是藉由憑證來確認通訊者的身份、加強金鑰交換協定的安全度,在提出的兩個方法都加入了時戳限制認證訊息的有效時間並且透過橢圓曲線來加快運算速度,此外,在計算量方面第一個方法只需Seo-Sweeny協定的四分之一,第二個方法則維持與Kyungah Shim協定相同的安全度下,減少通訊鑰匙的計算量。最後,我們在論文中會討論這兩種協定的安全性質,並對常見的攻擊作分析。 In this thesis, we proposed two authenticated key agreement protocols on Elliptic Curve Cryptography. The basic Diffie-Hellman protocol doesn’t authenticate the communicating entities and is vulnerable to the man-in-the-middle attack. To provide authenticity to key agreement protocols, we respectively use shared-password in our first protocol and certificates to our second protocol. Besides, we applied the elliptic curve cryptography for the generation of keys to improve the efficiency. In the first protocol, the authenticated message is generated with the shared-password and the receiver can verify it with his shared-password to ascertain the sender’s identify. The second protocol is one round tripartite authenticated key agreement protocol on the public key infrastructure. Each entity in the second protocol must send a message including his own signature to demonstrate that he is the owner of the certificate. To avoid an adversary intercepting the signature and resending it to others, signature of the sender includes his ephemeral public key and a short-lived timestamp. Besides, we provide the security analysis about our protocols.
