不知道如何实现基于椭圆曲线Diffie-Hellman密钥协议的轻量级AKE协议

I don't know how to realize a lightweight AKE protocol based on the Elliptic curve Diffie-Hellman key agreement

我想设计一个轻量级的AKE协议,其功能是将数据传输到计算能力更高的计算机来自另一台计算机。

这里,我已经把两台电脑用IEEE 802.15.6.连接起来了 一台计算机作为客户端发送消息,另一台计算机作为服务器接收消息。两台机器根据Elliptic Curves Cryptography.

改变数据

**server_ip**是Bob的地址。 server.py 表示 Alice 向 Bob 发送消息: Client.py:

import errno
import socket
import time
import random
import hmac



from collections import OrderedDict

from ecc.Key import Key
from hashlib import sha256
from ecc.elliptic import mul,add,neg


DOMAINS = {
    # Bits : (p, order of E(GF(P)), parameter b, base point x, base point y)

    256: (0xffffffff00000001000000000000000000000000ffffffffffffffffffffffff,
          0xffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551,
          0x5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b,
          0x6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296,
          0x4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5)
}

if __name__== '__main__':

    global Ra,Tb,p,n,b,x,y,c_p,c_q,c_n,M1,M2,M3,Ka,macb
    server_ip = "192.168.0.114"
    server_port = 9003

    # initialization
    p, n, b, x, y = DOMAINS[256]
    c_p = 3
    c_n = p
    c_q = p - b
    idA='00000001'
    idB='00000002'
    token=0


    # TCP connection to responder B
    sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    sock.setblocking(1)  
    print('begin connection')
    sock.connect((server_ip, server_port))

    try:
        while (token==0):
            print('connection up')
            print ('connected')
            # 1. A side: send M1=(B,A,Na,PKax,PKay) to B
            #1.1) generate my (A) keypair PKa SKa
            keypair = Key.generate(256)
            PKax = keypair._pub[1][0]
            PKay = keypair._pub[1][1]
            PKa = (PKax,PKay)
            SKa = keypair._priv[1]
            #1.2) generate my (A) nonce Na
            Na=random.randint(000000,999999)
            # 1.3) A->B: M1=(B,A,Na,PKax,PKay)
            M1=idA+','+idB+','+str(Na)+','+str(PKax)+','+str(PKay)
            sock.send(M1.encode())

            # 3. A side: 1)receive M2, 2)compute Ka, 3)compute maca,macb_check 4)send M3
            # 3.1) receive M2 from B, M2=(A,B,Nb,PKbx,PKby)
            M2 = sock.recv(1024).decode()
            Nb = M2.split(',')[2]
            PKbx = M2.split(',')[3]
            PKby = M2.split(',')[4]
            PKb = (int(PKbx),int(PKby))
            # 3.2) compute Ka
            Ka=mul(c_p,c_q,c_n,PKb,SKa)          
            # 3.3) compute maca,macb_check
            hmac_stringa=idB+idA+Nb+str(Na)
            newhash=hmac.new(str(Ka[0]).encode(),''.encode(),sha256)
            newhash.update(hmac_stringa.encode())
            maca=newhash.hexdigest()
            hmac_stringb=idA+idB+str(Na)+Nb
            newhash=hmac.new(str(Ka[0]).encode(),''.encode(),sha256)
            newhash.update(hmac_stringb.encode())
            macb_check=newhash.hexdigest()
            # 3.4) A->B: M3=(maca)
            M3=maca
            sock.send(M3.encode())

            # 5. A side: 1)receive M4, 2)verify macb
            M4 = sock.recv(1024).decode()
            macb=M4
            if str(macb_check)==macb:
                print('macb is valid')
                print ('the shared secret is', Ka)
            else:
                print('macb is invalid, protocol fails')
            token=1

    except KeyboardInterrupt:
        sock.close()
        print("KeyboardInterrupt")
    #sys.exit(0)

HOST是Alice的地址。 server.py 表示 Bob 向 Alice 发送重发消息:

#import serial
import socket
import time
import random
import hmac

from collections import OrderedDict
from ecc.Key import Key
from hashlib import sha256
from ecc.elliptic import mul,add,neg
from ecc.curves import get_curve


DOMAINS = {
    # Bits : (p, order of E(GF(P)), parameter b, base point x, base point y)
    256: (0xffffffff00000001000000000000000000000000ffffffffffffffffffffffff,
          0xffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551,
          0x5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b,
          0x6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296,
          0x4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5)
}

if __name__ == '__main__':

    global Ta,Rb,p,n,b,x,y,c_p,c_q,c_n,M1,M2,M3,Kb

    HOST = '192.168.0.114'
    PORT = 9003

    # initialization
    p, n, b, x, y=DOMAINS[256]
    c_p=3
    c_n=p
    c_q=p-b
    idA='00000001'
    idB='00000002'
    token=0

    print('Begin')

    #TCP link
    sock = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
    sock.bind((HOST,PORT))

    print('Listen to the connection from client...')
    sock.listen(5)
    try:
        while (token==0):
            connection, address = sock.accept()
            print('Connected. Got connection from ', address)

            # 2. B side: 1)receive M1 from A, 2)generate my keypair 3)generate Nb 4) send M2
            # 2.1) receive M1=(B,A,Na,PKax,PKay) from B
            M1=connection.recv(1024).decode()
            Na=M1.split(',')[2]
            PKax=M1.split(',')[3]
            PKay=M1.split(',')[4]
            PKa=(int(PKax),int(PKay))
            # 2.2) generate my keypair 
            keypair = Key.generate(256)
            PKbx = keypair._pub[1][0]
            PKby = keypair._pub[1][1]
            SKb = keypair._priv[1]
            # 2.3) genearate my nonce Nb
            Nb=random.randint(000000,999999)
            # 2.4) B->A: M2=(A,B,Nb,PKbx,PKby)
            M2=idA+','+idB+','+str(Nb)+','+str(PKbx)+','+str(PKby)
            connection.send(M2.encode())


            # 4. B side: 1) receive M3 from A 2) compute Kb 3) compute maca_check, macb 4)verfiy maca 5)send M4
            # 4.1) receive M3=maca from A
            M3=connection.recv(1024).decode()
            maca=M3
            # 4.2) compute Kb
            Kb=mul(c_p,c_q,c_n,PKa,SKb)
            # 4.3) compute maca_check, macb
            hmac_stringa=idB+idA+str(Nb)+Na
            newhash=hmac.new(str(Kb[0]).encode(),''.encode(),sha256)
            newhash.update(hmac_stringa.encode())
            maca_check=newhash.hexdigest()
            hmac_stringb=idA+idB+Na+str(Nb)
            newhash=hmac.new(str(Kb[0]).encode(),''.encode(),sha256)
            newhash.update(hmac_stringb.encode())
            macb=newhash.hexdigest()        
            # 4.4) verify maca           
            if maca_check==maca:
                # 4.5) send M4
                M4=macb
                connection.send(M4.encode())
                print('maca is valid')
                print('the shared secrety is', Kb)
            else:
                print('maca is invalid, protocol fails')
            token=1

    except KeyboardInterrupt:
        print('>>>quit')
    #sys.exit(0)

这是额外的库 ecc.Keyecc.elliptic: enter link description here

而我想实现如下图:

让受限设备预先计算一些值。

其实我不太明白如何根据有限的设备预先计算出这些值。我不知道如何解决这个问题?任何人都可以给我一些想法吗?谢谢!

您显然可以预先计算密钥对 - 实际上,如果双方都经过身份验证,您必须预先计算密钥对并建立对另一方 public 密钥的信任。

R_A 可以使用您的安全随机数生成器提前生成。 U_A 可以使用 ECC 点加法预先计算,因为 R_A 和密钥 SK_A 都被 A(虱子)知道。

可能您可以将 K_1 计算重新表述为 K_1 = T_B * R_A - PK_B * R_A,尽管您d 仍然剩下具有相同复杂度的乘法和点减法,所以我认为这没有多大意义。