SM2-VBKE: Achieving Cryptographic Binding Between Verification Integrity and Key Generation
摘要
We present SM2-VBKE, the first elliptic curve key exchange protocol that cryptographically enforces verification integrity through intrinsic binding with key material generation. Addressing systemic vulnerabilities in cryptographic implementations—where verification flaws persistently undermine theoretical security guarantees—our protocol introduces three fundamental innovations: (1) mandatory elliptic curve point validation through confirmation codes derived from intermediate verification values, (2) cryptographic binding between verification integrity and session keys via the key derivation function, and (3) reusing of verification intermediates avoid introducing additional overhead. Security analysis under the eCK model demonstrates that SM2-VBKE reduces protocol security to the ECCDH assumption while providing automatic error detection through key divergence—any deviation in verification steps alters confirmation codes. Experimental evaluation shows the design adds only 1.29 ms to baseline SM2 execution while eliminating weakness to invalid curve attacks and implementation errors that plagued prior schemes. By transforming verification from an external process to an intrinsic cryptographic property, the SM2-VBKE protocol binds the verification step with key generation and can be proven to be secure against adaptive adversaries.