We present SM2-VBKE, the first elliptic curve key exchange protocol that cryptographically enforces verification integrity through intrinsic binding with key material generation. Addressing systemic vulnerabilities in cryptographic implementations—where verification flaws persistently undermine theoretical security guarantees—our protocol introduces three fundamental innovations: (1) mandatory elliptic curve point validation through confirmation codes derived from intermediate verification values, (2) cryptographic binding between verification integrity and session keys via the key derivation function, and (3) reusing of verification intermediates avoid introducing additional overhead. Security analysis under the eCK model demonstrates that SM2-VBKE reduces protocol security to the ECCDH assumption while providing automatic error detection through key divergence—any deviation in verification steps alters confirmation codes. Experimental evaluation shows the design adds only 1.29 ms to baseline SM2 execution while eliminating weakness to invalid curve attacks and implementation errors that plagued prior schemes. By transforming verification from an external process to an intrinsic cryptographic property, the SM2-VBKE protocol binds the verification step with key generation and can be proven to be secure against adaptive adversaries.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

SM2-VBKE: Achieving Cryptographic Binding Between Verification Integrity and Key Generation

  • Runze Zhao,
  • Siqi Lu,
  • Yongjuan Wang,
  • Liujia Cai,
  • Wenyi Chen,
  • Fenghua Jiang

摘要

We present SM2-VBKE, the first elliptic curve key exchange protocol that cryptographically enforces verification integrity through intrinsic binding with key material generation. Addressing systemic vulnerabilities in cryptographic implementations—where verification flaws persistently undermine theoretical security guarantees—our protocol introduces three fundamental innovations: (1) mandatory elliptic curve point validation through confirmation codes derived from intermediate verification values, (2) cryptographic binding between verification integrity and session keys via the key derivation function, and (3) reusing of verification intermediates avoid introducing additional overhead. Security analysis under the eCK model demonstrates that SM2-VBKE reduces protocol security to the ECCDH assumption while providing automatic error detection through key divergence—any deviation in verification steps alters confirmation codes. Experimental evaluation shows the design adds only 1.29 ms to baseline SM2 execution while eliminating weakness to invalid curve attacks and implementation errors that plagued prior schemes. By transforming verification from an external process to an intrinsic cryptographic property, the SM2-VBKE protocol binds the verification step with key generation and can be proven to be secure against adaptive adversaries.