Robust key authentication scheme resistant to public key substitution attacks

Abstract

In the public key cryptosystem, each user owns a private key and a corresponding public key. When two parties want to communicate with each other, the message is encrypted with recipient's public key such that only the recipient can decrypt the ciphertext with his private key. For obtaining the public key, one can either directly request it from the recipient or retrieve it from the public key directory. For both approaches, it might be possible that some malicious attacker substitutes a fake public key for the genuine one. To withstand such potential attack, we can perform a public key authentication procedure before encrypting the message, such that the ciphertext only can be decrypted by the destined recipient. Recently, Lee et al. proposed a key authentication scheme based on discrete logarithms. The authentication procedure of their scheme is rather simple. However, their scheme is vulnerable to public key substitution attacks. In this paper, we first simply improve the efficiency of their scheme and then propose a robust key authentication scheme resistant to public key substitution attacks.