关键词: 认证密钥交换, 隐私保护, 匿名性, 零知识证明, 可证明安全

Abstract: Privacy-Preserving Authenticated Key Exchange (PPAKE) protocols aim to conceal the identity information of participating parties during the key negotiation process, thereby preventing eavesdroppers from obtaining the identities of the communicating users. However, most existing PPAKE protocols mainly focus on achieving anonymity against third-party eavesdroppers, and still disclose the real identity of the sender to the receiver, which is insufficient for application scenarios with higher privacy requirements. To address this issue, a PPAKE protocol with full sender anonymity was proposed. First, a Key Encapsulation Mechanism (KEM) and a three-round broadcast communication scheme were adopted for key agreement. Full sender anonymity was achieved without requiring any pre-shared secrets, and the legitimacy of the sender was verified using Zero-Knowledge Proof (ZKP) techniques. Second, a security model of full sender anonymity in PPAKE protocols was formally defined, and it was proven that the proposed protocol satisfies this model under standard cryptographic assumptions. Performance testing experimental results in a simulated environment show that, compared with traditional PPAKE protocols, the communication overhead and computational overhead do not increase with the number of users. Compared with more recent PPAKE schemes, the communication overhead increases by only about 29.2% while stronger sender anonymity is achieved, indicating that good engineering practicality is maintained together with a high level of security.

Key words: Authenticated Key Exchange (AKE), privacy-preserving, anonymity, Zero-Knowledge Proof (ZKP), provable security