中文摘要：

密钥加密协议的目的是利用安全性低的口令协商安全性高的密钥，进而利用密钥对以后的通信进行加密或身份认证，从而实现安全通信．现有的密钥加密协议大多缺乏安全证明，或者仅在Random Oracle模型下证明了协议的安全性．与Random Oracle模型下的协议相比，标准模型下可证安全的EKE（encrypted key exchange）协议虽然不需要Random Oracle假设，但它们都对参与方的计算能力要求较高，协议规则也更为复杂从DavidP-Jablon在“Extended Password Key Exchange Protocols Immune to Dictionary Attacks”一文中提出的协议出发，通过引入服务端的公钥，并利用ElGamal加密和伪随机函数集，将一个Random Oracle模型下可证安全的EKE协议改进为一个标准模型下可证安全的EKE协议，并证明了改进后的协议仍然是安全的与原始协议相比，改进后的协议只需要DDH（decisional Diffie—Hellman）假设，而不需要理想加密和Random Oracle假设；与其他标准模型下可证安全的协议相比，改进后的协议不需要CCA2（chosen ciphertext anack-2）安全的加密方案，从而不仅可以减少指数计算的次数，而且具有协议规则简单的优点，相对于KOY协议，改进后的协议将指数运算次数降低了73％；相对于JiangShao—Quan等人在“Password Based Key Exchange with Mutual Authentication”一文中提出的协议．改进后的协议将指数运算次数降低了55％．

英文摘要：

Encrypted key exchange protocol＇s goal is to establish a high secure key used for further encryption and authentication through a low secure password. Most existing encrypted key exchange protocols either lack security proofs or rely on the Random Oracle model. Compared with those protocols based on the Random Oracle model, provable secure EKE （encrypted key exchange） protocols have heavier computation burden and their descriptions are more complex, although they don＇t need the Random Oracle model. Through introducing server＇s public key and applying E1Gamal encryption scheme and pseudorandom function ensemble, a provable secure encrypted key exchange protocol is designed from the protocol proposed by David P. Jablon in the paper of ＂Extended Password Key Exchange Protocols Immune to Dictionary Attacks＂, and a proof is presented. Compared with the original protocol, this protocol only needs DDH （decisional Diffie-Hellman） assumption but not ideal encryption and Random Oracle model. Compared with other provable secure encrypted key exchange protocols, because this protocol doesn＇t need CCA2 （chosen ciphertext attack-2） secure public encryption scheme, it can reduce the number of exponible computations and greatly simplify the protocol＇s description. Specifically, this protocol reduces 73% of the exponential computations of KOY protocol, and reduces 55% of the exponential computations of the protocol proposed by Jiang Shao-Quan et al. in the paper of ＂Password Based Key Exchange with Mutual Authentication＂.