Abstract:  A smart card based remote user authentication scheme is more secure than a password-based authentication scheme. In 2011, Chen et al. proposed an improvement on Hsiang et al. ’s remote user authentication scheme, and claimed their scheme was more secure than Hsiang et al. ’s scheme. However, their scheme is still vulnerable to insider attack, lost smart card attack, replay attack, and impersonation attack. To overcome the dictionary attack against lost smart card, a user authentication scheme based on smart card and elliptic curve discrete logarithm problem is proposed. This scheme is proved to be secure agaisnt various attacks and needs only one elliptic curve scale multiplication in the login and authentication phases.

Key words: cryptography, authentication, protocol, Elliptic Curve Discrete Logarithm Problem（ECDLP）, smart card, password

摘要： 基于智能卡的远程用户认证协议比基于口令的安全协议能提供更好的安全性。2011年Chen等提出一种对Hsiang-Shih方案改进的基于智能卡的远程认证协议，并称解决了相关方案中存在的各种攻击问题。指出Chen等方案仍然存在着内部攻击、丢失智能卡攻击、重放攻击和身份冒充攻击，并针对基于口令和智能卡的远程认证协议类存在的离线口令猜测攻击提出一种基于智能卡和椭圆曲线离散对数问题的认证协议。该协议能抵抗提到的所有攻击，在登陆和认证阶段只需要一个点乘运算。

关键词: 密码学, 认证, 协议, 椭圆曲线离散对数问题, 智能卡, 口令