Universally Composable Non-Interactive Key Exchange
We consider the notion of a non-interactive key exchange (NIKE). A NIKE scheme allows a party A to compute a common shared key with another party B from B’s public key and A’s secret key alone. This computation requires no interaction between A and B, a feature which distinguishes NIKE from regular (i.e., interactive) key exchange not only quantitatively, but also qualitatively.
Our first contribution is a formalization of NIKE protocols as ideal functionalities in the Universal Composability (UC) framework. As we will argue, existing NIKE definitions (all of which are game-based) do not support a modular analysis either of NIKE schemes themselves, or of the use of NIKE schemes. We provide a simple and natural UC-based NIKE definition that allows for a modular analysis both of NIKE schemes and their use in larger protocols.
We investigate the properties of our new definition, and in particular its relation to existing game-based NIKE definitions. We find that
(a) game-based NIKE security is equivalent to UC-based NIKE security against static corruptions, and
(b) UC-NIKE security against adaptive corruptions cannot be achieved without additional assumptions (but can be achieved in the random oracle model).
Our results suggest that our UC-based NIKE definition is a useful and simple abstraction of non-interactive key exchange.
Keywordsnon-interactive key exchange universal composability
Unable to display preview. Download preview PDF.
- 1.Barak, B., Canetti, R., Nielsen, J.B., Pass, R.: Universally composable protocols with relaxed set-up assumptions. In: 45th FOCS, pp. 186–195. IEEE Computer Society Press (2004)Google Scholar
- 2.Barker, E., Johnson, D., Smid, M.: NIST special publication 800-56A: Recommendation for pair-wise key establishment schemes using discrete logarithm cryptography, revised (2007)Google Scholar
- 3.Canetti, R.: Universally composable security: A new paradigm for cryptographic protocols. In: 42nd FOCS, pp. 136–145. IEEE Computer Society Press (2001)Google Scholar
- 4.Canetti, R.: Universally composable signature, certification, and authentication. In: CSFW 2004, p. 219. IEEE Computer Society (2004)Google Scholar
- 5.Canetti, R.: Universally composable security: A new paradigm for cryptographic protocols. Cryptology ePrint Archive (2005), http://eprint.iacr.org/2000/067
- 15.Hofheinz, D., Shoup, V.: GNUC: A new universal composability framework. Cryptology ePrint Archive (2011), http://eprint.iacr.org/2011/303
- 19.Sakai, R., Ohgishi, K., Kasahara, M.: Cryptosystems based on pairing. In: SCIS 2000, Okinawa, Japan (2000)Google Scholar
- 20.Freire, E.S.V., Hesse, J., Hofheinz, D.: Universally Composable Non-Interactive Key Exchange. Cryptology ePrint Archive (2014), http://eprint.iacr.org/2014/528