Advertisement

Universally Composable Non-Interactive Key Exchange

  • Eduarda S. V. Freire
  • Julia Hesse
  • Dennis Hofheinz
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8642)

Abstract

We consider the notion of a non-interactive key exchange (NIKE). A NIKE scheme allows a party A to compute a common shared key with another party B from B’s public key and A’s secret key alone. This computation requires no interaction between A and B, a feature which distinguishes NIKE from regular (i.e., interactive) key exchange not only quantitatively, but also qualitatively.

Our first contribution is a formalization of NIKE protocols as ideal functionalities in the Universal Composability (UC) framework. As we will argue, existing NIKE definitions (all of which are game-based) do not support a modular analysis either of NIKE schemes themselves, or of the use of NIKE schemes. We provide a simple and natural UC-based NIKE definition that allows for a modular analysis both of NIKE schemes and their use in larger protocols.

We investigate the properties of our new definition, and in particular its relation to existing game-based NIKE definitions. We find that

(a) game-based NIKE security is equivalent to UC-based NIKE security against static corruptions, and

(b) UC-NIKE security against adaptive corruptions cannot be achieved without additional assumptions (but can be achieved in the random oracle model).

Our results suggest that our UC-based NIKE definition is a useful and simple abstraction of non-interactive key exchange.

Keywords

non-interactive key exchange universal composability 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Barak, B., Canetti, R., Nielsen, J.B., Pass, R.: Universally composable protocols with relaxed set-up assumptions. In: 45th FOCS, pp. 186–195. IEEE Computer Society Press (2004)Google Scholar
  2. 2.
    Barker, E., Johnson, D., Smid, M.: NIST special publication 800-56A: Recommendation for pair-wise key establishment schemes using discrete logarithm cryptography, revised (2007)Google Scholar
  3. 3.
    Canetti, R.: Universally composable security: A new paradigm for cryptographic protocols. In: 42nd FOCS, pp. 136–145. IEEE Computer Society Press (2001)Google Scholar
  4. 4.
    Canetti, R.: Universally composable signature, certification, and authentication. In: CSFW 2004, p. 219. IEEE Computer Society (2004)Google Scholar
  5. 5.
    Canetti, R.: Universally composable security: A new paradigm for cryptographic protocols. Cryptology ePrint Archive (2005), http://eprint.iacr.org/2000/067
  6. 6.
    Canetti, R., Dodis, Y., Pass, R., Walfish, S.: Universally composable security with global setup. In: Vadhan, S.P. (ed.) TCC 2007. LNCS, vol. 4392, pp. 61–85. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  7. 7.
    Canetti, R., Krawczyk, H.: Universally composable notions of key exchange and secure channels. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 337–351. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  8. 8.
    Capar, C., Goeckel, D., Paterson, K.G., Quaglia, E.A., Towsley, D., Zafer, M.: Signal-flow-based analysis of wireless security protocols. Inf. Comput. 226, 37–56 (2013)CrossRefzbMATHMathSciNetGoogle Scholar
  9. 9.
    Cash, D., Kiltz, E., Shoup, V.: The twin diffie-hellman problem and applications. In: Smart, N.P. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 127–145. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  10. 10.
    Diffie, W., Hellman, M.E.: New directions in cryptography. IEEE Transactions on Information Theory 22(6), 644–654 (1976)CrossRefzbMATHMathSciNetGoogle Scholar
  11. 11.
    Dodis, Y., Katz, J., Smith, A., Walfish, S.: Composability and on-line deniability of authentication. In: Reingold, O. (ed.) TCC 2009. LNCS, vol. 5444, pp. 146–162. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  12. 12.
    Freire, E.S.V., Hofheinz, D., Paterson, K.G., Striecks, C.: Programmable hash functions in the multilinear setting. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part I. LNCS, vol. 8042, pp. 513–530. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  13. 13.
    Freire, E.S., Hofheinz, D., Kiltz, E., Paterson, K.G.: Non-interactive key exchange. In: Kurosawa, K., Hanaoka, G. (eds.) PKC 2013. LNCS, vol. 7778, pp. 254–271. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  14. 14.
    Gennaro, R., Halevi, S., Krawczyk, H., Rabin, T., Reidt, S., Wolthusen, S.D.: Strongly-resilient and non-interactive hierarchical key-agreement in mANETs. In: Jajodia, S., Lopez, J. (eds.) ESORICS 2008. LNCS, vol. 5283, pp. 49–65. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  15. 15.
    Hofheinz, D., Shoup, V.: GNUC: A new universal composability framework. Cryptology ePrint Archive (2011), http://eprint.iacr.org/2011/303
  16. 16.
    Jakobsson, M., Sako, K., Impagliazzo, R.: Designated verifier proofs and their applications. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 143–154. Springer, Heidelberg (1996)CrossRefGoogle Scholar
  17. 17.
    Kidron, D., Lindell, Y.: Impossibility results for universal composability in public-key models and with fixed inputs. Journal of Cryptology 24(3), 517–544 (2011)CrossRefzbMATHMathSciNetGoogle Scholar
  18. 18.
    Nielsen, J.B.: Separating random oracle proofs from complexity theoretic proofs: The non-committing encryption case. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 111–126. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  19. 19.
    Sakai, R., Ohgishi, K., Kasahara, M.: Cryptosystems based on pairing. In: SCIS 2000, Okinawa, Japan (2000)Google Scholar
  20. 20.
    Freire, E.S.V., Hesse, J., Hofheinz, D.: Universally Composable Non-Interactive Key Exchange. Cryptology ePrint Archive (2014), http://eprint.iacr.org/2014/528

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Eduarda S. V. Freire
    • 1
  • Julia Hesse
    • 2
  • Dennis Hofheinz
    • 2
  1. 1.Royal Holloway, University of LondonUnited Kingdom
  2. 2.Karlsruhe Institute of TechnologyGermany

Personalised recommendations