International Association for Cryptologic Research

International Association
for Cryptologic Research

IACR News item: 23 June 2014

Eduarda S.V. Freire, Julia Hesse, Dennis Hofheinz
ePrint Report ePrint Report
We consider the notion of a non-interactive key exchange (NIKE). A NIKE scheme allows a party \\(A\\) to compute a common shared key with another party \\(B\\) from \\(B\\)\'s public key and \\(A\\)\'s secret key alone. This computation requires no interaction between \\(A\\) and \\(B\\), a feature which distinguishes NIKE from regular (i.e., interactive) key exchange not only quantitatively, but also qualitatively.

Our first contribution is a formalization of NIKE protocols as ideal

functionalities in the Universal Composability (UC) framework.

As we will argue, existing NIKE definitions (all of which are game-based) do not support a modular analysis either of NIKE schemes themselves, or of the use of NIKE schemes. We provide a simple and natural UC-based NIKE definition that allows for a modular analysis both of NIKE schemes and their use in larger protocols.

We proceed to investigate the properties of our new definition, and in

particular its relation to existing game-based NIKE definitions. We find that

(a) game-based NIKE security is equivalent to UC-based NIKE security

against \\emph{static} corruptions, and

(b) UC-NIKE security against adaptive corruptions cannot be achieved

without additional assumptions (but \\emph{can} be achieved in the random oracle model).

Our results suggest that our UC-based NIKE definition is a useful and simple abstraction of non-interactive key exchange.

Expand

Additional news items may be found on the IACR news page.