Non-Interactive Key Exchange
نویسندگان
چکیده
Non-interactive key exchange (NIKE) is a fundamental but much-overlooked cryptographic primitive. It appears as a major contribution in the ground-breaking paper of Diffie and Hellman, but NIKE has remained largely unstudied since then. In this paper, we provide different security models for this primitive and explore the relationships between them. We then give constructions for secure NIKE in the Random Oracle Model based on the hardness of factoring and in the standard model based on the hardness of a variant of the decisional Bilinear Diffie Hellman Problem for asymmetric pairings. We also study the relationship between NIKE and public key encryption (PKE), showing that a secure NIKE scheme can be generically converted into an IND-CCA secure PKE scheme. Our conversion also illustrates the fundamental nature of NIKE in public key cryptography.
منابع مشابه
Multi-party Key Exchange for Unbounded Parties from Indistinguishability Obfuscation
Existing protocols for non-interactive multi-party key exchange either (1) support a bounded number of users, (2) require a trusted setup, or (3) rely on knowledge-type assumptions. We construct the first non-interactive key exchange protocols which support an unbounded number of parties and have a security proof that does not rely on knowledge assumptions. Our non-interactive key-exchange prot...
متن کاملEfficient and Non-Malleable Proofs of Plaintext
We describe efficient protocols for non-malleable (interactive) proofs of plaintext knowledge for the RSA, Rabin, Paillier, and El Gamal encryption schemes. We also highlight some important applications of these protocols: – Chosen-ciphertext-secure, interactive encryption. In settings where both parties are on-line, an interactive encryption protocol may be used. We construct chosen-ciphertext...
متن کاملForward Secure Non-Interactive Key Exchange
Exposure of secret keys is a major concern when cryptographic protocols are implemented on weakly secure devices. Forward security is thus a way to mitigate damages when such an event occurs. In a forward-secure scheme, the public key is indeed fixed while the secret key is updated with a oneway process at regular time periods so that security of the scheme is ensured for any period prior to th...
متن کاملEfficient and Non-malleable Proofs of Plaintext Knowledge and Applications
We describe very efficient protocols for non-malleable (interactive) proofs of plaintext knowledge for the RSA, Rabin, Paillier, and El-Gamal encryption schemes whose security can be proven in the standard model. We also highlight some important applications of these protocols, where we take care to ensure that our protocols remain secure when run in an asynchronous, concurrent environment: • C...
متن کاملA non-interactive deniable authentication scheme in the standard model
the standard model Bin Wang ,Qing Zhao and Ke Dai Information Engineering College of Yangzhou University No.196 West HuaYang Road, Yangzhou City, Jiangsu Province, P.R.China E-mail: [email protected] Abstract: Deniable authentication protocols enable a sender to authenticate a message to a receiver such that the receiver is unable to prove the identity of the sender to a third party. In contrast...
متن کاملUniversally Composable Non-Interactive Key Exchange
We consider the notion of a non-interactive key exchange (NIKE). A NIKE scheme allows a party A to compute a common shared key with another party B from B’s public key and A’s secret key alone. This computation requires no interaction between A and B, a feature which distinguishes NIKE from regular (i.e., interactive) key exchange not only quantitatively, but also qualitatively. Our first contr...
متن کامل