Non-Interactive Key Exchange and Key Assignment Schemes

This thesis is divided into two distinct parts. The first part of this thesis studies noninteractive key exchange schemes in two different settings: the public key setting and the identity-based setting. Loosely speaking, a non-interactive key exchange (NIKE) scheme allows two users to compute a unique shared key without any interaction. Our work is motivated by the scant attention that this primitive has received since the major contribution in the ground-breaking paper of Diffie and Hellman. In the public key setting, we assume that any user can compute a public/private key pair and the public keys are registered with a Certification Authority (CA). A user A can compute a shared key with user B by using its own private key skA and B’s public key pkB, along with some public parameters. We provide different security models for NIKE and explore the relationships between them. Our models consider the challenging setting where an adversary can introduce arbitrary public keys in the system. We give constructions for secure NIKE, with respect to those security models, in the random oracle model based on the hardness of factoring, and in the standard model based on the hardness of a variant of the Decisional Bilinear Diffie-Hellman problem for asymmetric pairings. We also study the relationship between NIKE and public key encryption (PKE), showing that a secure NIKE can be generically converted into an IND-CCA secure PKE scheme. In the identity-based setting, there is a Trusted Authority (TA) who holds a master secret key and a master public key. The public key of a user is some unique information that identifies a user, called the identity. The private key for each user is computed by the TA, who uses its master secret key and master public key together with the user identity to derive the user’s private key. Using multilinear maps, we obtain the first identity-based non-interactive key exchange scheme (IDNIKE) secure in the standard model. The scheme is a standard-model version of the Sakai-Ohgishi-Kasahara ID-NIKE scheme. In addition, we derive a fully-secure hierarchical version of our ID-NIKE scheme. Our hierarchical ID-NIKE scheme is the first such scheme with full security in either the random oracle model or the standard model. The second part of this thesis is concerned with the construction of hierarchical key assignment schemes. Such schemes can be used to enforce access control policies by cryptographic means. We present new, enhanced security models for hierarchical key assignment schemes and give simple, efficient and strongly key indistinguishable