In this work, we intensively revisit the SOK IB-NIKE scheme, and present a series of possible and impossible results in the random oracle model and the standard model. In the random oracle model, we first improve previous security analysis for the SOK IB-NIKE scheme by giving a tighter reduction. We then use meta-reduction technique to show that the SOK scheme is unlikely proven to be secure based on the computational bilinear Diffie-Hellman (CBDH) assumption without programming the random oracle. In the standard model, we show how to instantiate the random oracle in the SOK scheme with a concrete hash function from admissible hash functions (AHFs) and indistinguishability obfuscation. The resulting scheme is adaptively secure based on the decisional bilinear Diffie-Hellman inversion (DBDHI) assumption. To the best of our knowledge, this is the first adaptively secure IB-NIKE scheme in the standard model that does not explicitly require multilinear maps. Previous schemes in the standard model either have merely selective security or require programmable hash functions in the multilinear setting. At the technical heart of our scheme, we generalize the definition of AHFs, and propose a generic construction which enables AHFs with previously unachieved parameters, which might be of independent interest.
In addition, we present some new results about IB-NIKE. On the first place, we present a generic construction of multiparty IB-NIKE from extractable witness PRFs and existentially unforgeable signatures. On the second place, we investigate the relation between semi-adaptive security and adaptive security for IB-NIKE. Somewhat surprisingly, we show that these two notions are polynomially equivalent.Category / Keywords: identity-based non-interactive key exchange, non-programming ROM, meta-reduction, indistinguishability obfuscation, puncturable PRFs, admissible hash functions, extractable witness PRFs Date: received 30 Apr 2014, last revised 1 Dec 2014 Contact author: yuchen prc at gmail com Available format(s): PDF | BibTeX Citation Note: In this revision, we show a generic construction of multiparty IB-NIKE from extractable witness PRFs and existentially unforgeable signatures. We also show that semi-adaptive security and adaptive security for IB-NIKE are polynomially equivalent. Version: 20141201:082114 (All versions of this report) Short URL: ia.cr/2014/310 Discussion forum: Show discussion | Start new discussion