## Cryptology ePrint Archive: Report 2014/481

Universally Composable Non-Interactive Key Exchange

Eduarda S.V. Freire and Julia Hesse and Dennis Hofheinz

Abstract: We consider the notion of a non-interactive key exchange (NIKE). A NIKE scheme allows a party $A$ to compute a common shared key with another party $B$ from $B$'s public key and $A$'s secret key alone. This computation requires no interaction between $A$ and $B$, a feature which distinguishes NIKE from regular (i.e., interactive) key exchange not only quantitatively, but also qualitatively.

Our first contribution is a formalization of NIKE protocols as ideal functionalities in the Universal Composability (UC) framework. As we will argue, existing NIKE definitions (all of which are game-based) do not support a modular analysis either of NIKE schemes themselves, or of the use of NIKE schemes. We provide a simple and natural UC-based NIKE definition that allows for a modular analysis both of NIKE schemes and their use in larger protocols.

We proceed to investigate the properties of our new definition, and in particular its relation to existing game-based NIKE definitions. We find that (a) game-based NIKE security is equivalent to UC-based NIKE security against \emph{static} corruptions, and (b) UC-NIKE security against adaptive corruptions cannot be achieved without additional assumptions (but \emph{can} be achieved in the random oracle model).

Our results suggest that our UC-based NIKE definition is a useful and simple abstraction of non-interactive key exchange.

Category / Keywords: public-key cryptography / non-interactive key exchange, universal composability

Original Publication (with major differences): SCN 2014

Date: received 18 Jun 2014, last revised 26 Jun 2014

Contact author: julia hesse at kit edu

Available format(s): PDF | BibTeX Citation

Short URL: ia.cr/2014/481

[ Cryptology ePrint archive ]