We consider the notion of a
non-interactive key exchange (NIKE)
. A NIKE scheme allows a party
to compute a common shared key with another party
’s public key and
’s secret key alone. This computation requires no interaction between
, a feature which distinguishes NIKE from regular (i.e., interactive) key exchange not only quantitatively, but also qualitatively.
Our first contribution is a formalization of NIKE protocols as ideal functionalities in the Universal Composability (UC) framework. As we will argue, existing NIKE definitions (all of which are game-based) do not support a modular analysis either of NIKE schemes themselves, or of the use of NIKE schemes. We provide a simple and natural UC-based NIKE definition that allows for a modular analysis both of NIKE schemes and their use in larger protocols.
We investigate the properties of our new definition, and in particular its relation to existing game-based NIKE definitions. We find that
(a) game-based NIKE security is equivalent to UC-based NIKE security against
(b) UC-NIKE security against adaptive corruptions
be achieved without additional assumptions (but
be achieved in the random oracle model).
Our results suggest that our UC-based NIKE definition is a useful and simple abstraction of non-interactive key exchange.