non interactive key exchange
play

Non-Interactive Key Exchange Eduarda S. V. Freire, Dennis Hofheinz, - PowerPoint PPT Presentation

Sep 13, 2023 •158 likes •588 views

Non-Interactive Key Exchange Eduarda S. V. Freire, Dennis Hofheinz, Eike Kiltz and Kenneth G. Paterson PKC 2013 - Nara, Japan March 1, 2013 Non-Interactive Key Exchange Goal: Enabling two parties who know each others public key to agree on

  1. Non-Interactive Key Exchange Eduarda S. V. Freire, Dennis Hofheinz, Eike Kiltz and Kenneth G. Paterson PKC 2013 - Nara, Japan March 1, 2013

  2. Non-Interactive Key Exchange Goal: Enabling two parties who know each other’s public key to agree on a symmetric shared key without requiring any interaction . Classical example: Diffie-Hellman Key Exchange Non-Interactive Key Exchange Eduarda S. V. Freire, Dennis Hofheinz, Eike Kiltz and Kenneth G. Paterson

  3. Non-Interactive Key Exchange Goal: Enabling two parties who know each other’s public key to agree on a symmetric shared key without requiring any interaction . Classical example: Diffie-Hellman Key Exchange Let G be a group of prime order p with generator g . sk A : x ← Z p sk B : y ← Z p pk A : X = g x ∈ G pk B : Y = g y ∈ G K = X y = Y x = g xy Alice Bob Shared Key More properly, K = H (Alice , Bob , g xy ). Non-Interactive Key Exchange Eduarda S. V. Freire, Dennis Hofheinz, Eike Kiltz and Kenneth G. Paterson

  4. Formal Definition of NIKE A NIKE scheme consists of 3 algorithms: CS , KG , SK We consider an identity space IDS and a shared key space SHK CS (1 k ) (Common Setup - run by a trusted authority) output: set of system parameters par KG ( par , ID) (Key Generation - run by any user) output: a pair of public key and private key ( pk , sk ) SK (ID 1 , pk 1 , ID 2 , sk 2 ) (Shared Key - run by any user) output: either a shared key K 1 , 2 ∈ SHK or ⊥ this algorithm is assumed to always output ⊥ if ID 1 = ID 2 Non-Interactive Key Exchange Eduarda S. V. Freire, Dennis Hofheinz, Eike Kiltz and Kenneth G. Paterson

  5. Formal Definition of NIKE A NIKE scheme consists of 3 algorithms: CS , KG , SK We consider an identity space IDS and a shared key space SHK Identities are used to CS (1 k ) (Common Setup - run by a trusted authority) track which public keys output: set of system parameters par are associated with which users. KG ( par , ID) (Key Generation - run by any user) output: a pair of public key and private key ( pk , sk ) We are not in the SK (ID 1 , pk 1 , ID 2 , sk 2 ) (Shared Key - run by any user) identity-based setting! output: either a shared key K 1 , 2 ∈ SHK or ⊥ this algorithm is assumed to always output ⊥ if ID 1 = ID 2 Non-Interactive Key Exchange Eduarda S. V. Freire, Dennis Hofheinz, Eike Kiltz and Kenneth G. Paterson

  6. Formal Definition of NIKE A NIKE scheme consists of 3 algorithms: CS , KG , SK We consider an identity space IDS and a shared key space SHK Identities are used to CS (1 k ) (Common Setup - run by a trusted authority) track which public keys output: set of system parameters par are associated with which users. KG ( par , ID) (Key Generation - run by any user) output: a pair of public key and private key ( pk , sk ) We are not in the SK (ID 1 , pk 1 , ID 2 , sk 2 ) (Shared Key - run by any user) identity-based setting! output: either a shared key K 1 , 2 ∈ SHK or ⊥ this algorithm is assumed to always output ⊥ if ID 1 = ID 2 Correctness requirement We require SK (ID 1 , pk 1 , ID 2 , sk 2 ) = SK (ID 2 , pk 2 , ID 1 , sk 1 ) for any pair of identities ID 1 , ID 2 and corresponding key pairs ( pk 1 , sk 1 ) and ( pk 2 , sk 2 ). Non-Interactive Key Exchange Eduarda S. V. Freire, Dennis Hofheinz, Eike Kiltz and Kenneth G. Paterson

  7. Applications of NIKE wireless and sensor networks conserving battery is a prime concern energy cost of communication must be minimised minimising the number of bits to be transmitted is fundamental [C ¸apGoePatQuaTowZaf] 1. evaluate the energy costs of interactive and non-interactive key exchange 2. demonstrate that significant energy savings can be made by adopting a non-interactive approach deniable authentication [DodKatSmiWal09] explicitly requires a non-interactive key exchange basis for interactive key exchange [BoyMaoPat04] the shared key can be used in a MAC to authenticate an exchange of ephemeral Diffie-Hellman values non-interactive designated verifier signature schemes [JakSakImp96] again using the shared key in a MAC to authenticate messages Non-Interactive Key Exchange Eduarda S. V. Freire, Dennis Hofheinz, Eike Kiltz and Kenneth G. Paterson

  8. Motivation Why should we study NIKE? NIKE is a fundamental cryptographic primitive, but has not received much attention 1976: major contribution in the ground-breaking paper of Diffie and Hellman 2008: [CasKilSho08] provides a basic security model for NIKE ( the CKS model ), analyses the Diffie-Hellman based scheme as well as a variant of it in the ROM 2000: [SakOhgKas00] provides an ID-based NIKE secure in the ROM Non-Interactive Key Exchange Eduarda S. V. Freire, Dennis Hofheinz, Eike Kiltz and Kenneth G. Paterson

  9. Motivation In practice, the public keys will be certified, and consideration needs to be given to modelling the key registration process There are different possible security models for NIKE - with and without dishonest key registration (DKR) of public keys easy to get standard model security without DKR - does not reflect how CAs actually operate easy to get ROM security with DKR - e.g. Hashed Diffie-Hellman: K = H (Alice , Bob , g xy ) Challenge What about standard model security with DKR? coming next Non-Interactive Key Exchange Eduarda S. V. Freire, Dennis Hofheinz, Eike Kiltz and Kenneth G. Paterson

  10. Contributions of this work new security models for NIKE we provide different security models for NIKE and explore the relationships between them we focus on adversarial key registration queries, which poses the main technical obstacle to achieve NIKE security we use as a starting point the CKS security model constructions for secure NIKE a provably secure NIKE scheme in the standard model (our main construction) - based on pairings a provably secure scheme under the factoring assumption in the ROM Challenge what about a factoring-based construction secure in the standard model? Non-Interactive Key Exchange Eduarda S. V. Freire, Dennis Hofheinz, Eike Kiltz and Kenneth G. Paterson

  11. Contributions of this work new security models for NIKE we provide different security models for NIKE and explore the relationships between them we focus on adversarial key registration queries, which poses the main technical obstacle to achieve NIKE security we use as a starting point the CKS security model constructions for secure NIKE a provably secure NIKE scheme in the standard model (our main construction) - based on pairings reflects the technical chal- a provably secure scheme under the factoring assumption in the ROM lenge involved in achieving Challenge our DKR security notions what about a factoring-based construction secure in the standard model? we obtain such a scheme under the additional assumption that the adversary only registers valid public keys Non-Interactive Key Exchange Eduarda S. V. Freire, Dennis Hofheinz, Eike Kiltz and Kenneth G. Paterson

  12. Contributions of this work new security models for NIKE we provide different security models for NIKE and explore the relationships between them we focus on adversarial key registration queries, which poses the main technical obstacle to achieve NIKE security we use as a starting point the CKS security model constructions for secure NIKE a provably secure NIKE scheme in the standard model (our main construction) - based on pairings reflects the technical chal- a provably secure scheme under the factoring assumption in the ROM lenge involved in achieving Challenge our DKR security notions what about a factoring-based construction secure in the standard model? we obtain such a scheme under the additional assumption that the adversary only registers valid public keys conversion from NIKE to KEM we show that a secure NIKE implies an IND-CCA secure PKE scheme Non-Interactive Key Exchange Eduarda S. V. Freire, Dennis Hofheinz, Eike Kiltz and Kenneth G. Paterson

  13. Security Models The CKS security model Adversary A Challenger C par par ← CS (1 k ) b ← { 0 , 1 } Reg.Hon(ID) ( pk , sk ) ← KG ( par , ID) pk ( honest , ID , pk , sk ) Reg.Cor(ID , pk ) ( corrupt , ID , pk , ⊥ ) Corrupt Reveal(ID 1 , ID 2 ) K 1 , 2 ← SK (ID 1 , pk 1 , ID 2 , sk 2 ) K 1 , 2 � if b = 0 K A , B K ∗ = Test(ID A , ID B ) random if b = 1 K ∗ ˆ b Non-Interactive Key Exchange Eduarda S. V. Freire, Dennis Hofheinz, Eike Kiltz and Kenneth G. Paterson

  14. Security Models The CKS security model Adversary A Challenger C par par ← CS (1 k ) � minimizes assump- tions about the CA b ← { 0 , 1 } Reg.Hon(ID) ( pk , sk ) ← KG ( par , ID) pk ( honest , ID , pk , sk ) Reg.Cor(ID , pk ) ( corrupt , ID , pk , ⊥ ) Corrupt Reveal(ID 1 , ID 2 ) K 1 , 2 ← SK (ID 1 , pk 1 , ID 2 , sk 2 ) K 1 , 2 � e if b = 0 m K A , B - d K ∗ = o Test(ID A , ID B ) s a s n t a i m f random if b = 1 o o K ∗ s ✗ e t i i i l b a y r a s r ˆ e b v Non-Interactive Key Exchange Eduarda S. V. Freire, Dennis Hofheinz, Eike Kiltz and Kenneth G. Paterson

  15. Security Models The m-CKS-heavy security model Adversary A Challenger C Non-Interactive Key Exchange Eduarda S. V. Freire, Dennis Hofheinz, Eike Kiltz and Kenneth G. Paterson

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

On Tightly Secure Non-Interactive Key Exchange Julia Hesse (Technische Universit at Darmstadt)

On Tightly Secure Non-Interactive Key Exchange Julia Hesse (Technische Universit at Darmstadt)

On Tightly Secure Non-Interactive Key Exchange Julia Hesse (Technische Universit at Darmstadt) Dennis Hofheinz (Karlsruhe Institute of Technology) Lisa Kohl (Karlsruhe Institute of Technology) 1 Non-Interactive Key Exchange (NIKE) pk 1 , pk

884 views • 59 slides
Closing the Loop : Creating an Interactive Materials Exchange in Tennessee Sustainable Industry

Closing the Loop : Creating an Interactive Materials Exchange in Tennessee Sustainable Industry

Closing the Loop : Creating an Interactive Materials Exchange in Tennessee Sustainable Industry Workshops 2017 Circular Economy: What does it mean? A 2016 online survey of sustainability professionals conducted by Green Biz Magazine reveals

520 views • 33 slides
Facebook Exchange Facebook Exchange (FBX) (FBX) Facebook Exchange The Facebook Exchange allows

Facebook Exchange Facebook Exchange (FBX) (FBX) Facebook Exchange The Facebook Exchange allows

Facebook Exchange Facebook Exchange (FBX) (FBX) Facebook Exchange The Facebook Exchange allows programmatic buying of Facebook ad inventory through real-time bidding. Agencies, trading desks and direct marketers can buy Facebook ads using

343 views • 7 slides
INFORMATION SYSTEM FOR WICKED INTERACTIVE Presenting by Xue Feng, Ji Pengcheng, Zhu Yibo,

INFORMATION SYSTEM FOR WICKED INTERACTIVE Presenting by Xue Feng, Ji Pengcheng, Zhu Yibo,

INFORMATION SYSTEM FOR WICKED INTERACTIVE Presenting by Xue Feng, Ji Pengcheng, Zhu Yibo, Ni Bowen Wicked Interactive Current Problem Information exchange system between the players and GMs is not well constructed (eg Bug report

451 views • 9 slides
EXCHANGE CONTROL EXCHANGE CONTROL MEANS OFFICIAL INTERFERENCE IN THE FOREIGN EXCHANGE DEALINGS

EXCHANGE CONTROL EXCHANGE CONTROL MEANS OFFICIAL INTERFERENCE IN THE FOREIGN EXCHANGE DEALINGS

Chapter No. Page No. 4 72 International Finance EXCHANGE CONTROL IN INDIA EXCHANGE CONTROL EXCHANGE CONTROL MEANS OFFICIAL INTERFERENCE IN THE FOREIGN EXCHANGE DEALINGS OF A COUNTRY. THE CONTROL MAY EXTEND A WIDE AREA COVERING:

922 views • 23 slides
New Partnership Debt for Equity Exchange Regulations Navigating Issues With COD Income,

New Partnership Debt for Equity Exchange Regulations Navigating Issues With COD Income,

Presenting a live 110 minute teleconference with interactive Q&A New Partnership Debt for Equity Exchange Regulations Navigating Issues With COD Income, Gains and Losses, and Other Aspects of Sect. 108(e)(8) THURSDAY, FEBRUARY 2,

579 views • 37 slides
INTERACTIVE PRESENTATION FAQs What is an interactive presentation and how is it different than a

INTERACTIVE PRESENTATION FAQs What is an interactive presentation and how is it different than a

INTERACTIVE PRESENTATION FAQs What is an interactive presentation and how is it different than a traditional poster session? The interactive presentation (IP) has its own session track, takes place in a meeting room instead of the exhibit hall,

402 views • 3 slides
Conversational Exploratory Search via Interactive Storytelling Outline 1. Interactive

Conversational Exploratory Search via Interactive Storytelling Outline 1. Interactive

Conversational Exploratory Search via Interactive Storytelling Outline 1. Interactive Storytelling Introduction 2. Illustrative Example 3. Experimental Setup Interactive Storytelling Figure. 1. Communicating knowledge via an interactive

257 views • 21 slides
Mergers and Acquisitions Navigating SEC and Stock Exchange Requirements, Warrants, Trust Accounts,

Mergers and Acquisitions Navigating SEC and Stock Exchange Requirements, Warrants, Trust Accounts,

Presenting a live 90-minute webinar with interactive Q&A Special Purpose Acquisition Companies: Structuring IPOs and Facilitating Future Mergers and Acquisitions Navigating SEC and Stock Exchange Requirements, Warrants, Trust Accounts, and

484 views • 29 slides
Exchange Treatment THURSDAY, FEBRUARY 15, 2018 1pm Eastern | 12pm Central | 11am

Exchange Treatment THURSDAY, FEBRUARY 15, 2018 1pm Eastern | 12pm Central | 11am

Presenting a live 90-minute webinar with interactive Q&A New IRS Scrutiny on Cryptocurrency Reporting: Filing Requirements and Exchange Treatment THURSDAY, FEBRUARY 15, 2018 1pm Eastern | 12pm Central | 11am Mountain | 10am

367 views • 32 slides
VAP EXCHANGE SLI DES ( Last update Juni 2 0 0 6 ) these slides are only for exchange, please

VAP EXCHANGE SLI DES ( Last update Juni 2 0 0 6 ) these slides are only for exchange, please

VAP EXCHANGE SLI DES ( Last update Juni 2 0 0 6 ) these slides are only for exchange, please contact yakfreak@aon.at for details 1729 TC-JLC Airbus 320 Turkish Airlines retro colors VIE 1728 N767A Boeing 767-200 Aramco VIE 1727 OK-KKG

525 views • 21 slides
Exchange and ordering in magnetic materials Claudine Lacroix, Institut Nel, Grenoble 1-Origin

Exchange and ordering in magnetic materials Claudine Lacroix, Institut Nel, Grenoble 1-Origin

Exchange and ordering in magnetic materials Claudine Lacroix, Institut Nel, Grenoble 1-Origin of exchange 2- Exchange in insulators: superexchange and Goodenough- Kanamori rules 3- Exchange in metals: RKKY, double exchange, band magnetism

381 views • 37 slides
Interactive Proofs Lecture 18 AM 1 Interactive Proofs 2 Interactive Proofs IP[k] 2

Interactive Proofs Lecture 18 AM 1 Interactive Proofs 2 Interactive Proofs IP[k] 2

Interactive Proofs Lecture 18 AM 1 Interactive Proofs 2 Interactive Proofs IP[k] 2 Interactive Proofs IP[k] IP[poly] = PSPACE 2 Interactive Proofs IP[k] IP[poly] = PSPACE IP protocol for TQBF using arithmetization 2 Interactive

1.75k views • 136 slides
Programme 12:00 12:25 Interactive presentation 12:30 13:00 Interactive demo

Programme 12:00 12:25 Interactive presentation 12:30 13:00 Interactive demo

Mind the Story: Posing Questions with Design Programme 12:00 12:25 Interactive presentation 12:30 13:00 Interactive demo -------------------------------------------------- 13:30 13:55 Interactive presentation 14:00 14:30

627 views • 34 slides
The Revised Debt-for-Equity Exchange Regulations: Compliance Challenges Anticipating Issues in

The Revised Debt-for-Equity Exchange Regulations: Compliance Challenges Anticipating Issues in

Presenting a live 110-minute teleconference with interactive Q&A The Revised Debt-for-Equity Exchange Regulations: Compliance Challenges Anticipating Issues in Valuations of Partnership Interests Received, Bad Debt Deductions,

654 views • 42 slides
MCOs, ACOs and for Health Exchange Products Tools and Strategies to Maximize Benefits and Avoid

MCOs, ACOs and for Health Exchange Products Tools and Strategies to Maximize Benefits and Avoid

Presenting a live 90-minute webinar with interactive Q&A Negotiating Managed Care Contracts with MCOs, ACOs and for Health Exchange Products Tools and Strategies to Maximize Benefits and Avoid Becoming Unlicensed Insurer TUESDAY, NOVEMBER

676 views • 65 slides
2006: OConnell and Dyment explored the benefits of journaling in motivating students in

2006: OConnell and Dyment explored the benefits of journaling in motivating students in

2006: OConnell and Dyment explored the benefits of journaling in motivating students in the process of reflecting on their own learning and improving their own writing skills. 2011: Farrah examined the benefits of reflective

418 views • 26 slides
Welcome! We will be starting soon. The Low-Income Forum on Energy Presents: Implications of

Welcome! We will be starting soon. The Low-Income Forum on Energy Presents: Implications of

Welcome! We will be starting soon. The Low-Income Forum on Energy Presents: Implications of Section 111(d) of the Clean Air Act on Low-Income Communities Emily Fisher, Chris Hickling Edison Electric Institute Jennifer Gremmert, Skip Arnold

691 views • 41 slides
CMSC 722, AI Planning Planning and Scheduling Dana S. Nau University of Maryland Fall 2009 Dana

CMSC 722, AI Planning Planning and Scheduling Dana S. Nau University of Maryland Fall 2009 Dana

CMSC 722, AI Planning Planning and Scheduling Dana S. Nau University of Maryland Fall 2009 Dana Nau: Lecture slides for Automated Planning 1 Licensed under the Creative Commons Attribution-NonCommercial-ShareAlike License:

386 views • 37 slides
Plan for Expanding Sustainable Community Health Centers in New York Elizabeth Swain, President

Plan for Expanding Sustainable Community Health Centers in New York Elizabeth Swain, President

Plan for Expanding Sustainable Community Health Centers in New York Elizabeth Swain, President and CEO, CHCANYS Beverly Grossman, MSW, Senior Policy Director, CHCANYS Presented at the New York State Health Foundation April 22, 2013 1 Overview

391 views • 24 slides
Lessons Learned from Implementing Response Propensity Models in the 2013 Census Test Gina

Lessons Learned from Implementing Response Propensity Models in the 2013 Census Test Gina

Lessons Learned from Implementing Response Propensity Models in the 2013 Census Test Gina Walejko, PhD U.S. Census Bureau, Center for Survey Measurement The views expressed on statistical, methodological, technical, or operational issues are

226 views • 18 slides
A General Interviewer Training Curriculum for Computer-Assisted Personal Interviews (GIT-CAPI)

A General Interviewer Training Curriculum for Computer-Assisted Personal Interviews (GIT-CAPI)

A General Interviewer Training Curriculum for Computer-Assisted Personal Interviews (GIT-CAPI) GESIS Survey Guidelines Daikeler, J., Silber, H., Bosnjak, M., Zabal, A., & Martin, S., Ackermann-Piek, D. These slides are based on the GESIS

350 views • 9 slides
On Accelerating Pair-HMM Computations in Programmable Hardware Contributions Design and

On Accelerating Pair-HMM Computations in Programmable Hardware Contributions Design and

Subho S. Banerjee, Mohamed el-Hadedy, Ching Y. Tan, Zbigniew T. Kalbarczyk, Steve Lumetta, Ravishankar K. Iyer On Accelerating Pair-HMM Computations in Programmable Hardware Contributions Design and implementation for an accelerator to This

851 views • 15 slides
IO virtualization Michael Kagan Mellanox Technologies IO Virtualization Mission non-stop

IO virtualization Michael Kagan Mellanox Technologies IO Virtualization Mission non-stop

IO virtualization Michael Kagan Mellanox Technologies IO Virtualization Mission non-stop services to consumers Flexibility assign IO resources to consumer as needed Agility assignment of IO resources to consumer when

257 views • 9 slides

More recommend