Design And Security Proof Of Non-interactive Key Exchange Protocols

A non-interactive key exchange (NIKE) protocol allows two parties to establish a shared key without further communication. As it is non-interactive, NIKE is low in communication complexity. So it is very suitable for wireless mobile communication environment with limited sources. Research of designing secure and efficient NIKE protocols and proving their security is a hot spot in the direction of autithenticated key exchange (AKE) protocols in recent years. Also it is of important theoretical value and broad application prospect. However, the security model of NIKE protocol is imperfect, the construction is immature, and many problems in NIKE need to be solved. In allusion to that, we start our study on non-interactive key exchange protocols and the main results are as follows:Firstly, certificateless non-interactive key exchange (CL-NIKE) protocol is researched. Private key generator (PKG) knows any user’s private key in ID-NIKE, so it can calculate the shared key between two arbitrary participants, which is namely the key escrow problem. To solve this problem, we suggest a non-interactive key exchange protocol based on the certificateless public key cryptography (CL-PKC). We give the security model of CL-NIKE and a construction of the CL-NIKE protocol with pairings. The new protocol is proven secure in the Random Oracle Model (ROM) based on the hardness of the gap bilinear Diffie-Hellman (GBDH) and computational Diffie-Hellman (CDH) assumptions.Secondly, pairing-free CL-NIKE protocol is proposed. To improve the efficiency, we construct a CL-NIKE protocol without pairings. The proposed protocol is proved secure in the ROM based on the gap computational Diffie-Hellman (GCDH) and computational Diffie-Hellman assumptions. Moreover we give a comparison from security and efficiency between the existing NIKE protocols and the new protocol.Finally, NIKE protocol with forward security is studied. We improve the NIKE protocol with forward security of Steinwandt and Corona after a deep learning on their protocol and the attack proposed by Lin et al. We also give the security proof of the improved scheme based on the hardness of decisional bilinear Diffie-Hellman (DBDH) assumption in the ROM. The improved protocol is secure under the attack of Lin et al and is also with forward security.