Full-Resilient Memory-Optimum Multi-Party Non-Interactive Key Exchange

TL;DR

This paper analyzes the security of existing MP-NIKE schemes and introduces a new, efficient, and secure MP-NIKE scheme based on the hardness of root extraction, addressing efficiency and security issues in prior methods.

Contribution

It presents an attack on the only existing modular exponentiation-based MP-NIKE scheme and proposes a novel, secure, and efficient MP-NIKE scheme under standard assumptions.

Findings

Identified a vulnerability in the existing scheme allowing colluding users to derive shared keys.

Proposed a new MP-NIKE scheme that is both secure and computationally efficient.

Validated security in the random oracle model based on root extraction hardness.

Abstract

Multi-Party Non-Interactive Key Exchange (MP-NIKE) is a fundamental cryptographic primitive in which users register into a key generation centre and receive a public/private key pair each. After that, any subset of these users can compute a shared key without any interaction. Nowadays, IoT devices suffer from a high number and large size of messages exchanged in the Key Management Protocol (KMP). To overcome this, an MP-NIKE scheme can eliminate the airtime and latency of messages transferred between IoT devices. MP-NIKE schemes can be realized by using multilinear maps. There are several attempts for constructing multilinear maps based on indistinguishable obfuscation, lattices and the Chinese Remainder Theorem (CRT). Nevertheless, these schemes are inefficient in terms of computation cost and memory overhead. Besides, several attacks have been recently reported against CRT-based and lattice-based multilinear maps. There is only one modular exponentiation-based MP-NIKE scheme in the literature which has been claimed to be both secure and efficient. In this article, we present an attack on this scheme based on the Euclidean algorithm, in which two colluding users can obtain the shared key of any arbitrary subgroup of users. We also propose an efficient and secure MP-NIKE scheme. We show how our proposal is secure in the random oracle model assuming the hardness of the root extraction modulo a composite number.