“…The model for NIKE in [10] is similar to, and presumably inspired by, the early work of Shoup [16] on interactive key exchange, where capturing so-called PKI attacks, also known as rogue-key attacks, was intrinsic to the security modelling. This modelling approach is referred to elsewhere in the literature as the plain setting (see [20,21] and the references therein) or the bare PKI setting [3]. The CKS model is certainly more challenging than settings where proofs of knowledge or proofs of possession of private keys are assumed to be given during registration, or where the adversary must reveal its secret key directly (as with the knowledge of secret key assumption used in [22,23]).…”