I recently took an exam where one of the questions was roughly the following:
You need a specific way for sender S to send a large file M to a receiver R with their secret-public key pair, without interaction. You cannot use interactive key exchange protocols. The receiver’s public key is assumed to be authentic. The sender does not have her own public key pair. In addition to the strongest security you are asked to pay attention to efficiency of your suggested scheme.
Describe what S does to send M and what R does to get M. To do so, use the known schemes and their algorithms as building blocks. (e.g. if you want to use AES-CBC$ as a building block, don’t define it, just refer to its algorithms.) Specify what security level your scheme provides, under what assumptions, and why. You can refer to the known notions of security and the results we studied in class. It is ok to rely on the random oracle model if necessary.
I discussed using signcryption to share the file, but I don't think that's possible without a way to verify the signature since TMK signature verification would require each party to be able to share their public keys with each other. I ended up putting that we could use Schnorr Signature Security for our scheme, but I was running out of time and ideas.
Does anyone know how to solve such a problem? I'm afraid I can't think of ways to share a file safely without exchanging keys beforehand in some capacity.
