Sequential Key Derivation Patterns for Broadcast Encryption and Key Predistribution Schemes

We study two closely related primitives: Broadcast Encryption and Key Predistribution Schemes (KPS). Broadcast Encryption allows a broadcaster to broadcast an encrypted message so that only a designated group of users can decrypt it. KPS allows a designated group of users to establish a common key non-interactively. We discover a generic method to construct efficient broadcast encryption schemes and KPSs naturally from Pseudo-Random Sequence Generators (PRSG) by observing that there are general ”patterns” to do so. The two currently best PRSG-based broadcast encryption schemes such as the ”Subset Difference” (SD) scheme by Naor Naor and Lotspiech and its refinement, the “Layered SD” (LSD) scheme by Halevy and Shamir, are indeed two special cases of our method. We demonstrate the power of this generic method by giving: (1) A solution to the most challenging variant of KPS: the one which supports arbitrary number of users to form a group yet secure against any collusion. We obtain a lower bound of the private key size at each user for any PRSG-based KPSs in this setting and construct a KPS that meets this bound. (2) An evidence that previous PRSG-based BE schemes, such as SD and LSD, can be further improved without any further assumption using this general method. We construct ”Flexible SD” and ”Flexible LSD” broadcast encryption schemes, which require less private key size while still maintain exactly the same broadcast size compared to their original SD/LSD schemes.

[1]  Moni Naor,et al.  Revocation and Tracing Schemes for Stateless Receivers , 2001, CRYPTO.

[2]  Yevgeniy Dodis,et al.  Public Key Trace and Revoke Scheme Secure against Adaptive Chosen Ciphertext Attack , 2003, Public Key Cryptography.

[3]  Amit Sahai,et al.  Coding Constructions for Blacklisting Problems without Computational Assumptions , 1999, CRYPTO.

[4]  Douglas R. Stinson,et al.  Trade-offs Between Communication and Storage in Unconditionally Secure Schemes for Broadcast Encryption and Interactive Key Distribution , 1996, CRYPTO.

[5]  Aggelos Kiayias,et al.  Scalable public-key tracing and revoking , 2003, PODC.

[6]  Jessica Staddon,et al.  Combinatorial Bounds for Broadcast Encryption , 1998, EUROCRYPT.

[7]  Jessica Staddon,et al.  Efficient Methods for Integrating Traceability and Broadcast Encryption , 1999, CRYPTO.

[8]  Aggelos Kiayias,et al.  Fully scalable public-key traitor tracing , 2003 .

[9]  Selim G. Akl,et al.  Cryptographic solution to a problem of access control in a hierarchy , 1983, TOCS.

[10]  Tomoyuki Asano A Revocation Scheme with Minimal Storage at Receivers , 2002, ASIACRYPT.

[11]  Tsutomu Matsumoto,et al.  A Quick Group Key Distribution Scheme with "Entity Revocation" , 1999, ASIACRYPT.

[12]  Kazukuni Kobara,et al.  Broadcast encryption with short keys and transmissions , 2003, DRM '03.

[13]  Douglas R. Stinson,et al.  On Some Methods for Unconditionally Secure Key Distribution and Broadcast Encryption , 1997, Des. Codes Cryptogr..

[14]  Mohamed G. Gouda,et al.  Secure group communications using key graphs , 2000, TNET.

[15]  Amos Fiat,et al.  Broadcast Encryption , 1993, CRYPTO.

[16]  Yevgeniy Dodis,et al.  Public Key Broadcast Encryption for Stateless Receivers , 2002, Digital Rights Management Workshop.

[17]  Dan Boneh,et al.  Applications of Multilinear Forms to Cryptography , 2002, IACR Cryptol. ePrint Arch..

[18]  Eric J. Harder,et al.  Key Management for Multicast: Issues and Architectures , 1999, RFC.

[19]  Yvo Desmedt,et al.  Unconditionally secure dynamic conference key distribution , 1998, Proceedings. 1998 IEEE International Symposium on Information Theory (Cat. No.98CH36252).

[20]  Craig Gentry,et al.  Hierarchical ID-Based Cryptography , 2002, ASIACRYPT.

[21]  Rolf Blom,et al.  An Optimal Class of Symmetric Key Generation Systems , 1985, EUROCRYPT.

[22]  Adi Shamir,et al.  The LSD Broadcast Encryption Scheme , 2002, CRYPTO.

[23]  Stafford E. Tavares,et al.  Flexible Access Control with Master Keys , 1989, CRYPTO.

[24]  Moni Naor,et al.  Efficient Trace and Revoke Schemes , 2000, Financial Cryptography.

[25]  Yvo Desmedt,et al.  Some Bounds and a Construction for Secure Broadcast Encryption , 1998, ASIACRYPT.

[26]  Hideki Imai,et al.  On the Key Predistribution System: A Practical Solution to the Key Distribution Problem , 1987, CRYPTO.