Lower Bounds for Subset Cover Based Broadcast Encryption

In this paper, we prove lower bounds for a large class of Subset Cover schemes (including all existing schemes based on pseudorandom sequence generators). In particular, we show that - For small r, bandwidth is Ω(r) - For some r, bandwidth is Ω(n/log(s)) - For large r, bandwidth is n - r where n is the number of users, r is the number of revoked users, and s is the space required per user. These bounds are all tight in the sense that they match known constructions up to small constants.

[1]  Dong Hoon Lee,et al.  Generic Transformation for Scalable Broadcast Encryption Schemes , 2005, CRYPTO.

[2]  Michael T. Goodrich,et al.  Efficient Tree-Based Revocation in Groups of Low-State Devices , 2004, CRYPTO.

[3]  David P. Woodruff,et al.  Explicit Exclusive Set Systems with Applications to Broadcast Encryption , 2006, 2006 47th Annual IEEE Symposium on Foundations of Computer Science (FOCS'06).

[4]  Moni Naor,et al.  Revocation and Tracing Schemes for Stateless Receivers , 2001, CRYPTO.

[5]  Ronald Cramer,et al.  Advances in Cryptology - EUROCRYPT 2005, 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Aarhus, Denmark, May 22-26, 2005, Proceedings , 2005, EUROCRYPT.

[6]  Ahmed Obied,et al.  Broadcast Encryption , 2008, Encyclopedia of Multimedia.

[7]  Chi Sung Laih,et al.  Advances in Cryptology - ASIACRYPT 2003 , 2003 .

[8]  Adi Shamir,et al.  The LSD Broadcast Encryption Scheme , 2002, CRYPTO.

[9]  Brent Waters,et al.  Collusion Resistant Broadcast Encryption with Short Ciphertexts and Private Keys , 2005, CRYPTO.

[10]  Victor Shoup Advances in Cryptology - CRYPTO 2005: 25th Annual International Cryptology Conference, Santa Barbara, California, USA, August 14-18, 2005, Proceedings , 2005, CRYPTO.

[11]  Dong Hoon Lee,et al.  One-Way Chain Based Broadcast Encryption Schemes , 2005, EUROCRYPT.

[12]  Mattias Johansson,et al.  Stateful Subset Cover , 2006, ACNS.

[13]  Kaisa Nyberg,et al.  Advances in Cryptology — EUROCRYPT'98 , 1998 .

[14]  Douglas R. Stinson,et al.  Advances in Cryptology — CRYPTO’ 93 , 2001, Lecture Notes in Computer Science.

[15]  Donald W. Davies,et al.  Advances in Cryptology — EUROCRYPT ’91 , 2001, Lecture Notes in Computer Science.

[16]  Tomoyuki Asano A Revocation Scheme with Minimal Storage at Receivers , 2002, ASIACRYPT.

[17]  Moti Yung,et al.  Advances in Cryptology — CRYPTO 2002 , 2002, Lecture Notes in Computer Science.

[18]  Matthew Franklin,et al.  Advances in Cryptology – CRYPTO 2004 , 2004, Lecture Notes in Computer Science.

[19]  Shimshon Berkovits,et al.  How To Broadcast A Secret , 1991, EUROCRYPT.

[20]  Jessica Staddon,et al.  Combinatorial Bounds for Broadcast Encryption , 1998, EUROCRYPT.

[21]  Aggelos Kiayias,et al.  Self Protecting Pirates and Black-Box Traitor Tracing , 2001, CRYPTO.

[22]  André Adelsbach,et al.  A Broadcast Encryption Scheme with Free-Riders but Unconditional Security , 2005, DRMTICS.

[23]  Yuliang Zheng,et al.  Advances in Cryptology — ASIACRYPT 2002 , 2002, Lecture Notes in Computer Science.

[24]  Kazukuni Kobara,et al.  Sequential Key Derivation Patterns for Broadcast Encryption and Key Predistribution Schemes , 2003, ASIACRYPT.

[25]  Tomoyuki Asano Reducing Storage at Receivers in SD and LSD Broadcast Encryption Schemes , 2003, WISA.

[26]  Craig Gentry,et al.  RSA Accumulator Based Broadcast Encryption , 2004, ISC.