RSA Accumulator Based Broadcast Encryption

Broadcast encryption schemes allow a center to transmit encrypted data over a broadcast channel to a large number of users such that only a select subset of privileged users can decrypt it. In this paper, we analyze how RSA accumulators can be used as a tool in this area. First, we describe a technique for achieving full key derivability given any broadcast encryption scheme in the general subset-cover framework [16]. Second, we show that Asano’s Broadcast Encryption scheme [5], can be viewed as a special-case instantiation of our general technique. Third, we use our technique to develop a new stateless-receiver broadcast encryption scheme that is a direct improvement on Asano’s scheme with respect to communication complexity, amount of tamper-resistant storage needed, and key derivation costs. Fourth, we derive a new lower bound that characterizes the tradeoffs inherent in broadcast encryption schemes which use our key derivability technique.

[1]  Avishai Wool,et al.  Key management for restricted multicast using broadcast encryption , 2000, TNET.

[2]  Yvo Desmedt,et al.  Advances in Cryptology — CRYPTO ’94 , 2001, Lecture Notes in Computer Science.

[3]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[4]  Yuliang Zheng,et al.  Advances in Cryptology — ASIACRYPT 2002 , 2002, Lecture Notes in Computer Science.

[5]  Kaisa Nyberg,et al.  Advances in Cryptology — EUROCRYPT'98 , 1998 .

[6]  Aggelos Kiayias,et al.  Self Protecting Pirates and Black-Box Traitor Tracing , 2001, CRYPTO.

[7]  Donald W. Davies,et al.  Advances in Cryptology — EUROCRYPT ’91 , 2001, Lecture Notes in Computer Science.

[8]  Ran Canetti,et al.  Efficient Communication-Storage Tradeoffs for Multicast Encryption , 1999, EUROCRYPT.

[9]  Amos Fiat,et al.  Tracing traitors , 2000, IEEE Trans. Inf. Theory.

[10]  Moni Naor,et al.  Revocation and Tracing Schemes for Stateless Receivers , 2001, CRYPTO.

[11]  Josh Benaloh,et al.  One-Way Accumulators: A Decentralized Alternative to Digital Sinatures (Extended Abstract) , 1994, EUROCRYPT.

[12]  Kazukuni Kobara,et al.  Broadcast encryption with short keys and transmissions , 2003, DRM '03.

[13]  Selim G. Akl,et al.  Cryptographic Solution to a Multilevel Security Problem , 1982, CRYPTO.

[14]  Selim G. Akl,et al.  Cryptographic solution to a problem of access control in a hierarchy , 1983, TOCS.

[15]  Michael Wiener,et al.  Advances in Cryptology — CRYPTO’ 99 , 1999 .

[16]  Amos Fiat,et al.  Broadcast Encryption , 1993, CRYPTO.

[17]  Selim G. Akl,et al.  An Optimal Algorithm for Assigning Cryptographic Keys to Control Access in a Hierarchy , 1985, IEEE Transactions on Computers.

[18]  Tor Helleseth,et al.  Advances in Cryptology — EUROCRYPT ’93 , 2001, Lecture Notes in Computer Science.

[19]  Shimshon Berkovits,et al.  How To Broadcast A Secret , 1991, EUROCRYPT.

[20]  Jessica Staddon,et al.  Combinatorial Bounds for Broadcast Encryption , 1998, EUROCRYPT.

[21]  Jacques Stern,et al.  Advances in Cryptology — EUROCRYPT ’99 , 1999, Lecture Notes in Computer Science.

[22]  Moti Yung,et al.  Advances in Cryptology — CRYPTO 2002 , 2002, Lecture Notes in Computer Science.

[23]  Douglas R. Stinson,et al.  Advances in Cryptology — CRYPTO’ 93 , 2001, Lecture Notes in Computer Science.

[24]  Tomoyuki Asano A Revocation Scheme with Minimal Storage at Receivers , 2002, ASIACRYPT.

[25]  Stafford E. Tavares,et al.  Flexible Access Control with Master Keys , 1989, CRYPTO.

[26]  Adi Shamir,et al.  The LSD Broadcast Encryption Scheme , 2002, CRYPTO.