Public Key Broadcast Encryption with Low Number of Keys and Constant Decryption Time

In this paper we propose three public key BE schemes that have efficient complexity measures. The first scheme, called the BE-PI scheme, has O(r) header size, O(1) public keys and O(log N) private keys per user, where r is the number of revoked users. This is the first public key BE scheme that has both public and private keys under O(logN) while the header size is O(r). These complexity measures match those of efficient secret key BE schemes. Our second scheme, called the PK-SD-PI scheme, has O(r) header size, O(1) public key and O(log2 N) private keys per user. They are the same as those of the SD scheme. Nevertheless, the decryption time is remarkably O(1). This is the first public key BE scheme that has O(1) decryption time while other complexity measures are kept low. The third scheme, called, the PK-LSD-PI scheme, is constructed in the same way, but based on the LSD method. It has O(r/Ɛ) ciphertext size and O(log1+Ɛ N) private keys per user, where 0 < Ɛ < 1. The decryption time is also O(1). Our basic schemes are one-way secure against full collusion of revoked users in the random oracle model under the BDH assumption. We can modify our schemes to have indistinguishably security against adaptive chosen ciphertext attacks.

[1]  Ronald Cramer,et al.  Advances in Cryptology - EUROCRYPT 2005, 24th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Aarhus, Denmark, May 22-26, 2005, Proceedings , 2005, EUROCRYPT.

[2]  Yevgeniy Dodis,et al.  Public Key Broadcast Encryption for Stateless Receivers , 2002, Digital Rights Management Workshop.

[3]  Douglas R. Stinson,et al.  Advances in Cryptology — CRYPTO’ 93 , 2001, Lecture Notes in Computer Science.

[4]  A. Maximov,et al.  Fast computation of large distributions and its cryptographic applications , 2005 .

[5]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[6]  Brent Waters,et al.  A fully collusion resistant broadcast, trace, and revoke system , 2006, CCS '06.

[7]  Tomoyuki Asano A Revocation Scheme with Minimal Storage at Receivers , 2002, ASIACRYPT.

[8]  David Galindo,et al.  Boneh-Franklin Identity Based Encryption Revisited , 2005, IACR Cryptol. ePrint Arch..

[9]  Moti Yung,et al.  Advances in Cryptology — CRYPTO 2002 , 2002, Lecture Notes in Computer Science.

[10]  Brent Waters,et al.  Collusion Resistant Broadcast Encryption with Short Ciphertexts and Private Keys , 2005, CRYPTO.

[11]  Victor Shoup Advances in Cryptology - CRYPTO 2005: 25th Annual International Cryptology Conference, Santa Barbara, California, USA, August 14-18, 2005, Proceedings , 2005, CRYPTO.

[12]  Dong Hoon Lee,et al.  One-Way Chain Based Broadcast Encryption Schemes , 2005, EUROCRYPT.

[13]  Peng Ning,et al.  Storage-Efficient Stateless Group Key Revocation , 2004, ISC.

[14]  Yvo Desmedt Public Key Cryptography — PKC 2003 , 2002, Lecture Notes in Computer Science.

[15]  Aggelos Kiayias,et al.  Self Protecting Pirates and Black-Box Traitor Tracing , 2001, CRYPTO.

[16]  Jung Hee Cheon,et al.  Efficient Broadcast Encryption Using Multiple Interpolation Methods , 2004, ICISC.

[17]  Wen-Guey Tzeng,et al.  A Public-Key Traitor Tracing Scheme with Revocation Using Dynamic Shares , 2001, Public Key Cryptography.

[18]  Moni Naor,et al.  Revocation and Tracing Schemes for Stateless Receivers , 2001, CRYPTO.

[19]  Choonsik Park,et al.  Information Security and Cryptology - ICISC 2004, 7th International Conference, Seoul, Korea, December 2-3, 2004, Revised Selected Papers , 2005, ICISC.

[20]  Craig Gentry,et al.  Hierarchical ID-Based Cryptography , 2002, ASIACRYPT.

[21]  Ahmed Obied,et al.  Broadcast Encryption , 2008, Encyclopedia of Multimedia.

[22]  Adi Shamir,et al.  The LSD Broadcast Encryption Scheme , 2002, CRYPTO.

[23]  Kaoru Kurosawa,et al.  Linear Code Implies Public-Key Traitor Tracing , 2002, Public Key Cryptography.

[24]  Matthew K. Franklin,et al.  An Efficient Public Key Traitor Tracing Scheme , 1999, CRYPTO.

[25]  Kaisa Nyberg,et al.  Advances in Cryptology — EUROCRYPT'98 , 1998 .

[26]  Matthew Franklin,et al.  Advances in Cryptology – CRYPTO 2004 , 2004, Lecture Notes in Computer Science.

[27]  Yvo Desmedt,et al.  Optimum Traitor Tracing and Asymmetric Schemes , 1998, EUROCRYPT.

[28]  Toru Fujiwara,et al.  An efficient traitor tracing scheme for broadcast encryption , 2000, 2000 IEEE International Symposium on Information Theory (Cat. No.00CH37060).

[29]  Pil Joong Lee,et al.  Efficient Public Key Broadcast Encryption Using Identifier of Receivers , 2006, ISPEC.

[30]  Hideki Imai,et al.  Graph-Decomposition-Based Frameworks for Subset-Cover Broadcast Encryption and Efficient Instantiations , 2005, ASIACRYPT.

[31]  Michael T. Goodrich,et al.  Efficient Tree-Based Revocation in Groups of Low-State Devices , 2004, CRYPTO.

[32]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[33]  Arto Salomaa,et al.  Public-Key Cryptography , 1991, EATCS Monographs on Theoretical Computer Science.

[34]  Dan Boneh,et al.  Hierarchical Identity Based Encryption with Constant Size Ciphertext , 2005, EUROCRYPT.

[35]  Yevgeniy Dodis,et al.  Public Key Trace and Revoke Scheme Secure against Adaptive Chosen Ciphertext Attack , 2003, Public Key Cryptography.

[36]  Michael Wiener,et al.  Advances in Cryptology — CRYPTO’ 99 , 1999 .

[37]  Robin Milner,et al.  On Observing Nondeterminism and Concurrency , 1980, ICALP.