Forward-Secure and Searchable Broadcast Encryption with Short Ciphertexts and Private Keys

We introduce a primitive called Hierarchical Identity- Coupling Broadcast Encryption (HICBE) that can be used for constructing efficient collusion-resistant public-key broadcast encryption schemes with extended properties such as forward-security and keyword- searchability. Our forward-secure broadcast encryption schemes have small ciphertext and private key sizes, in particular, independent of the number of users in the system. One of our best two constructions achieves ciphertexts of constant size and user private keys of size O(log2T), where T is the total number of time periods, while another achieves both ciphertexts and user private keys of size O(logT). These performances are comparable to those of the currently best single-user forward-secure public-key encryption scheme, while our schemes are designed for broadcasting to arbitrary sets of users. As a side result, we also formalize the notion of searchable broadcast encryption, which is a new generalization of public key encryption with keyword search. We then relate it to anonymous HICBE and present a construction with polylogarithmic performance.

[1]  Amos Fiat,et al.  Broadcast Encryption , 1993, CRYPTO.

[2]  Hideki Imai,et al.  Graph-Decomposition-Based Frameworks for Subset-Cover Broadcast Encryption and Efficient Instantiations , 2005, ASIACRYPT.

[3]  Jonathan Katz,et al.  A Forward-Secure Public-Key Encryption Scheme , 2003, Journal of Cryptology.

[4]  Yevgeniy Dodis,et al.  Public Key Broadcast Encryption for Stateless Receivers , 2002, Digital Rights Management Workshop.

[5]  Brent Waters,et al.  Efficient Identity-Based Encryption Without Random Oracles , 2005, EUROCRYPT.

[6]  Moni Naor,et al.  Revocation and Tracing Schemes for Stateless Receivers , 2001, CRYPTO.

[7]  Michael T. Goodrich,et al.  Efficient Tree-Based Revocation in Groups of Low-State Devices , 2004, CRYPTO.

[8]  Rafail Ostrovsky,et al.  Public Key Encryption with Keyword Search , 2004, EUROCRYPT.

[9]  Dan Boneh,et al.  Efficient Selective-ID Secure Identity Based Encryption Without Random Oracles , 2004, IACR Cryptol. ePrint Arch..

[10]  Jonathan Katz,et al.  Chosen-Ciphertext Security from Identity-Based Encryption , 2006 .

[11]  Qixiang Mei,et al.  Direct chosen ciphertext security from identity-based techniques , 2005, CCS '05.

[12]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[13]  Dan Boneh,et al.  Hierarchical Identity Based Encryption with Constant Size Ciphertext , 2005, EUROCRYPT.

[14]  Adi Shamir,et al.  The LSD Broadcast Encryption Scheme , 2002, CRYPTO.

[15]  Jonathan Katz,et al.  Improved Efficiency for CCA-Secure Cryptosystems Built Using Identity-Based Encryption , 2005, CT-RSA.

[16]  Craig Gentry,et al.  Hierarchical ID-Based Cryptography , 2002, ASIACRYPT.

[17]  Brent Waters,et al.  Collusion Resistant Broadcast Encryption with Short Ciphertexts and Private Keys , 2005, CRYPTO.

[18]  Jonathan Katz,et al.  Chosen-Ciphertext Security from Identity-Based Encryption , 2004, SIAM J. Comput..

[19]  Brent Waters,et al.  Anonymous Hierarchical Identity-Based Encryption (Without Random Oracles) , 2006, CRYPTO.

[20]  Ran Canetti,et al.  A Forward-Secure Public-Key Encryption Scheme , 2003, Journal of Cryptology.

[21]  Jung Hee Cheon,et al.  Security Analysis of the Strong Diffie-Hellman Problem , 2006, EUROCRYPT.

[22]  Yevgeniy Dodis,et al.  ID-based encryption for complex hierarchies with applications to forward security and broadcast encryption , 2004, CCS '04.

[23]  M. Bellare,et al.  Searchable Encryption Revisited: Consistency Properties, Relation to Anonymous IBE, and Extensions , 2008, Journal of Cryptology.