A Survey of Broadcast Encryption

Broadcast encryption is the problem of a sending an encrypted message to a large user base such that the message can only be decrypted by a dynamically changing privileged subset. The study of broadcast encryption has become more and more important with the ever-increasing concern about copyright issues and the increasing interest in secure multicasting (over cable television and the Internet). We discuss the early broadcast-encryption results of Fiat and Naor [3], presenting several broadcast-encryption schemes from that paper. Next, we discuss Naor, Naor, and Lotspiech’s [6] subset-cover model, an abstract framework for broadcast-encryption schemes. We then discuss instances of the subset-cover model. This is followed by discussion of a method of Halevy and Shamir [4] that improves upon [6]’s best example of a subset-cover scheme. We finish with a discussion of traitor tracing — the problem of, given an illegal decoder box, punishing the users who contributed keys to it. In particular, we focus on traitor-tracing algorithms for (some) subset-cover schemes.