Efficient Semi-static Secure Broadcast Encryption Scheme (original) (raw)
Related papers
Improved Broadcast Encryption Scheme with Constant-Size Ciphertext
Lecture Notes in Computer Science, 2013
The Boneh-Gentry-Waters (BGW) [4] scheme is one of the most efficient broadcast encryption scheme regarding the overhead size. This performance relies on the use of a pairing. Hence this protocol can benefit from public key improvements. The ciphertext is of constant size, whatever the proportion of revoked users is. The main lasting constraint is the computation time at receiver end as it depends on the number of revoked users. In this paper we describe two modifications to improve the BGW bandwidth and time complexity. First we rewrite the protocol and its security proof with an asymmetric pairing over the Barreto-Naehrig (BN) curves instead of a symmetric one over supersingular curves. This modification leads to a practical gain of 60% in speed and 84% in bandwidth. The second tweaks allows to reduce the computation time from O(n − r) to min(O(r), O(n − r)) for the worst case (and better for the average case). We give performance measures of our implementation for a 128-bit security level of the modified protocol on a smartphone.
Decentralized Broadcast Encryption Schemes with Constant Size Ciphertext and Fast Decryption
Symmetry, 2020
Broadcast encryption ( BE ) allows a sender to encrypt a message to an arbitrary target set of legitimate users and to prevent non-legitimate users from recovering the broadcast information. BE has numerous practical applications such as satellite geolocation systems, file sharing systems, pay-TV systems, e-Health, social networks, cloud storage systems, etc. This paper presents two new decentralized BE schemes. Decentralization means that there is no single authority responsible for generating secret cryptographic keys for system users. Therefore, the scheme eliminates the concern of having a single point of failure as the central authority could be attacked, become malicious, or become unavailable. Recent attacks have shown that the centralized approach could lead to system malfunctioning or to leaking sensitive information. Another achievement of the proposed BE schemes is their performance characteristics that make them suitable for environments with light-weight clients, such a...
CONTRIBUTORY BROADCAST ENCRYPTION WITH EFFICIENT ENCRYPTION AND SHORT CIPHERTEXTS
cegon technologies, 2019
Broadcast encryption (BE) schemes allow a sender to securely broadcast to any subset of members but require a trusted party to distribute decryption keys. Group key agreement (GKA) protocols enable a group of members to negotiate a common encryption key via open networks so that only the group members can decrypt the ciphertexts encrypted under the shared encryption key, but a sender cannot exclude any particular member from decrypting the ciphertexts. In this paper, we bridge these two notions with a hybrid primitive referred to as contributory broadcast encryption (ConBE). In this new primitive, a group of members negotiate a common public encryption key while each member holds a decryption key. A sender seeing the public group encryption key can limit the decryption to a subset of members of his choice.
Advances in Cryptology — CRYPTO’ 93, 1994
We introduce new theoretical measures for the qualitative and quantitative assessment of encryption schemes designed for broadcast transmissions. The goal is to allow a central broadcast site to broadcast secure transmissions to an arbitrary set of recipients while minimizing key management related transmissions. We present several schemes that allow a center to broadcast a secret to any subset of privileged users out of a universe of size n so that coalitions of k users not in the privileged set cannot learn the secret. The most interesting scheme requires every user to store O(k log k log n) keys and the center to broadcast O(k2 log' k log n) messages regardless of the size of the privileged set. This scheme is resilient to any coalition of k users. We also present a scheme that is resilient with probability p against a random subset of k users. This scheme requires every user to store O(1og k log(l/p)) keys and the center to broadcast O(k log2 k log(l/p)) messages.
Decentralized Dynamic Broadcast Encryption
Lecture Notes in Computer Science, 2012
A broadcast encryption system generally involves three kinds of entities: the group manager that deals with the membership, the encryptor that encrypts the data to the registered users according to a specific policy (the target set), and the users that decrypt the data if they are authorized by the policy. Public-key broadcast encryption can be seen as removing this special role of encryptor, by allowing anybody to send encrypted data. In this paper, we go a step further in the decentralization process, by removing the group manager: the initial setup of the group, as well as the addition of further members to the system, do not require any central authority. Our construction makes black-box use of well-known primitives and can be considered as an extension to the subset-cover framework. It allows for efficient concrete instantiations, with parameter sizes that match those of the subset-cover constructions, while at the same time achieving the highest security level in the standard model under the DDH assumption.
Mathematical and Computer Modelling, 2012
The main challenge in building efficient broadcast systems is to encrypt messages with short ciphertexts. The well-known constructions of identity-based broadcast encryption (IBBE) with constant size ciphertexts in the standard model are based on the non-standard cryptography assumption. In addition, these constructions cannot solve the trade-off between the private keys and ciphertexts. These folklore construction methods lead to schemes that are somewhat inefficient and leave open the problem of finding more efficient direct constructions. In this paper, we give a secure identity-based broadcast encryption scheme with a constant-size ciphertext and private keys. It is constructed by using dual techniques in the subgroups. The proposed scheme achieves the full security (adaptive security) under three static (i.e. non q-based) assumptions. It is worth noting that only recently Waters's scheme achieves adaptive security under simple assumptions. One feature of our scheme is that it is relatively simple to get adaptive security.
Improvement of the Efficient Secret Broadcast Scheme
IEICE Transactions on Information and Systems, 2010
In 2009, Jeong et al. proposed a secure binding encryption scheme and an efficient secret broadcast scheme. This paper points out that the schemes have some errors and cannot operate correctly, contrary to their claims. In addition, this paper also proposes improvements of Jeong et al.'s scheme that can withstand the proposed attacks.
Scientia Iranica, 2017
In broadcast encryption schemes, a distribution center broadcasts an encrypted message to a subset chosen from a universe of receivers and only the intended users are able to decrypt the message. Most broadcast encryption schemes do not provide anonymity and the identities of target receivers are sent in plaintext. However, in several applications, the authorized users' identities have the same sensitivity as the broadcasted messages. Yu, Ren and Lou (YRL) considered this issue and introduced an e icient anonymous a ribute-based broadcast encryption scheme. In this paper, we first propose an a ack on the YRL scheme and show that the unauthorized receivers can also decrypt the broadcasted message. Next, we propose the Improved-YRL scheme and prove that it achieves anonymity and semantic security under adaptive corruptions in the chosen ciphertext se ing. The proof is provided using the dual system encryption technique and is based on three complexity assumptions in composite order bilinear maps. The Improved-YRL scheme is a step forward in solving the long-standing problem of secure and low overhead anonymous broadcast encryption.
Efficient broadcast encryption with user profiles
Information Sciences, 2010
Broadcast encryption (BE) deals with secure transmission of a message to a group of users such that only an authorized subset of users can decrypt the message. Some of the most effective BE schemes in the literature are the tree-based schemes of complete subtree (CS) and subset difference (SD). The key distribution trees in these schemes are traditionally constructed without considering user preferences. In fact these schemes can be made significantly more efficient when user profiles are taken into account. In this paper, we consider this problem and study how to construct the CS and SD trees more efficiently according to user profiles. We first analyze the relationship between the transmission cost and the user profile distribution and prove a number of key results in this aspect. Then we propose several optimization algorithms which can reduce the bandwidth requirement of the CS and SD schemes significantly. This reduction becomes even more significant when a number of free riders can be allowed in the system.
Privacy-preserving identity-based broadcast encryption
Information Fusion, 2012
Broadcast encryption enables a broadcaster to encrypt messages and transmit them to some subset S of authorized users. In identity-based broadcast encryption schemes, a broadcasting sender typically encrypts a message by combining public identities of receivers in S and system parameters. However, previous identity-based broadcast encryption schemes have not been concerned about preserving the privacy of receivers. Consequently, all of the identities of broadcast receivers in S are exposed to the public in the previous schemes, which may be subject to attacks on user privacy in lots of pragmatic applications. We propose a novel privacy-preserving identity-based broadcast encryption scheme against an active attacker. The proposed scheme protects the privacy of receivers of broadcasted messages by hiding the identities of receivers in S. Additionally, it achieves less storage and computation costs required to encrypt and decrypt the broadcast message, compared to the previous identity-based broadcast encryption schemes that do not provide user privacy.