Improvement of the Efficient Secret Broadcast Scheme (original) (raw)
Related papers
Improved Broadcast Encryption Scheme with Constant-Size Ciphertext
Lecture Notes in Computer Science, 2013
The Boneh-Gentry-Waters (BGW) [4] scheme is one of the most efficient broadcast encryption scheme regarding the overhead size. This performance relies on the use of a pairing. Hence this protocol can benefit from public key improvements. The ciphertext is of constant size, whatever the proportion of revoked users is. The main lasting constraint is the computation time at receiver end as it depends on the number of revoked users. In this paper we describe two modifications to improve the BGW bandwidth and time complexity. First we rewrite the protocol and its security proof with an asymmetric pairing over the Barreto-Naehrig (BN) curves instead of a symmetric one over supersingular curves. This modification leads to a practical gain of 60% in speed and 84% in bandwidth. The second tweaks allows to reduce the computation time from O(n − r) to min(O(r), O(n − r)) for the worst case (and better for the average case). We give performance measures of our implementation for a 128-bit security level of the modified protocol on a smartphone.
Efficient Semi-static Secure Broadcast Encryption Scheme
Lecture Notes in Computer Science, 2014
In this paper, we propose a semi-static secure broadcast encryption scheme with constant-sized private keys and ciphertexts. Our result improves the semi-static secure broadcast encryption scheme introduced by Gentry and Waters. Specifically, we reduce the private key and ciphertext size by half. By applying the generic transformation proposed by Gentry and Waters, our scheme also achieves adaptive security. Finally, we present an improved implementation idea which can reduce the ciphertext size in the aforementioned generic transformation.
Advances in Cryptology — CRYPTO’ 93, 1994
We introduce new theoretical measures for the qualitative and quantitative assessment of encryption schemes designed for broadcast transmissions. The goal is to allow a central broadcast site to broadcast secure transmissions to an arbitrary set of recipients while minimizing key management related transmissions. We present several schemes that allow a center to broadcast a secret to any subset of privileged users out of a universe of size n so that coalitions of k users not in the privileged set cannot learn the secret. The most interesting scheme requires every user to store O(k log k log n) keys and the center to broadcast O(k2 log' k log n) messages regardless of the size of the privileged set. This scheme is resilient to any coalition of k users. We also present a scheme that is resilient with probability p against a random subset of k users. This scheme requires every user to store O(1og k log(l/p)) keys and the center to broadcast O(k log2 k log(l/p)) messages.
CONTRIBUTORY BROADCAST ENCRYPTION WITH EFFICIENT ENCRYPTION AND SHORT CIPHERTEXTS
cegon technologies, 2019
Broadcast encryption (BE) schemes allow a sender to securely broadcast to any subset of members but require a trusted party to distribute decryption keys. Group key agreement (GKA) protocols enable a group of members to negotiate a common encryption key via open networks so that only the group members can decrypt the ciphertexts encrypted under the shared encryption key, but a sender cannot exclude any particular member from decrypting the ciphertexts. In this paper, we bridge these two notions with a hybrid primitive referred to as contributory broadcast encryption (ConBE). In this new primitive, a group of members negotiate a common public encryption key while each member holds a decryption key. A sender seeing the public group encryption key can limit the decryption to a subset of members of his choice.
Towards Making Broadcast Encryption Practical
1999
The problem we address is how to communicate securely with a set of users (the target set) over an insecure broadcast channel. In order to solve this problem, several broadcast encryption schemes have been proposed. In these systems, the parameters of major concern are the length of transmission and number of keys held by each user's set top terminal (STT). Due to the need to withstand hardware tampering, the amount of secure memory available in the STTs is quite small, severely limiting the number of keys each user holds. In such cases, known theoretical bounds seem to indicate that non-trivial broadcast encryption schemes are only feasible when the number of users is small.
On Broadcast Encryption with Random Key Pre-distribution Schemes
Broadcast encryption (BE) deals with the problem of establishing a secret, shared by g = G − r privileged nodes, among a set G nodes. Specifically, a set of r revoked nodes are denied access to the secret. Many schemes to address this problem, based on key pre-distribution schemes (KPS), have been proposed in the literature. Most state-ofthe-art methods employ tree-based techniques. However, random key pre-distribution schemes (RKPS), which have received a lot of attention in the recent past (especially in the context of ad hoc and sensor network security), also cater for BE. In this paper we analyze the performance of BE using RKPSs. While in most tree-based methods the source of the broadcast is assumed to be the root of the tree (unless asymmetric cryptographic primitives can be used), BE using RKPSs caters for BE by peers-without the need for asymmetric cryptography. Furthermore, unlike most BE schemes where the identities of the revoked nodes have to be explicitly specified, BE using RKPSs allow for protecting the identities of the revoked nodes, which could be a useful property in application scenarios where privacy is a crucial issue.
Security Notions for Broadcast Encryption
Lecture Notes in Computer Science, 2011
This paper clarifies the relationships between security notions for broadcast encryption. In the past, each new scheme came with its own definition of security, which makes them hard to compare. We thus define a set of notions, as done for signature and encryption, for which we prove implications and separations, and relate the existing notions to the ones in our framework. We find some interesting relationships between the various notions, especially in the way they define the receiver set of the challenge message. In addition, we define a security notion that is stronger than all previous ones, and give an example of a scheme that fulfills this notion.
Efficient Multi-receiver Identity-Based Encryption and Its Application to Broadcast Encryption
Lecture Notes in Computer Science, 2005
In this paper, we construct an efficient "multi-receiver identitybased encryption scheme". Our scheme only needs one (or none if precomputed and provided as a public parameter) pairing computation to encrypt a single message for n receivers, in contrast to the simple construction that re-encrypts a message n times using Boneh and Franklin's identity-based encryption scheme, considered previously in the literature. We extend our scheme to give adaptive chosen ciphertext security. We support both schemes with security proofs under precisely defined formal security model. Finally, we discuss how our scheme can lead to a highly efficient public key broadcast encryption scheme based on the "subset-cover" framework.
Decentralized Broadcast Encryption Schemes with Constant Size Ciphertext and Fast Decryption
Symmetry, 2020
Broadcast encryption ( BE ) allows a sender to encrypt a message to an arbitrary target set of legitimate users and to prevent non-legitimate users from recovering the broadcast information. BE has numerous practical applications such as satellite geolocation systems, file sharing systems, pay-TV systems, e-Health, social networks, cloud storage systems, etc. This paper presents two new decentralized BE schemes. Decentralization means that there is no single authority responsible for generating secret cryptographic keys for system users. Therefore, the scheme eliminates the concern of having a single point of failure as the central authority could be attacked, become malicious, or become unavailable. Recent attacks have shown that the centralized approach could lead to system malfunctioning or to leaking sensitive information. Another achievement of the proposed BE schemes is their performance characteristics that make them suitable for environments with light-weight clients, such a...
IEEE Communications Letters, 2000
In this letter a weakness of certain broadcast encryption schemes in which the protected delivery of a session key (SEK) is based on XOR-ing this SEK with the IDs of the keys employed for its encryption is addressed. The weakness can be effectively explored assuming passive attacking which in the cases corresponding to a malicious legitimate user being the attacker, is a ciphertext only attack. A dedicated algorithm for cryptanalysis is proposed based on a generalized time-memory-data trade-off approach and its main characteristics are derived. The developed algorithm points out a security weakness of employing a block cipher with block length shorter than the key length in the considered BE schemes.