Improved Broadcast Encryption Scheme with Constant-Size Ciphertext (original) (raw)
Related papers
Golden Sequence for the PPSS Broadcast Encryption Scheme with an Asymmetric Pairing
IACR Cryptol. ePrint Arch., 2013
Broadcast encryption is conventionally formalized as broadcast encapsulation in which, instead of a ciphertext, a session key is produced, which is required to be indistinguishable from random. Such a scheme can provide public encryption functionality in combination with a symmetric encryption through the hybrid encryption paradigm. The Boneh-Gentry-Waters scheme of 2005 proposed a broadcast scheme with constant-size ciphertext. It is one of the most ecient broadcast encryption schemes regarding overhead size. In this work we consider the improved scheme of Phan-Pointcheval-Shahandashi-Steer [PPSS12] which provides an adaptive CCA broadcast encryption scheme. These two schemes may be tweaked to use bilinear pairings[DGS12].This document details our choices for the implementation of the PPSS scheme. We provide a complete golden sequence of the protocol with ecient pairings (Tate, Ate and Optimal Ate). We target a 128-bit security level, hence we use a BN-curve [BN06]. The aim of this...
An efficient variant of Boneh-Gentry-Hamburg\u27s identity-based encryption without pairing
2015
Boneh, Gentry and Hamburg presented an encryption system known as BasicIBE without incorporating pairings. This system has short ciphertext size but this comes at the cost of less time-efficient encryption / decryption algorithms in which their processing time increases drastically with the message length. Moreover, the private key size is l elements in ZN , where N is a Blum integer and l is the message length. In this paper, we optimize this system in two steps. First, we decrease the private key length from l elements in ZN to only one element. Second, we present two efficient variants of the BasicIBE in terms of ciphertext length and encryption / decryption speed. The ciphertext is as short as the BasicIBE, but with more time-efficient algorithms which do not depend on the message length. The proposed system is very time efficient compared to other IBE systems and it is as secure as the BasicIBE system.
CONTRIBUTORY BROADCAST ENCRYPTION WITH EFFICIENT ENCRYPTION AND SHORT CIPHERTEXTS
cegon technologies, 2019
Broadcast encryption (BE) schemes allow a sender to securely broadcast to any subset of members but require a trusted party to distribute decryption keys. Group key agreement (GKA) protocols enable a group of members to negotiate a common encryption key via open networks so that only the group members can decrypt the ciphertexts encrypted under the shared encryption key, but a sender cannot exclude any particular member from decrypting the ciphertexts. In this paper, we bridge these two notions with a hybrid primitive referred to as contributory broadcast encryption (ConBE). In this new primitive, a group of members negotiate a common public encryption key while each member holds a decryption key. A sender seeing the public group encryption key can limit the decryption to a subset of members of his choice.
A Public Verifiability Signcryption Scheme without Pairings
International Journal of Computer Applications, 2017
This paper introduces a new scheme " A Public Verifiability Signcryption Scheme Without Pairings " , based on elliptic curve discrete logarithm problem (ECDLP) and in addition to achieve the functionality of the Signcryption schemes, unforgeability, confidentiality and nonrepudiation, it achieves forward security and public verifiability directly. Also, it uses a strong encryption key depends on random choose value and the sender's private key, although the proposed scheme is slower than the Zheng's signcryption scheme, it achieves saving in communication overhead reach to 50% with respect to the traditional approach signature then encryption. The proposed scheme has been verified using the Mathematica program.
Improvement of the Efficient Secret Broadcast Scheme
IEICE Transactions on Information and Systems, 2010
In 2009, Jeong et al. proposed a secure binding encryption scheme and an efficient secret broadcast scheme. This paper points out that the schemes have some errors and cannot operate correctly, contrary to their claims. In addition, this paper also proposes improvements of Jeong et al.'s scheme that can withstand the proposed attacks.
Efficient Semi-static Secure Broadcast Encryption Scheme
Lecture Notes in Computer Science, 2014
In this paper, we propose a semi-static secure broadcast encryption scheme with constant-sized private keys and ciphertexts. Our result improves the semi-static secure broadcast encryption scheme introduced by Gentry and Waters. Specifically, we reduce the private key and ciphertext size by half. By applying the generic transformation proposed by Gentry and Waters, our scheme also achieves adaptive security. Finally, we present an improved implementation idea which can reduce the ciphertext size in the aforementioned generic transformation.
Further analysis of pairing-based traitor tracing schemes for broadcast encryption
Security and Communication Networks, 2012
Pairing-based public key systems have recently received much attention because bilinear property contributes to the designs of many cryptographic schemes. In 2002, Mitsunari et al. proposed the first pairing-based traitor tracing scheme with constant-size ciphertexts and private keys. However, their scheme has been shown to be insecure for providing traitor tracing functionality. Recently, many researches still try to propose efficient pairing-based traitor tracing schemes in terms of ciphertext and private key sizes. In this paper, we present a security claim for the design of pairing-based traitor tracing schemes. For a pairing-based traitor tracing scheme with constant-size ciphertexts and private keys, if the decryption key is obtained by some pairing operations in pairing-based public key systems, the scheme will suffer from a linear attack and cannot provide the traitor tracing functionality. Finally, we apply our security claim to attack a pairing-based traitor tracing scheme proposed by Yang et al. to demonstrate our result. Our security claim can offer a notice and direction for designing pairing-based traitor tracing schemes.
Pairing-based cryptographic protocols: A survey
2004
The bilinear pairing such as Weil pairing or Tate pairing on elliptic and hyperelliptic curves have recently been found applications in design of cryptographic protocols. In this survey, we have tried to cover different cryptographic protocols based on bilinear pairings which possess, to the best of our knowledge, proper security proofs in the existing security models.
Efficient Implementation of Pairing-Based Cryptosystems
Journal of Cryptology, 2004
Pairing-based cryptosystems rely on the existence of bilinear, nondegenerate, efficiently computable maps (called pairings) over certain groups. Currently, all such pairings used in practice are related to the Tate pairing on elliptic curve groups whose embedding degree is large enough to maintain a good security level, but small enough for arithmetic operations to be feasible. In this paper we describe how to construct ordinary (non-supersingular) elliptic curves containing groups with arbitrary embedding degree, and show how to compute the Tate pairing on these groups efficiently.
A practical revocation scheme for broadcast encryption using smartcards
ACM Transactions on Information and System Security, 2006
We present an anti-pirate revocation scheme for broadcast encryption systems (e.g., pay TV), in which the data is encrypted to ensure payment by users. In the systems we consider, decryption of keys is done on smartcards and key management is done in-band. Our starting point is a scheme of Naor and Pinkas. Their basic scheme uses secret sharing to remove up to t parties, is informationtheoretic secure against coalitions of size t, and is capable of creating a new group key. However, with current smartcard technology, this scheme is only feasible for small system parameters, allowing up to about 100 pirates to be revoked before all the smartcards need to be replaced. We first present a novel implementation method of their basic scheme that distributes the work among the smartcard, set-top terminal, and center. Based on this, we construct several improved schemes for many revocation rounds that scale to realistic system sizes. We allow up to about 10,000 pirates to be revoked using current smartcard technology before recarding is needed. The transmission lengths of our constructions are on par with those of the best tree-based schemes. However, our constructions have much lower smartcard CPU complexity: only O(1) smartcard operations per revocation round (a single 10-byte field multiplication and addition), as opposed to the complexity of the best tree-based schemes, which is polylogarithmic in the number of users. We evaluate the system behavior via an exhaustive simulation study coupled with a queueing theory analysis. Our simulations show that with mild assumptions on the piracy discovery rate, our constructions can perform effective pirate revocation for realistic broadcast encryption scenarios.