Article

The LSD Broadcast Encryption Scheme

Authors:

Dani Halevy,

Adi ShamirAuthors Info & Claims

CRYPTO '02: Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology

Pages 47 - 60

Published: 18 August 2002 Publication History

Abstract

Broadcast Encryption schemes enable a center to broadcast encrypted programs so that only designated subsets of users can decrypt each program. The stateless variant of this problem provides each user with a fixed set of keys which is never updated. The best scheme published so far for this problem is the "subset difference" (SD) technique of Naor Naor and Lotspiech, in which each one of the n users is initially given O (log ²( n )) symmetric encryption keys. This allows the broadcaster to define at a later stage any subset of up to r users as "revoked", and to make the program accessible only to their complement by sending O ( r ) short messages before the encrypted program, and asking each user to perform an O (log( n )) computation. In this paper we describe the "Layered Subset Difference" (LSD) technique, which achieves the same goal with O (log ¹⁺( n )) keys, O ( r ) messages, and O (log( n )) computation. This reduces the number of keys given to each user by almost a square root factor without affecting the other parameters. In addition, we show how to use the same LSD keys in order to address any subset defined by a nested combination of inclusion and exclusion conditions with a number of messages which is proportional to the complexity of the description rather than to the size of the subset. The LSD scheme is truly practical, and makes it possible to broadcast an unlimited number of programs to 256,000,000 possible customers by giving each new customer a smart card with one kilobyte of tamper-resistant memory. It is then possible to address any subset defined by t nested inclusion and exclusion conditions by sending less than 4 t short messages, and the scheme remains secure even if all the other users form an adversarial coalition.

References

[1]

S. Berkovits, How to Broadcast a secret, Advances in Cryptology - Eurocrypt'91, Lecture Notes in Computer Science 547, Springer, 1991, pp. 536-541.

Crossref

Google Scholar

[2]

Ran Canetti, Juan Garay, Gene Itkis, Daniele Micciancio, Moni Naor, Benny Pinkas, Multicast Security: A Taxonomy and Some Efficient Constructions.

Google Scholar

[3]

E. Gafni, J. Staddon and Y.L. Yin, Efficient methods for integrating traceability and broadcast encryption, Proc. Advances in Cryptology - Crypto '99, LNCS 1666, Springer, 1999, 372-387.

Crossref

Google Scholar

[4]

J.A. Garay, J. Staddon and A. Wool, Long-Lived Broadcast Encryption. Advances in Cryptology - CRYPTO'2000, Lecture Notes in Computer Science, vol 1880, pp. 333-352, 2000.

Crossref

Google Scholar

[5]

M. Naor, A. Fiat, Broadcast Encryption, Advances in Cryptology - Crypto 93', Lecture Notes in Computer Science 773, Springer, 1994, pp. 480-491.

Crossref

Google Scholar

[6]

D. Naor., M. Naor, J. Lotspiech, Revocation and Tracing Schemes for Stateless Receivers. February, 2001.

Google Scholar

[7]

M. Naor, B. Pinkas, Threshold Traitor Tracing, Crypto 98.

Crossref

Google Scholar

[8]

M. Naor, B. Pinkas, Efficient Trace and Revoke Schemes, FC'2000.

Crossref

Google Scholar

[9]

Shamir, A., "How to Share a Secret", Communications of the ACM, vol. 22, NO. 11, November 1979, pp. 612-613.

Crossref

Google Scholar

Cited By

View all

Zhou YCao ZDong X(2023)Dynamic identity‐based broadcast proxy re‐encryption for data sharing in autonomous vehiclesTransactions on Emerging Telecommunications Technologies10.1002/ett.480134:11Online publication date: 26-May-2023
https://dl.acm.org/doi/10.1002/ett.4801
Alrashed SAbuelyaman E(2019)Lightweight Membership Management Scheme for Lightweight Group Communication PlatformsProceedings of the 2019 2nd International Conference on Computers in Management and Business10.1145/3328886.3328895(81-86)Online publication date: 24-Mar-2019
https://dl.acm.org/doi/10.1145/3328886.3328895
Kim JLee SLee JOh HHaddad HWainwright RChbeir R(2018)Combinatorial subset difference public key broadcast encryption scheme for secure multicastProceedings of the 33rd Annual ACM Symposium on Applied Computing10.1145/3167132.3167302(1593-1600)Online publication date: 9-Apr-2018
https://dl.acm.org/doi/10.1145/3167132.3167302
Show More Cited By

Recommendations

Recipient Revocable Identity-Based Broadcast Encryption: How to Revoke Some Recipients in IBBE without Knowledge of the Plaintext
ASIA CCS '16: Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security

In this paper, we present the notion of recipient-revocable identity-based broadcast encryption scheme. In this notion, a content provider will produce encrypted content and send them to a third party (which is a broadcaster). This third party will be ...
Authenticated Broadcast Encryption Scheme
AINAW '07: Proceedings of the 21st International Conference on Advanced Information Networking and Applications Workshops - Volume 01

With the advancement of wireless networks and mobile access devices such as cell phones and PDAs, multimedia services could be offered through wireless broadcast networks to these mobile devices. Therefore, there is a need to securely deliver multimedia ...
Convertible multi-authenticated encryption scheme

A convertible authenticated encryption (CAE) scheme allows the signer to generate a valid authenticated ciphertext on his chosen message such that only the designated recipient can retrieve the message. Further, the recipient has the ability to convert ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

CRYPTO '02: Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology

August 2002

628 pages

ISBN:354044050X

Editor:
Moti Yung

Publisher

Springer-Verlag

Berlin, Heidelberg

Publication History

Published: 18 August 2002

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

116
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 13 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Zhou YCao ZDong X(2023)Dynamic identity‐based broadcast proxy re‐encryption for data sharing in autonomous vehiclesTransactions on Emerging Telecommunications Technologies10.1002/ett.480134:11Online publication date: 26-May-2023
https://dl.acm.org/doi/10.1002/ett.4801
Alrashed SAbuelyaman E(2019)Lightweight Membership Management Scheme for Lightweight Group Communication PlatformsProceedings of the 2019 2nd International Conference on Computers in Management and Business10.1145/3328886.3328895(81-86)Online publication date: 24-Mar-2019
https://dl.acm.org/doi/10.1145/3328886.3328895
Kim JLee SLee JOh HHaddad HWainwright RChbeir R(2018)Combinatorial subset difference public key broadcast encryption scheme for secure multicastProceedings of the 33rd Annual ACM Symposium on Applied Computing10.1145/3167132.3167302(1593-1600)Online publication date: 9-Apr-2018
https://dl.acm.org/doi/10.1145/3167132.3167302
Jin HZhou KJiang HLei DWei RLi C(2018)Full integrity and freshness for cloud dataFuture Generation Computer Systems10.1016/j.future.2016.06.01380:C(640-652)Online publication date: 1-Mar-2018
https://dl.acm.org/doi/10.1016/j.future.2016.06.013
Lee KPark S(2018)Revocable hierarchical identity-based encryption with shorter private keys and update keysDesigns, Codes and Cryptography10.1007/s10623-017-0453-286:10(2407-2440)Online publication date: 1-Oct-2018
https://dl.acm.org/doi/10.1007/s10623-017-0453-2
Lee KLee DPark J(2017)Efficient revocable identity-based encryption via subset difference methodsDesigns, Codes and Cryptography10.1007/s10623-016-0287-385:1(39-76)Online publication date: 1-Oct-2017
https://dl.acm.org/doi/10.1007/s10623-016-0287-3
Nishimaki RWichs DZhandry M(2016)Anonymous Traitor TracingProceedings, Part II, of the 35th Annual International Conference on Advances in Cryptology --- EUROCRYPT 2016 - Volume 966610.5555/3081738.3081752(388-419)Online publication date: 8-May-2016
https://dl.acm.org/doi/10.5555/3081738.3081752
Susilo WChen RGuo FYang GMu YChow YChen XWang XHuang X(2016)Recipient Revocable Identity-Based Broadcast EncryptionProceedings of the 11th ACM on Asia Conference on Computer and Communications Security10.1145/2897845.2897848(201-210)Online publication date: 30-May-2016
https://dl.acm.org/doi/10.1145/2897845.2897848
Xu SYang GMu YMa S(2016)Proxy Signature with RevocationProceedings, Part II, of the 21st Australasian Conference on Information Security and Privacy - Volume 972310.1007/978-3-319-40367-0_2(21-36)Online publication date: 4-Jul-2016
https://dl.acm.org/doi/10.1007/978-3-319-40367-0_2
Datta PDutta RMukhopadhyay S(2016)Adaptively Secure Unrestricted Attribute-Based Encryption with Subset Difference Revocation in Bilinear Groups of Prime OrderProceedings of the 8th International Conference on Progress in Cryptology --- AFRICACRYPT 2016 - Volume 964610.1007/978-3-319-31517-1_17(325-345)Online publication date: 13-Apr-2016
https://dl.acm.org/doi/10.1007/978-3-319-31517-1_17
Show More Cited By

View Options

View options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Abstract

References

Cited By

Recommendations

Recipient Revocable Identity-Based Broadcast Encryption: How to Revoke Some Recipients in IBBE without Knowledge of the Plaintext

Authenticated Broadcast Encryption Scheme

Convertible multi-authenticated encryption scheme

Comments

Information

Published In

Publisher

Publication History

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

Get Access

Login options

Full Access

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations