Public key broadcast encryption schemes with shorter transmissions

Jong Hwan Park; Hee Jean Kim; Maeng Hee Sung; Dong Hoon Lee

doi:10.1109/TBC.2008.919940

Public key broadcast encryption schemes with shorter transmissions

Jong Hwan Park, Hee Jean Kim, Maeng Hee Sung, Dong Hoon Lee

Research output: Contribution to journal › Article › peer-review

45 Citations (Scopus)

Abstract

Broadcast encryption allows a sender to securely distribute messages to a dynamically changing set of users over an insecure channel. In a public key broadcast encryption (PKBE) scheme, this encryption is performed in the public key setting, where the public key is stored in a user's device, or directly transmitted to the receivers along with ciphertexts. In this paper, we propose two PKBE schemes for stateless receivers which are transmission-efficient. A distinctive feature in our first construction is that, different than existing schemes in the literature, only a fraction of the public key related to the set of intended receivers is required in the decryption process. This feature results in the first PKBE scheme with O(r) transmission cost and O(1) user storage cost for v revoked users. Our second construction is a generalized version of the first one providing a tradeoff between ciphertext size and public key size. With appropriate parametrization, we obtain a PKBE scheme with O(√n) transmission cost and O(1) user storage cost for any large set of n users. The transmission cost of our second scheme is at least 30\% less than that of the recent result of Boneh et al.'s PKBE scheme, which is considered as being the current state-of-the-art. By combining the two proposed schemes, we suggest a PKBE scheme that achieves further shortened transmissions, while still maintaining O(1) user storage cost. The proposed schemes are secure against any number of colluders and do not require costly re-keying procedures followed by revocation of users.

Original language	English
Article number	4475818
Pages (from-to)	401-411
Number of pages	11
Journal	IEEE Transactions on Broadcasting
Volume	54
Issue number	3
DOIs	https://doi.org/10.1109/TBC.2008.919940
Publication status	Published - 2008 Sept

Bibliographical note

Funding Information:
Manuscript received January 2, 2007; revised January 29, 2008. First published March 21, 2008; last published August 20, 2008 (projected). This work was supported by the MIC (Ministry of Information and Communication), Korea, under the ITRC (Information Technology Research Center) support program supervised by the IITA (Institute of Information Technology Advancement) (IITA-2008-(C1090-0801-0025)).

Keywords

Bilinear pairings
Broadcast encryption
Copy-right protection
Key distribution
Strong Diffie-Hellman tuples

ASJC Scopus subject areas

Media Technology
Electrical and Electronic Engineering

Access to Document

10.1109/TBC.2008.919940

Cite this

@article{cde96ab222164987b0c26fac0e96a537,

title = "Public key broadcast encryption schemes with shorter transmissions",

abstract = "Broadcast encryption allows a sender to securely distribute messages to a dynamically changing set of users over an insecure channel. In a public key broadcast encryption (PKBE) scheme, this encryption is performed in the public key setting, where the public key is stored in a user's device, or directly transmitted to the receivers along with ciphertexts. In this paper, we propose two PKBE schemes for stateless receivers which are transmission-efficient. A distinctive feature in our first construction is that, different than existing schemes in the literature, only a fraction of the public key related to the set of intended receivers is required in the decryption process. This feature results in the first PKBE scheme with O(r) transmission cost and O(1) user storage cost for v revoked users. Our second construction is a generalized version of the first one providing a tradeoff between ciphertext size and public key size. With appropriate parametrization, we obtain a PKBE scheme with O(√n) transmission cost and O(1) user storage cost for any large set of n users. The transmission cost of our second scheme is at least 30\% less than that of the recent result of Boneh et al.'s PKBE scheme, which is considered as being the current state-of-the-art. By combining the two proposed schemes, we suggest a PKBE scheme that achieves further shortened transmissions, while still maintaining O(1) user storage cost. The proposed schemes are secure against any number of colluders and do not require costly re-keying procedures followed by revocation of users.",

keywords = "Bilinear pairings, Broadcast encryption, Copy-right protection, Key distribution, Strong Diffie-Hellman tuples",

author = "Park, {Jong Hwan} and Kim, {Hee Jean} and Sung, {Maeng Hee} and Lee, {Dong Hoon}",

note = "Funding Information: Manuscript received January 2, 2007; revised January 29, 2008. First published March 21, 2008; last published August 20, 2008 (projected). This work was supported by the MIC (Ministry of Information and Communication), Korea, under the ITRC (Information Technology Research Center) support program supervised by the IITA (Institute of Information Technology Advancement) (IITA-2008-(C1090-0801-0025)).",

year = "2008",

month = sep,

doi = "10.1109/TBC.2008.919940",

language = "English",

volume = "54",

pages = "401--411",

journal = "IEEE Transactions on Broadcasting",

issn = "0018-9316",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

number = "3",

}

TY - JOUR

T1 - Public key broadcast encryption schemes with shorter transmissions

AU - Park, Jong Hwan

AU - Kim, Hee Jean

AU - Sung, Maeng Hee

AU - Lee, Dong Hoon

N1 - Funding Information: Manuscript received January 2, 2007; revised January 29, 2008. First published March 21, 2008; last published August 20, 2008 (projected). This work was supported by the MIC (Ministry of Information and Communication), Korea, under the ITRC (Information Technology Research Center) support program supervised by the IITA (Institute of Information Technology Advancement) (IITA-2008-(C1090-0801-0025)).

PY - 2008/9

Y1 - 2008/9

N2 - Broadcast encryption allows a sender to securely distribute messages to a dynamically changing set of users over an insecure channel. In a public key broadcast encryption (PKBE) scheme, this encryption is performed in the public key setting, where the public key is stored in a user's device, or directly transmitted to the receivers along with ciphertexts. In this paper, we propose two PKBE schemes for stateless receivers which are transmission-efficient. A distinctive feature in our first construction is that, different than existing schemes in the literature, only a fraction of the public key related to the set of intended receivers is required in the decryption process. This feature results in the first PKBE scheme with O(r) transmission cost and O(1) user storage cost for v revoked users. Our second construction is a generalized version of the first one providing a tradeoff between ciphertext size and public key size. With appropriate parametrization, we obtain a PKBE scheme with O(√n) transmission cost and O(1) user storage cost for any large set of n users. The transmission cost of our second scheme is at least 30\% less than that of the recent result of Boneh et al.'s PKBE scheme, which is considered as being the current state-of-the-art. By combining the two proposed schemes, we suggest a PKBE scheme that achieves further shortened transmissions, while still maintaining O(1) user storage cost. The proposed schemes are secure against any number of colluders and do not require costly re-keying procedures followed by revocation of users.

AB - Broadcast encryption allows a sender to securely distribute messages to a dynamically changing set of users over an insecure channel. In a public key broadcast encryption (PKBE) scheme, this encryption is performed in the public key setting, where the public key is stored in a user's device, or directly transmitted to the receivers along with ciphertexts. In this paper, we propose two PKBE schemes for stateless receivers which are transmission-efficient. A distinctive feature in our first construction is that, different than existing schemes in the literature, only a fraction of the public key related to the set of intended receivers is required in the decryption process. This feature results in the first PKBE scheme with O(r) transmission cost and O(1) user storage cost for v revoked users. Our second construction is a generalized version of the first one providing a tradeoff between ciphertext size and public key size. With appropriate parametrization, we obtain a PKBE scheme with O(√n) transmission cost and O(1) user storage cost for any large set of n users. The transmission cost of our second scheme is at least 30\% less than that of the recent result of Boneh et al.'s PKBE scheme, which is considered as being the current state-of-the-art. By combining the two proposed schemes, we suggest a PKBE scheme that achieves further shortened transmissions, while still maintaining O(1) user storage cost. The proposed schemes are secure against any number of colluders and do not require costly re-keying procedures followed by revocation of users.

KW - Bilinear pairings

KW - Broadcast encryption

KW - Copy-right protection

KW - Key distribution

KW - Strong Diffie-Hellman tuples

UR - http://www.scopus.com/inward/record.url?scp=50549101800&partnerID=8YFLogxK

U2 - 10.1109/TBC.2008.919940

DO - 10.1109/TBC.2008.919940

M3 - Article

AN - SCOPUS:50549101800

SN - 0018-9316

VL - 54

SP - 401

EP - 411

JO - IEEE Transactions on Broadcasting

JF - IEEE Transactions on Broadcasting

IS - 3

M1 - 4475818

ER -

Public key broadcast encryption schemes with shorter transmissions

Abstract

Bibliographical note

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this