Public key broadcast encryption schemes with shorter transmissions

Jong Hwan Park, Hee Jean Kim, Maeng Hee Sung, Dong Hoon Lee

Research output: Contribution to journalArticle

41 Citations (Scopus)

Abstract

Broadcast encryption allows a sender to securely distribute messages to a dynamically changing set of users over an insecure channel. In a public key broadcast encryption (PKBE) scheme, this encryption is performed in the public key setting, where the public key is stored in a user's device, or directly transmitted to the receivers along with ciphertexts. In this paper, we propose two PKBE schemes for stateless receivers which are transmission-efficient. A distinctive feature in our first construction is that, different than existing schemes in the literature, only a fraction of the public key related to the set of intended receivers is required in the decryption process. This feature results in the first PKBE scheme with O(r) transmission cost and O(1) user storage cost for v revoked users. Our second construction is a generalized version of the first one providing a tradeoff between ciphertext size and public key size. With appropriate parametrization, we obtain a PKBE scheme with O(√n) transmission cost and O(1) user storage cost for any large set of n users. The transmission cost of our second scheme is at least 30\% less than that of the recent result of Boneh et al.'s PKBE scheme, which is considered as being the current state-of-the-art. By combining the two proposed schemes, we suggest a PKBE scheme that achieves further shortened transmissions, while still maintaining O(1) user storage cost. The proposed schemes are secure against any number of colluders and do not require costly re-keying procedures followed by revocation of users.

Original languageEnglish
Article number4475818
Pages (from-to)401-411
Number of pages11
JournalIEEE Transactions on Broadcasting
Volume54
Issue number3
DOIs
Publication statusPublished - 2008 Sep 1

Fingerprint

Cryptography
Costs

Keywords

  • Bilinear pairings
  • Broadcast encryption
  • Copy-right protection
  • Key distribution
  • Strong Diffie-Hellman tuples

ASJC Scopus subject areas

  • Electrical and Electronic Engineering
  • Computer Networks and Communications

Cite this

Public key broadcast encryption schemes with shorter transmissions. / Park, Jong Hwan; Kim, Hee Jean; Sung, Maeng Hee; Lee, Dong Hoon.

In: IEEE Transactions on Broadcasting, Vol. 54, No. 3, 4475818, 01.09.2008, p. 401-411.

Research output: Contribution to journalArticle

Park, Jong Hwan ; Kim, Hee Jean ; Sung, Maeng Hee ; Lee, Dong Hoon. / Public key broadcast encryption schemes with shorter transmissions. In: IEEE Transactions on Broadcasting. 2008 ; Vol. 54, No. 3. pp. 401-411.
@article{cde96ab222164987b0c26fac0e96a537,
title = "Public key broadcast encryption schemes with shorter transmissions",
abstract = "Broadcast encryption allows a sender to securely distribute messages to a dynamically changing set of users over an insecure channel. In a public key broadcast encryption (PKBE) scheme, this encryption is performed in the public key setting, where the public key is stored in a user's device, or directly transmitted to the receivers along with ciphertexts. In this paper, we propose two PKBE schemes for stateless receivers which are transmission-efficient. A distinctive feature in our first construction is that, different than existing schemes in the literature, only a fraction of the public key related to the set of intended receivers is required in the decryption process. This feature results in the first PKBE scheme with O(r) transmission cost and O(1) user storage cost for v revoked users. Our second construction is a generalized version of the first one providing a tradeoff between ciphertext size and public key size. With appropriate parametrization, we obtain a PKBE scheme with O(√n) transmission cost and O(1) user storage cost for any large set of n users. The transmission cost of our second scheme is at least 30\{\%} less than that of the recent result of Boneh et al.'s PKBE scheme, which is considered as being the current state-of-the-art. By combining the two proposed schemes, we suggest a PKBE scheme that achieves further shortened transmissions, while still maintaining O(1) user storage cost. The proposed schemes are secure against any number of colluders and do not require costly re-keying procedures followed by revocation of users.",
keywords = "Bilinear pairings, Broadcast encryption, Copy-right protection, Key distribution, Strong Diffie-Hellman tuples",
author = "Park, {Jong Hwan} and Kim, {Hee Jean} and Sung, {Maeng Hee} and Lee, {Dong Hoon}",
year = "2008",
month = "9",
day = "1",
doi = "10.1109/TBC.2008.919940",
language = "English",
volume = "54",
pages = "401--411",
journal = "IEEE Transactions on Broadcasting",
issn = "0018-9316",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
number = "3",

}

TY - JOUR

T1 - Public key broadcast encryption schemes with shorter transmissions

AU - Park, Jong Hwan

AU - Kim, Hee Jean

AU - Sung, Maeng Hee

AU - Lee, Dong Hoon

PY - 2008/9/1

Y1 - 2008/9/1

N2 - Broadcast encryption allows a sender to securely distribute messages to a dynamically changing set of users over an insecure channel. In a public key broadcast encryption (PKBE) scheme, this encryption is performed in the public key setting, where the public key is stored in a user's device, or directly transmitted to the receivers along with ciphertexts. In this paper, we propose two PKBE schemes for stateless receivers which are transmission-efficient. A distinctive feature in our first construction is that, different than existing schemes in the literature, only a fraction of the public key related to the set of intended receivers is required in the decryption process. This feature results in the first PKBE scheme with O(r) transmission cost and O(1) user storage cost for v revoked users. Our second construction is a generalized version of the first one providing a tradeoff between ciphertext size and public key size. With appropriate parametrization, we obtain a PKBE scheme with O(√n) transmission cost and O(1) user storage cost for any large set of n users. The transmission cost of our second scheme is at least 30\% less than that of the recent result of Boneh et al.'s PKBE scheme, which is considered as being the current state-of-the-art. By combining the two proposed schemes, we suggest a PKBE scheme that achieves further shortened transmissions, while still maintaining O(1) user storage cost. The proposed schemes are secure against any number of colluders and do not require costly re-keying procedures followed by revocation of users.

AB - Broadcast encryption allows a sender to securely distribute messages to a dynamically changing set of users over an insecure channel. In a public key broadcast encryption (PKBE) scheme, this encryption is performed in the public key setting, where the public key is stored in a user's device, or directly transmitted to the receivers along with ciphertexts. In this paper, we propose two PKBE schemes for stateless receivers which are transmission-efficient. A distinctive feature in our first construction is that, different than existing schemes in the literature, only a fraction of the public key related to the set of intended receivers is required in the decryption process. This feature results in the first PKBE scheme with O(r) transmission cost and O(1) user storage cost for v revoked users. Our second construction is a generalized version of the first one providing a tradeoff between ciphertext size and public key size. With appropriate parametrization, we obtain a PKBE scheme with O(√n) transmission cost and O(1) user storage cost for any large set of n users. The transmission cost of our second scheme is at least 30\% less than that of the recent result of Boneh et al.'s PKBE scheme, which is considered as being the current state-of-the-art. By combining the two proposed schemes, we suggest a PKBE scheme that achieves further shortened transmissions, while still maintaining O(1) user storage cost. The proposed schemes are secure against any number of colluders and do not require costly re-keying procedures followed by revocation of users.

KW - Bilinear pairings

KW - Broadcast encryption

KW - Copy-right protection

KW - Key distribution

KW - Strong Diffie-Hellman tuples

UR - http://www.scopus.com/inward/record.url?scp=50549101800&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=50549101800&partnerID=8YFLogxK

U2 - 10.1109/TBC.2008.919940

DO - 10.1109/TBC.2008.919940

M3 - Article

AN - SCOPUS:50549101800

VL - 54

SP - 401

EP - 411

JO - IEEE Transactions on Broadcasting

JF - IEEE Transactions on Broadcasting

SN - 0018-9316

IS - 3

M1 - 4475818

ER -