Public key broadcast encryption schemes with shorter transmissions

Jong Hwan Park; Hee Jean Kim; Maeng Hee Sung; Dong Hoon Lee

doi:10.1109/TBC.2008.919940

Public key broadcast encryption schemes with shorter transmissions

Jong Hwan Park, Hee Jean Kim, Maeng Hee Sung, Dong Hoon Lee

Graduate School of Information Security

Research output: Contribution to journal › Article

41 Citations (Scopus)

Abstract

Broadcast encryption allows a sender to securely distribute messages to a dynamically changing set of users over an insecure channel. In a public key broadcast encryption (PKBE) scheme, this encryption is performed in the public key setting, where the public key is stored in a user's device, or directly transmitted to the receivers along with ciphertexts. In this paper, we propose two PKBE schemes for stateless receivers which are transmission-efficient. A distinctive feature in our first construction is that, different than existing schemes in the literature, only a fraction of the public key related to the set of intended receivers is required in the decryption process. This feature results in the first PKBE scheme with O(r) transmission cost and O(1) user storage cost for v revoked users. Our second construction is a generalized version of the first one providing a tradeoff between ciphertext size and public key size. With appropriate parametrization, we obtain a PKBE scheme with O(√n) transmission cost and O(1) user storage cost for any large set of n users. The transmission cost of our second scheme is at least 30\% less than that of the recent result of Boneh et al.'s PKBE scheme, which is considered as being the current state-of-the-art. By combining the two proposed schemes, we suggest a PKBE scheme that achieves further shortened transmissions, while still maintaining O(1) user storage cost. The proposed schemes are secure against any number of colluders and do not require costly re-keying procedures followed by revocation of users.

Original language	English
Article number	4475818
Pages (from-to)	401-411
Number of pages	11
Journal	IEEE Transactions on Broadcasting
Volume	54
Issue number	3
DOIs	https://doi.org/10.1109/TBC.2008.919940
Publication status	Published - 2008 Sep 1

Fingerprint

Cryptography

Costs

Keywords

Bilinear pairings
Broadcast encryption
Copy-right protection
Key distribution
Strong Diffie-Hellman tuples

ASJC Scopus subject areas

Electrical and Electronic Engineering
Computer Networks and Communications

Cite this

Park, J. H., Kim, H. J., Sung, M. H., & Lee, D. H. (2008). Public key broadcast encryption schemes with shorter transmissions. IEEE Transactions on Broadcasting, 54(3), 401-411. [4475818]. https://doi.org/10.1109/TBC.2008.919940

Public key broadcast encryption schemes with shorter transmissions. / Park, Jong Hwan; Kim, Hee Jean; Sung, Maeng Hee; Lee, Dong Hoon.

In: IEEE Transactions on Broadcasting, Vol. 54, No. 3, 4475818, 01.09.2008, p. 401-411.

Research output: Contribution to journal › Article

Park, JH, Kim, HJ, Sung, MH & Lee, DH 2008, 'Public key broadcast encryption schemes with shorter transmissions', IEEE Transactions on Broadcasting, vol. 54, no. 3, 4475818, pp. 401-411. https://doi.org/10.1109/TBC.2008.919940

Park JH, Kim HJ, Sung MH, Lee DH. Public key broadcast encryption schemes with shorter transmissions. IEEE Transactions on Broadcasting. 2008 Sep 1;54(3):401-411. 4475818. https://doi.org/10.1109/TBC.2008.919940

Park, Jong Hwan ; Kim, Hee Jean ; Sung, Maeng Hee ; Lee, Dong Hoon. / Public key broadcast encryption schemes with shorter transmissions. In: IEEE Transactions on Broadcasting. 2008 ; Vol. 54, No. 3. pp. 401-411.

@article{cde96ab222164987b0c26fac0e96a537,

title = "Public key broadcast encryption schemes with shorter transmissions",

abstract = "Broadcast encryption allows a sender to securely distribute messages to a dynamically changing set of users over an insecure channel. In a public key broadcast encryption (PKBE) scheme, this encryption is performed in the public key setting, where the public key is stored in a user's device, or directly transmitted to the receivers along with ciphertexts. In this paper, we propose two PKBE schemes for stateless receivers which are transmission-efficient. A distinctive feature in our first construction is that, different than existing schemes in the literature, only a fraction of the public key related to the set of intended receivers is required in the decryption process. This feature results in the first PKBE scheme with O(r) transmission cost and O(1) user storage cost for v revoked users. Our second construction is a generalized version of the first one providing a tradeoff between ciphertext size and public key size. With appropriate parametrization, we obtain a PKBE scheme with O(√n) transmission cost and O(1) user storage cost for any large set of n users. The transmission cost of our second scheme is at least 30\{\%} less than that of the recent result of Boneh et al.'s PKBE scheme, which is considered as being the current state-of-the-art. By combining the two proposed schemes, we suggest a PKBE scheme that achieves further shortened transmissions, while still maintaining O(1) user storage cost. The proposed schemes are secure against any number of colluders and do not require costly re-keying procedures followed by revocation of users.",

keywords = "Bilinear pairings, Broadcast encryption, Copy-right protection, Key distribution, Strong Diffie-Hellman tuples",

author = "Park, {Jong Hwan} and Kim, {Hee Jean} and Sung, {Maeng Hee} and Lee, {Dong Hoon}",

year = "2008",

month = "9",

day = "1",

doi = "10.1109/TBC.2008.919940",

language = "English",

volume = "54",

pages = "401--411",

journal = "IEEE Transactions on Broadcasting",

issn = "0018-9316",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

number = "3",

}

TY - JOUR

T1 - Public key broadcast encryption schemes with shorter transmissions

AU - Park, Jong Hwan

AU - Kim, Hee Jean

AU - Sung, Maeng Hee

AU - Lee, Dong Hoon

PY - 2008/9/1

Y1 - 2008/9/1

N2 - Broadcast encryption allows a sender to securely distribute messages to a dynamically changing set of users over an insecure channel. In a public key broadcast encryption (PKBE) scheme, this encryption is performed in the public key setting, where the public key is stored in a user's device, or directly transmitted to the receivers along with ciphertexts. In this paper, we propose two PKBE schemes for stateless receivers which are transmission-efficient. A distinctive feature in our first construction is that, different than existing schemes in the literature, only a fraction of the public key related to the set of intended receivers is required in the decryption process. This feature results in the first PKBE scheme with O(r) transmission cost and O(1) user storage cost for v revoked users. Our second construction is a generalized version of the first one providing a tradeoff between ciphertext size and public key size. With appropriate parametrization, we obtain a PKBE scheme with O(√n) transmission cost and O(1) user storage cost for any large set of n users. The transmission cost of our second scheme is at least 30\% less than that of the recent result of Boneh et al.'s PKBE scheme, which is considered as being the current state-of-the-art. By combining the two proposed schemes, we suggest a PKBE scheme that achieves further shortened transmissions, while still maintaining O(1) user storage cost. The proposed schemes are secure against any number of colluders and do not require costly re-keying procedures followed by revocation of users.

AB - Broadcast encryption allows a sender to securely distribute messages to a dynamically changing set of users over an insecure channel. In a public key broadcast encryption (PKBE) scheme, this encryption is performed in the public key setting, where the public key is stored in a user's device, or directly transmitted to the receivers along with ciphertexts. In this paper, we propose two PKBE schemes for stateless receivers which are transmission-efficient. A distinctive feature in our first construction is that, different than existing schemes in the literature, only a fraction of the public key related to the set of intended receivers is required in the decryption process. This feature results in the first PKBE scheme with O(r) transmission cost and O(1) user storage cost for v revoked users. Our second construction is a generalized version of the first one providing a tradeoff between ciphertext size and public key size. With appropriate parametrization, we obtain a PKBE scheme with O(√n) transmission cost and O(1) user storage cost for any large set of n users. The transmission cost of our second scheme is at least 30\% less than that of the recent result of Boneh et al.'s PKBE scheme, which is considered as being the current state-of-the-art. By combining the two proposed schemes, we suggest a PKBE scheme that achieves further shortened transmissions, while still maintaining O(1) user storage cost. The proposed schemes are secure against any number of colluders and do not require costly re-keying procedures followed by revocation of users.

KW - Bilinear pairings

KW - Broadcast encryption

KW - Copy-right protection

KW - Key distribution

KW - Strong Diffie-Hellman tuples

UR - http://www.scopus.com/inward/record.url?scp=50549101800&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=50549101800&partnerID=8YFLogxK

U2 - 10.1109/TBC.2008.919940

DO - 10.1109/TBC.2008.919940

M3 - Article

AN - SCOPUS:50549101800

VL - 54

SP - 401

EP - 411

JO - IEEE Transactions on Broadcasting

JF - IEEE Transactions on Broadcasting

SN - 0018-9316

IS - 3

M1 - 4475818

ER -

Access to Document

10.1109/TBC.2008.919940