Efficient Communication-Storage Tradeoffs for Multicast Encryption

Canetti, Ran; Malkin, Tal; Nissim, Kobbi

doi:10.1007/3-540-48910-x_32

Cited by 162 publications

(175 citation statements)

References 12 publications

Supporting

Mentioning

173

Contrasting

Order By: Relevance

“…Since the key tree structure has good properties, modifications of the methods of [24,25] have been proposed [5,11,16,17]. Some of them reduce the messages for a single revocation to log N by combining the key tree structure with another technique.…”

Section: Related Workmentioning

confidence: 99%

“…Some of them reduce the messages for a single revocation to log N by combining the key tree structure with another technique. McGrew et al [16] used a one-way function, Canetti et al [5] used a pseudo random generator, and Kim et al [11] used Diffie-Hellman key exchange scheme [9]. The number of keys a receiver stores remains log N + 1, while their methods increase the computational overhead at a receiver, namely, each receiver needs to perform the computation of such a technique at most log N times.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

A Revocation Scheme with Minimal Storage at Receivers

Asano

2002

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. A revocation or a broadcast encryption technology allows a sender to transmit information securely over a broadcast channel to a select group of receivers excluding some revoked receivers. In this paper we propose two efficient revocation methods which are suitable for stateless receivers. The proposed methods use an a-ary key tree structure and require at most r log (N/r) log a + 1 ciphertexts broadcast. Our Method 1 requires only one key to be stored and O 2 a log 5 N log a computational overhead at a receiver, whereas Method 2 requires log N log a keys and O (2 a ) computational overhead, where N and r respectively denote the total number of receivers and the number of revoked receivers. Our methods are very efficient with respect to the number of keys each receiver stores, especially Method 1 minimizes it.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

A Revocation Scheme with Minimal Storage at Receivers

Asano

2002

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…Also recall that (as in other schemes) there are three main overloads related to the proposed key management: storage@receiver, processing@receiver and communications overload. Taking into account certain constraints on these parameters, the proposed schemes can be optimized following the approaches reported in [3] and [19]. For example, for given constraints on storage@receiver and processing@receiver, the schemes can be optimized regarding the communications overload, or for the given communications budget, the schemes can be optimized regarding storage@receiver and processing@receiver.…”

Section: Discussionmentioning

confidence: 99%

“…Later on, a number of different schemes as well as the system approaches, have been reported and analyzed -see [16], [20]- [21], [3], [1], [9], [17], [18], [19], [2] and [4], for example, and recently, certain results have been reported in [11], [13], [6], [5], [14] and [15], as well.…”

Section: Introductionmentioning

confidence: 99%

Key Management Schemes for Stateless Receivers Based on Time Varying Heterogeneous Logical Key Hierarchy

Mihaljević

2003

Advances in Cryptology - ASIACRYPT 2003

View full text Add to dashboard Cite

Abstract. This paper proposes a family of key management schemes for broadcast encryption based on a novel underlying structure -Time Varying Heterogeneous Logical Key Hierarchy (TVH-LKH). Note that the main characteristics of the previously reported key management schemes include the following: employment of a static underlying structure for key management, and addressing the subset covering problem over the entire underlying structure. Oppositely, the main underlying ideas for developing of the novel key management schemes based on TVH-LKH include the following: (i) employment of a reconfigurable underlying structure; and (ii) employment of a divide-and-conquer approach related to the underlying structure and an appropriate communications-storageprocessing trade-off (for example, a small increase of the communication overload and large reduction of the storage and processing overload) for addressing the subset covering problem and optimization of the overloads. The design is based on a set of "static" keys at a receiver (stateless receiver) which are used in all possible reconfiguration of the underlying structure for key management, and accordingly, in a general case, a key plays different roles depending on the employed underlying structure. A particular family of the components for developing TVH-LKH, is also proposed and discussed. The proposed technique is compared with the recently reported schemes, and the advantages of the novel one are pointed out.

show abstract

“…[4] show how to use pseudo-random generators to reduce by a constant factor the transmission overhead, but still require an exponential number of total keys. Canetti, Malkin, and Nissim [5] explore further trade-offs possible between the transmission overhead, user keys, and server keys possible by varying the scheme of [27]. Their constructions do not achieve feasible server storage, and indeed they give evidence that it is not possible to have communication overhead, user storage, and server storage all be polynomial in k and n if one requires security for arbitrary k.…”

Section: Introductionmentioning

confidence: 99%

Coding Constructions for Blacklisting Problems without Computational Assumptions

Kumar

Rajagopalan

Sahai³

1999

Advances in Cryptology — CRYPTO’ 99

127

View full text Add to dashboard Cite

Abstract. We consider the broadcast exclusion problem: how to transmit a message over a broadcast channel shared by N = 2 n users so that all but some specified coalition of k excluded users can understand the contents of the message. Using error-correcting codes, and avoiding any computational assumptions in our constructions, we construct natural schemes that completely avoid any dependence on n in the transmission overhead. Specifically, we construct: (i) (for illustrative purposes,) a randomized scheme where the server's storage is exponential (in n), but the transmission overhead is O(k), and each user's storage is O(kn); (ii) a scheme based on polynomials where the transmission overhead is O(kn) and each user's storage is O(kn); and (iii) a scheme using algebraic-geometric codes where the transmission overhead is O(k 2 ) and each user is required to store O(kn) keys. In the process of proving these results, we show how to construct very good cover-free set systems and combinatorial designs based on algebraic-geometric codes, which may be of independent interest and application. Our approach also naturally extends to solve the problem in the case where the broadcast channel may introduce errors or lose information.

show abstract

Efficient Communication-Storage Tradeoffs for Multicast Encryption

Cited by 162 publications

References 12 publications

A Revocation Scheme with Minimal Storage at Receivers

A Revocation Scheme with Minimal Storage at Receivers

Key Management Schemes for Stateless Receivers Based on Time Varying Heterogeneous Logical Key Hierarchy

Coding Constructions for Blacklisting Problems without Computational Assumptions

Contact Info

Product

Resources

About