Public Key Broadcast Encryption Schemes With Shorter Transmissions

IET Information Security

2015

In this paper, we present an efficient public-key broadcast encryption (PKBE) scheme with sublinear size of public keys, private keys, and ciphertexts and prove its adaptive security under standard assumptions. Compared with the currently best scheme of Garg et al. (CCS 2010) that provides adaptive security under standard assumptions and sub-linear size of various parameters, the ciphertext size of our scheme is 94% shorter and the encryption algorithm of our scheme is also 2.8 times faster than the scheme of Garg et al. To achieve our scheme, we adapt the dual system encryption technique of Waters. However, there is a challenging problem to use this technique for the construction of PKBE with sublinear size of ciphertexts such as a tag compression problem. To overcome this problem, we first devise a novel tag update technique for broadcast encryption. Using this technique, we build an efficient PKBE scheme in symmetric bilinear groups, and prove its adaptive security under standard assumptions. After that, we build another PKBE scheme in asymmetric bilinear groups and also prove its adaptive security under simple assumptions.

Section: Related Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Adaptively secure broadcast encryption under standard assumptions with better efficiency

IET Information Security

2015

“…Their first PKBE scheme has the ciphertext size of O(1), the private key size of O(1), and the public key size of O(N), and their second PKBE scheme has the ciphertext size of O( √ N), the private key size of O (1), and the public key size of O( √ N) where N is the number of users in the system. After the construction of Boneh et al [5], many other PKBE schemes based on bilinear groups were proposed [10,16,24,27]. Delerablée [9] proposed an identity-based broadcast encryption (IBBE) scheme such that the total number of users is not fixed, the ciphertext is related to the set S of receivers, and the public key size is linear to the maximum size of receiver sets.…”

Section: Related Workmentioning

confidence: 99%

Public-Key Revocation and Tracing Schemes with Subset Difference Methods Revisited

Koo

Computer Security - ESORICS 2014

et al. 2014

Trace and revoke is broadcast encryption with the traitor tracing functionality. It is a very powerful primitive since it can revoke users whose private keys are compromised by finding them using a tracing algorithm if a pirate decoder is given. Public-key trace and revoke (PKTR) is a special type of trace and revoke such that anyone can run the tracing algorithm and anyone can create an encrypted message by using a public key. Although public-key trace and revoke schemes are attractive tools, the currently known PKTR schemes are a little bit inefficient in terms of the private key size and the public key size compared with public-key broadcast encryption schemes.In this paper, we propose a new technique to construct an efficient PKTR scheme by using the subset cover framework. First, we introduce a new concept of public-key encryption named single revocation encryption (SRE) and propose an efficient SRE scheme in the random oracle model. The universe of SRE consists of many groups and each group consists of many members. A user in SRE is represented as a group that he belongs and a member in the group. In SRE, a sender can create a ciphertext for a specified group where one member in the group is revoked, and a receiver can decrypt the ciphertext if he belongs to the group in the ciphertext and he is not revoked in the group. Second, we show that the subset difference (SD) scheme (or the layered subset difference (LSD) scheme) and an SRE scheme can be combined to construct a PKTR scheme. Our PKTR scheme using the LSD scheme and our SRE scheme has the ciphertext size of O(r), the private key size of O(log 1.5 N), and the public key size of O(1) where N is the total number of users in the system and r is the size of a revoked set. Our PKTR scheme is the first one that achieves the private key size of O(log 1.5 N) and the public key size of O(1).

“…In this section, we introduce an extension of the modified bilinear Diffie-Hellman (mBDH) problem from [22], which is used for security proof of our scheme. The extended and modified bilinear Diffie-Hellman (extended-mBDH) problem in G is defined; Let g 0 be a generator of G .…”

Section: The Extended and Modified Bilinear Diffie-hellman Assumptionmentioning

confidence: 99%

Selectively chosen ciphertext security in threshold public‐key encryption

Kim

Park

2012

Security Comm Networks

Threshold public‐key encryption can control decryption abilities of an authorized user group in such a way that each user of the group can produce only a decryption share and at least t of them should collect decryption shares to recover a message. We present a new threshold public‐key encryption that is secure against selectively chosen ciphertext attacks. Semantic security against chosen ciphertext adversaries is the de facto level of security for public‐key encryption deployed in practice because many encryption systems are broken in a model of chosen ciphertext security. The security of the proposed system is formally proved without random oracles under a new assumption. We also provide proof of the intractability of our assumption in the generic group model. Copyright © 2012 John Wiley & Sons, Ltd.