Revocation and Tracing Schemes for Stateless Receivers

Naor, Dalit; Naor, Moni; Lotspiech, Jeffrey

doi:10.1007/3-540-44647-8_3

Cited by 799 publications

(1,004 citation statements)

References 27 publications

Supporting

Mentioning

970

Contrasting

Unclassified

Order By: Relevance

“…In the general subset-cover paradigm of [18], which includes almost all of the above schemes, it has been implicitly understood that one can separate the design of such a scheme into two seemingly orthogonal problems namely: designing combinatorial set system which enables subset covering (this step determines the header size), and defining computational key derivation (this step determines the private key size and computational cost). This is first explicitly characterized by Gentry-Ramzan [11] for the case of Akl-Taylor's RSA based key derivation [1].…”

Section: Our Contributionsmentioning

confidence: 99%

“…We refer to [18] for the definitions and the security notions for private-key broadcast encryption. Now we recap the subset-cover framework [18] separately into two components as follows.…”

Section: Frameworkmentioning

confidence: 99%

“…Naor et al [18] proved that BE in the subset-cover paradigm whose the access control component is secure in the sense of Key-Indistinguishability (KIND) is secure in the standard notion, namely IND-CCA1. Dodis and Katz [10] use the technique involving multiple encryption to obtain a generic scheme which is IND-CCA2-secure.…”

Section: Frameworkmentioning

confidence: 99%

“…An efficient solution which is considered a ground work to many consequences is the Complete (binary) Subtree scheme (CS) by Naor et al [18]. Schemes which were considered the current state of the art (before two very recent works, see below) are: (i) Pseudo-random sequences generator (PRSG) based schemes such as the Subset Difference scheme (SD) [18], its refinement-the Layered SD scheme (LSD) [14], and their somewhat generalizations in [4].…”

Section: Introductionmentioning

confidence: 99%

“…Schemes which were considered the current state of the art (before two very recent works, see below) are: (i) Pseudo-random sequences generator (PRSG) based schemes such as the Subset Difference scheme (SD) [18], its refinement-the Layered SD scheme (LSD) [14], and their somewhat generalizations in [4]. (ii) RSA accumulator based schemes such as Asano's scheme [2], and its optimal generalizations in [3,11].…”

Section: Introductionmentioning

confidence: 99%

See 4 more Smart Citations

Graph-Decomposition-Based Frameworks for Subset-Cover Broadcast Encryption and Efficient Instantiations

Attrapadung

Imai

2005

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. We present generic frameworks for constructing efficient broadcast encryption schemes in the subset-cover paradigm, introduced by Naor et.al., based on various key derivation techniques. Our frameworks characterize any instantiation completely to its underlying graph decompositions, which are purely combinatorial in nature. This abstracts away the security of each instantiated scheme to be guaranteed by the generic one of the frameworks; thus, gives flexibilities in designing schemes. Behind these are new techniques based on (trapdoor) RSA accumulators utilized to obtain practical performances. We then give some efficient instantiations from the frameworks. Our first construction improves the currently best schemes, including the one proposed by Goodrich et.al., without any further assumptions (only pseudorandom generators are used) by some factors. The second instantiation, which is the most efficient, is instantiated based on RSA and directly improves the first scheme. Its ciphertext length is of order O(r), the key size is O(1), and its computational cost is O(n 1/k log 2 n) for any (arbitrary large) constant k; where r and n are the number of revoked users and all users respectively. To the best of our knowledge, this is the first explicit collusion-secure scheme in the literature that achieves both ciphertext size and key size independent of n simultaneously while keeping all other costs efficient, in particular, sub-linear in n. The third scheme improves Gentry and Ramzan's scheme, which itself is more efficient than the above schemes in the aspect of asymptotic computational cost.

show abstract

Section: Our Contributionsmentioning

confidence: 99%

“…We refer to [18] for the definitions and the security notions for private-key broadcast encryption. Now we recap the subset-cover framework [18] separately into two components as follows.…”

Section: Frameworkmentioning

confidence: 99%

Section: Frameworkmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Graph-Decomposition-Based Frameworks for Subset-Cover Broadcast Encryption and Efficient Instantiations

Attrapadung

Imai

2005

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

Broadcast Encryption and Traitor Tracing

Phan¹

2022

Asymmetric Cryptography

View full text Add to dashboard Cite

Revocable and anonymous searchable encryption in multi‐user setting

Miao

Liu

2015

Concurrency and Computation

View full text Add to dashboard Cite

SUMMARYWith powerful storage and computing capacities provided by cloud server provider(CSP), cloud customers can relieve from heavy storage and maintenance burden in cloud computing. Therefore, searchable encryption(SE) technology becomes a fundamental solution to search over encrypted data in outsourcing service. However, the genuine safety of SE schemes should concentrate not only on keyword privacy but also on user privacy as information tracking may leak user identity. For example, in the personal health record system, the malicious CSP may match sensitive disease information(cancer or AIDS) with certain patient. In addition, practical SE scheme should not be confined to single-user setting because of its limitations. While SE schemes applied to multi-user setting may result in additional secret key and ciphertext updating burden due to frequent user revocation. Along this direction, we define a revocable and anonymous SE scheme in multiple-user setting, which is scalable and efficient in user revocation and anonymity. Security analysis shows that our scheme is Anonymous-Revocable-ID-CPA secure under Decision Bilinear Diffie-Hellman assumption and is able to effectively resist decryption key exposure threat.

show abstract

Revocation and Tracing Schemes for Stateless Receivers

Cited by 799 publications

References 27 publications

Graph-Decomposition-Based Frameworks for Subset-Cover Broadcast Encryption and Efficient Instantiations

Graph-Decomposition-Based Frameworks for Subset-Cover Broadcast Encryption and Efficient Instantiations

Broadcast Encryption and Traitor Tracing

Revocable and anonymous searchable encryption in multi‐user setting

Contact Info

Product

Resources

About