Abstract
Broadcast Encryption schemes enable a center to broadcast encrypted programs so that only designated subsets of users can decrypt each program. The stateless variant of this problem provides each user with a fixed set of keys which is never updated. The best scheme published so far for this problem is the “subset difference” (SD) technique of Naor Naor and Lotspiech, in which each one of the n users is initially given O(log2(n)) symmetric encryption keys. This allows the broadcaster to define at a later stage any subset of up to r users as “revoked”, and to make the program accessible only to their complement by sending O(r) short messages before the encrypted program, and asking each user to perform an O(log(n)) computation. In this paper we describe the “Layered Subset Difference” (LSD) technique, which achieves the same goal with O(log1+∈(n)) keys, O(r) messages, and O(log(n)) computation. This reduces the number of keys given to each user by almost a square root factor without affecting the other parameters. In addition, we show how to use the same LSD keys in order to address any subset defined by a nested combination of inclusion and exclusion conditions with a number of messages which is proportional to the complexity of the description rather than to the size of the subset. The LSD scheme is truly practical, and makes it possible to broadcast an unlimited number of programs to 256,000,000 possible customers by giving each new customer a smart card with one kilobyte of tamper-resistant memory. It is then possible to address any subset defined by t nested inclusion and exclusion conditions by sending less than 4t short messages, and the scheme remains secure even if all the other users form an adversarial coalition.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
S. Berkovits, How to Broadcast a secret, Advances in Cryptology — Eurocrypt’91,Lecture Notes in Computer Science 547, Springer, 1991, pp.536–541.
Ran Canetti, Juan Garay, Gene Itkis, Daniele Micciancio, Moni Naor, Benny Pinkas, Multicast Security: A Taxonomy and Some Efficient Constructions.
E. Gafni, J. Staddon and Y.L. Yin, Efficient methods for integrating traceability and broadcast encryption,Proc. Advances in Cryptology — Crypto’ 99, LNCS 1666, Springer, 1999, 372–387.
J.A. Garay, J. Staddon and A. Wool, Long-Lived Broadcast Encryption. Advances in Cryptology — CRYPTO’2000, Lecture Notes in Computer Science, vol 1880, pp. 333–352, 2000.
M. Naor, A. Fiat, Broadcast Encryption, Advances in Cryptology — Crypto 93’,Lecture Notes in Computer Science 773, Springer, 1994, pp. 480–491.
D. Naor., M. Naor, J. Lotspiech, Revocation and Tracing Schemes for Stateless Receivers. February, 2001.
M. Naor, B. Pinkas, Threshold Traitor Tracing, Crypto 98.
M. Naor, B. Pinkas, Efficient Trace and Revoke Schemes, FC’2000.
Shamir, A., “How to Share a Secret”, Communications of the ACM, vol. 22, NO. 11, November 1979, pp. 612–613.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2002 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Halevy, D., Shamir, A. (2002). The LSD Broadcast Encryption Scheme. In: Yung, M. (eds) Advances in Cryptology — CRYPTO 2002. CRYPTO 2002. Lecture Notes in Computer Science, vol 2442. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45708-9_4
Download citation
DOI: https://doi.org/10.1007/3-540-45708-9_4
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-44050-5
Online ISBN: 978-3-540-45708-4
eBook Packages: Springer Book Archive