LongLived Broadcast Encryption
 Juan A. Garay,
 Jessica Staddon,
 Avishai Wool
 … show all 3 hide
Abstract
In a broadcast encryption scheme, digital content is encrypted to ensure that only privileged users can recover the content from the encrypted broadcast. Key material is usually held in a “tamperresistant,” replaceable, smartcard. A coalition of users may attack such a system by breaking their smartcards open, extracting the keys, and building “pirate decoders” based on the decryption keys they extract. In this paper we suggest the notion of longlived broadcast encryption as a way of adapting broadcast encryption to the presence of pirate decoders and maintaining the security of broadcasts to privileged users while rendering all pirate decoders useless. When a pirate decoder is detected in a longlived encryption scheme, the keys it contains are viewed as compromised and are no longer used for encrypting content. We provide both empirical and theoretical evidence indicating that there is a longlived broadcast encryption scheme that achieves a steady state in which only a small fraction of cards need to be replaced in each epoch. That is, for any fraction β, the parameter values may be chosen in such a way to ensure that eventually, at most β of the cards must be replaced in each epoch.
Longlived broadcast encryption schemes are a more comprehensive solution to piracy than traitortracing schemes, because the latter only seek to identify the makers of pirate decoders and don’t deal with how to maintain secure broadcasts once keys have been compromised. In addition, longlived schemes are a more efficient longterm solution than revocation schemes, because their primary goal is to minimize the amount of recarding that must be done in the long term.
 M. Abdalla, Y. Shavitt, and A. Wool. Towards making broadcast encryption practical. In M. Franklin, editor, Proc. Financial Cryptography’99, Lecture Notes in Computer Science 1648 (1999), pp. 140–157. To appear in IEEE/ACM Trans, on Networking. CrossRef
 R. Anderson and M. Kuhn. Low cost attacks on tamper resistant devices. In 5th Security Protocols Workshop, Lecture Notes in Computer Science 1361 (1997), pp. 125–136. CrossRef
 J. Anzai, N. Matsuzaki and T. Matsumoto. A Quick Group Key Distribution Scheme with “Entity Revocation” In Advances in CryptologyAsiacrypt’ 99, Lecture Notes in Computer Science (1999), pp. 333–347.
 S. Berkovits. How to Broadcast a Secret. In Advances in CryptologyEurocrypt’ 91, Lecture Notes in Computer Science 547 (1992), pp. 536–541.
 C. Blundo and A. Cresti. Space Requirements for Broadcast Encryption. In Advances in CryptologyEurocrypt’ 94, Lecture Notes in Computer Science 950 (1994), pp. 287–298. CrossRef
 C. Blundo, L. A. Frota Mattos and D. Stinson. Tradeoffs Between Communication and Storage in Unconditionally Secure Systems for Broadcast Encryption and Interactive Key Distribution. In Advances in CryptologyCrypto’ 96, Lecture Notes in Computer Science 1109 (1996), pp. 387–400. CrossRef
 D. Boneh and M. Franklin. An Efficient Public Key Traitor Tracing Scheme. In Advances in CryptologyCrypto’ 99, Lecture Notes in Computer Science 1666 (1999), pp. 338–353.
 R. Canetti, J. Garay, G. Itkis, D. Micciancio, M. Naor and B. Pinkas. Multicast Security: A Taxonomy and Efficient Constructions. In Proc. INFOCOM 1999, Vol. 2, pp. 708–716, New York, NY, March 1999.
 R. Canetti, T. Malkin and K. Nissim. Efficient CommunicationStorage Tradeoffs for Multicast Encryption. In Advances in CryptologyEurocrypt’ 99, Lecture Notes in Computer Science.
 R. Canetti and B. Pinkas. A Taxonomy of Multicast Security Issues. Internet draft. Available at: ftp://ftp.ietf.org/internetdrafts/draftcanettisecuremulticasttaxonomy00.txt
 B. Chor, A. Fiat, M. Naor and B. Pinkas. Tracing Traitors. Full version to appear in IEEE Transactions on Information Theory. Preliminary version in Advances in CryptologyCrypto’ 94, Lecture Notes in Computer Science 839 (1994), pp. 257–270.
 P. Erdös, P. Frankl and Z. Füredi. Families of Finite Sets in which No Set is Covered by the Union of r Other. Israel Journal of Mathematics 51 (1985), pp. 75–89. CrossRef
 A. Fiat and M. Naor. Broadcast Encryption. In Advances in CryptologyCrypto’ 93, Lecture Notes in Computer Science 773 (1994), pp. 480–491.
 E. Gafni, J. Staddon and Y. Yin. Efficient Methods for Integrating Braodcast Encryption and Traceability. In Advances in CryptologyCrypto’ 99, Lecture Notes in Computer Science 1666 (1999), pp. 372–387.
 M. Just, E. Kranakis, D. Krizanc and P. van Oorschot. On Key Distribution via True Broadcasting. In Proceedings of 2nd ACM Conference on Computer and Communications Security, November 1994, pp. 81–88.
 M. Kuhn. Personal communication, 1999.
 R. Kumar, S. Rajagopalan and A. Sahai. Coding Constructions for Blacklisting Problems without Computational Assumptions. In Advances in CryptologyCrypto’ 99, Lecture Notes in Computer Science 1666 (1999), pp. 609–623.
 M. Luby and J. Staddon. Combinatorial Bounds for Broadcast Encryption. In Advances in CryptologyEurocrypt’ 98, Lecture Notes in Computer Science, 1403 (1998), pp. 512–526. CrossRef
 J. McCormac. European Scrambling Systems 5. Waterford University Press, 1996.
 M. Naor and B. Pinkas. Efficient Trace and Revoke Schemes. In Proc. Financial Cryptography 2000, Anguila, February 2000.
 J. Pitman. Probability. SpringerVerlag, 1993.
 S. Setia, S. Koussih, S. Jajodia and E. Harder. Kronos: A Scalable Group ReKeying Approach for Secure Multicast. In 2000 IEEE Symposium on Security and Privacy, pp. 215–228.
 D. Stinson. Cryptography: Theory and Practice. CRC Press, 1995.
 D. Stinson and R. Wei. Combinatorial Properties and Constructions of Traceability Schemes and Frameproof Codes. SIAM J. Discrete Math, 11 (1998), pp. 41–53. CrossRef
 D. Stinson and R. Wei. Key Preassigned Traceability Schemes for Broadcast Encryption. In Proc. SAC’ 98, Lecture Notes in Computer Science 1556 (1999), pp. 144–156.
 D. Wallner, E. Harder and R. Agee. Key Management for Multicast: Issues and Architectures. Internet Request for Comments, 2627 (June 1999). Available at: ftp://ftp.ietf.org/rfc/rfc2627.txt.
 Title
 LongLived Broadcast Encryption
 Book Title
 Advances in Cryptology — CRYPTO 2000
 Book Subtitle
 20th Annual International Cryptology Conference Santa Barbara, California, USA, August 20–24, 2000 Proceedings
 Pages
 pp 333352
 Copyright
 2000
 DOI
 10.1007/3540445986_21
 Print ISBN
 9783540679073
 Online ISBN
 9783540445982
 Series Title
 Lecture Notes in Computer Science
 Series Volume
 1880
 Series ISSN
 03029743
 Publisher
 Springer Berlin Heidelberg
 Copyright Holder
 SpringerVerlag Berlin Heidelberg
 Additional Links
 Topics
 Industry Sectors
 eBook Packages
 Editors

 Mihir Bellare ^{(4)}
 Editor Affiliations

 4. Department of Computer Science and Engineering, University of California
 Authors

 Juan A. Garay ^{(5)}
 Jessica Staddon ^{(6)}
 Avishai Wool ^{(5)}
 Author Affiliations

 5. Bell Labs, 600 Mountain Ave, Murray Hill, NJ, 07974, USA
 6. Bell Labs Research Silicon Valley, 3180 Porter Drive, Palo Alto, CA, 94304, USA
Continue reading...
To view the rest of this content please follow the download PDF link above.