Date: 25 May 2006

Combinatorial bounds for broadcast encryption

Abstract

A broadcast encryption system allows a center to communicate securely over a broadcast channel with selected sets of users. Each time the set of privileged users changes, the center enacts a protocol to establish a new broadcast key that only the privileged users can obtain, and subsequent transmissions by the center are encrypted using the new broadcast key. We study the inherent trade-off between the number of establishment keys held by each user and the number of transmissions needed to establish a new broadcast key. For every given upper bound on the number of establishment keys held by each user, we prove a lower bound on the number of transmissions needed to establish a new broadcast key. We show that these bounds are essentially tight, by describing broadcast encryption systems that come close to these bounds.

The author's research was supported in part by the National Science Foundation operating grants CCR-9304722 and NCR-9416101.
This author's research was done while a graduate student in the Mathematics Department, University of California at Berkeley.