Topics in Cryptology – CT-RSA 2006

Volume 3860 of the series Lecture Notes in Computer Science pp 244-261

How to Construct Multicast Cryptosystems Provably Secure Against Adaptive Chosen Ciphertext Attack

  • Yitao DuanAffiliated withComputer Science Division, University of California
  • , John CannyAffiliated withComputer Science Division, University of California

* Final gross prices may vary according to local VAT.

Get Access


In this paper we present a general framework for constructing efficient multicast cryptosystems with provable security and show that a line of previous work on multicast encryption are all special cases of this general approach. We provide new methods for building such cryptosystems with various levels of security (e.g., IND-CPA, IND-CCA2). The results we obtained enable the construction of a whole class of new multicast schemes with guaranteed security using a broader range of common primitives such as OAEP. Moreover, we show that multicast cryptosystems with high level of security (e.g. IND-CCA2) can be based upon public key cryptosystems with weaker (e.g. CPA) security as long as the decryption can be securely and efficiently “shared”. Our constructions feature truly constant-size decryption keys whereas the lengths of both the encryption key and ciphertext are independent of group size.