A Generic Transformation from Symmetric to Asymmetric Broadcast Encryption

  • Ulrich Huber
  • Ahmad-Reza Sadeghi
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4176)


Broadcast Encryption (BE) schemes allow a sender to efficiently encrypt messages for a large set of receivers. The currently most efficient BE schemes in the stateless receiver scenario are based on symmetric cryptography. However, a variety of business models with mutually mistrusting senders necessitates the use of asymmetric cryptography. We propose a generic framework that allows to transform a large class of symmetric BE schemes into asymmetric schemes, where the transformation employs an arbitrary hierarchical identity based encryption scheme. Applying our framework, we transform a recent symmetric scheme, called layered punctured interval scheme, for which no asymmetric version has yet been published. In addition, we give a formal proof of the chosen ciphertext security of our framework, which allows to generically transform any future symmetric BE scheme within the large class into a chosen-ciphertext-secure asymmetric scheme with the same efficiency measures.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Huber, U., Sadeghi, A.R.: A generic transformation from symmetric to asymmetric broadcast encryption. Technical Report, Horst Görtz Institute for IT Security (2006), http://www.prosec.rub.de/publications
  2. 2.
    Wallner, D.M., Harder, E.J., Agee, R.C.: Key management for multicast: Issues and architectures. Request for comments (2627), Internet Engineering Task Force (IETF) (1999), URL: ftp.ietf.org/rfc/rfc2627.txt
  3. 3.
    4C Entity, LLC: CPPM specification—introduction and common cryptographic elements. Specification Revision 1.0 (2003), URL: http://www.4centity.com/data/tech/spec/cppm-base100.pdf
  4. 4.
    AACS Licensing Administrator: Advanced access content system (AACS): Introduction and common cryptographic elements. Specification Revision 0.90 (2005), URL: http://www.aacsla.com/specifications/AACS_Spec-Common_0.90.pdf
  5. 5.
    Naor, D., Naor, M., Lotspiech, J.: Revocation and tracing schemes for stateless receivers. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 41–62. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  6. 6.
    Halevy, D., Shamir, A.: The LSD broadcast encryption scheme. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 47–60. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  7. 7.
    Jho, N.S., Hwang, J.Y., Cheon, J.H., Kim, M.H., Lee, D.H., Yoo, E.S.: One-way chain based broadcast encryption schemes. [22], pp. 559–574Google Scholar
  8. 8.
    Jho, N.S., Yoo, E.S., Cheon, J.H., Kim, M.H.: New broadcast encryption scheme using tree-based circle. In: ACM DRM 2005, pp. 37–44. ACM Press, New York (2005)CrossRefGoogle Scholar
  9. 9.
    Dodis, Y., Fazio, N.: Public key broadcast encryption for stateless receivers. In: Feigenbaum, J. (ed.) DRM 2002. LNCS, vol. 2696, pp. 61–80. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  10. 10.
    Boneh, D., Boyen, X., Goh, E.J.: Hierarchical identity based encryption with constant size ciphertext. [22], pp. 440–456Google Scholar
  11. 11.
    Fiat, A., Naor, M.: Broadcast encryption. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 480–491. Springer, Heidelberg (1994)Google Scholar
  12. 12.
    Naor, M., Pinkas, B.: Efficient trace and revoke schemes. In: Frankel, Y. (ed.) FC 2000. LNCS, vol. 1962, pp. 1–20. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  13. 13.
    Tzeng, W.G., Tzeng, Z.J.: A public-key traitor tracing scheme with revocation using dynamic shares. In: Kim, K.-c. (ed.) PKC 2001. LNCS, vol. 1992, pp. 207–224. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  14. 14.
    Dodis, Y., Fazio, N.: Public key trace and revoke scheme secure against adaptive chosen ciphertext attack. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 100–115. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  15. 15.
    Boneh, D., Gentry, C., Waters, B.: Collusion resistant broadcast encryption with short ciphertexts and private keys. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 258–275. Springer, Heidelberg (2005)Google Scholar
  16. 16.
    Gentry, C., Silverberg, A.: Hierarchical ID-based cryptography. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 548–566. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  17. 17.
    Horwitz, J., Lynn, B.: Toward hierarchical identity-based encryption. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 466–481. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  18. 18.
    Canetti, R., Halevi, S., Katz, J.: Chosen-ciphertext security from identity-based encryption. [21], pp. 207–222Google Scholar
  19. 19.
    Boneh, D., Boyen, X.: Efficient selective-ID secure identity-based encryption without random oracles. [21], pp. 223–238Google Scholar
  20. 20.
    Attrapadung, N., Kobara, K., Imai, H.: Sequential key derivation patterns for broadcast encryption and key predistribution schemes. In: Laih, C.-S. (ed.) ASIACRYPT 2003. LNCS, vol. 2894, pp. 374–391. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  21. 21.
    Cachin, C., Camenisch, J. (eds.): EUROCRYPT 2004. LNCS, vol. 3027. Springer, Heidelberg (2004)MATHGoogle Scholar
  22. 22.
    Cramer, R. (ed.): EUROCRYPT 2005. LNCS, vol. 3494. Springer, Heidelberg (2005)MATHGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Ulrich Huber
    • 1
  • Ahmad-Reza Sadeghi
    • 1
  1. 1.Horst Görtz Institute for IT SecurityRuhr-Universität BochumGermany

Personalised recommendations