Fault Tolerant and Distributed Broadcast Encryption

  • Paolo D’Arco
  • Douglas R. Stinson
Conference paper
First Online:
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2612)

Abstract

A broadcast encryption scheme enables a server to broadcast information in a secure way over an insecure channel to an arbitrary subset of priviliged recipients. In a set-up phase, the server gives pre-defined keys to every user of the system, using secure point-to-point channels. Later on, it broadcasts an encrypted message along a broadcast channel, in such a way that only users in a priviliged subset can decrypt it, by using the pre-defined keys received in set-up phase. Usually, the broadcast message contains a fresh session key, which can subsequently be used for secure broadcast transmission to the priviliged set of recipients. In this paper we deal with two aspects of secure broadcast transmission: reliability and trust in the broadcaster. The first is a well-studied issue in communication over unreliable channels: packets can get lost and some redundancy is required to provide reliable communication. The second aspect concerns with the assumption that the broadcaster, who receives information for broadcasting from several entities, must be trusted. This issue has not previously been addressed in the broadcast transmission setting. We provide a motivating scenario in which the assumption does not hold and, for both problems, we review and extend some existing broadcast encryption schemes, in order to gain fault tolerance and to remove the need for trust in the broadcaster.

Keywords

Secret Sharing Scheme Broadcast Channel Hash Family Broadcast Encryption Perfect Hash Family 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
This is a preview of subscription content, log in to check access.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. [1]
    N. Alon and J. Spencer, The Probabilistic Method, John Wiley, (2nd Edition), 2000. 272Google Scholar
  2. [2]
    J. Anzai, N. Matsuzaki, and T. Matsumoto, A Quick Group Key Distribution Scheme with Entity Revocation, Advances in Cryptology-Asiacrypt’ 99, Lecture Notes in Computer Science, Vol. 1716, pp. 333–347. 266Google Scholar
  3. [3]
    O. Berkman, M. Parnas, and J. Sgall, Efficient Dynamic Traitor Tracing, Proc. of the 11-th Annual ACM-SIAM Symposium on Discrete Algorithms (SODA 2000), pp. 586–595, 2000. 266Google Scholar
  4. [4]
    S. Berkovits, How to Broadcast a Secret, Advances in Cryptology-Eurocrypt’ 91, Lecture Notes in Computer Science, vol. 547, pp. 536–541, 1991. 266Google Scholar
  5. [5]
    C. Blundo and A. Cresti, Space Requirements for Broadcast Encryption, Advances in Cryptology-Eurocrypt’ 94, Lecture Notes in Computer Science, vol. 950, pp. 287–298, 1995. 266CrossRefGoogle Scholar
  6. [6]
    C. Blundo, Luiz A. Frota Mattos, and D. R. Stinson, Generalized Beimel-Chor Schemes for Broadcast Encryption and Interactive Key Distribution, Theoretical Computer Science, vol. 200, pp. 313–334, 1998. 266MATHCrossRefMathSciNetGoogle Scholar
  7. [7]
    G. R. Blakley and C. Meadows, Security of Ramp Schemes, Advances in Cryptology-Crypto’ 84, Lecture Notes in Computer Science, vol.196, pp. 242–268, 1984. 280Google Scholar
  8. [8]
    D. Boneh and M. Franklin, An Efficient Public Key Traitor Scheme, Advances in Cryptology-Crypto’ 99, Lecture Notes in Computer Science, vol. 1666, pp. 338–353, 1999. 266Google Scholar
  9. [9]
    R. Canetti, J. Garay, G. Itkis, D. Micciancio, M. Naor, and B. Pinkas, Issue in Multicast Security: A Taxonomy and Efficient Constructions, Infocom’ 99, pp. 708–716, 1999. 266Google Scholar
  10. [10]
    R. Canetti, T. Malkin, and K. Nissim, Efficient Communication-Storage Tradeoffs for Multicast Encryption, Advances in Cryptology-Eurocrypt’ 99, Lecture Notes in Computer Science, vol. 1592, pp. 459–474, 1999. 266Google Scholar
  11. [11]
    B. Chor, A. Fiat, M. Naor and B. Pinkas, Traitor Tracing, IEEE Transactions on Information Theory, vol. 46, No. 3, pp. 893–910, May 2000. 266MATHCrossRefGoogle Scholar
  12. [12]
    T. M. Cover and J. A. Thomas, Elements of Information Theory, John Wiley & Sons, 1991. 280Google Scholar
  13. [13]
    G. Di Crescenzo and O. Kornievskaia, Efficient Multicast Encryption Schemes, Security in Communication Network (SCN02), Lecture Notes in Computer Science, 2002. 266Google Scholar
  14. [14]
    C. Dwork, J. Lotspiech, and M. Naor, Digital Signets: Self-Enforcing Protection of Digital Information, Proceedings of the 28-th Symposium on the Theory of Computation, pp. 489–498, 1996. 266Google Scholar
  15. [15]
    P. Erdos, P. Frankl, and Z. Furedi, Families of finite subsets in which no set is covered by the union of r others, Israel Journal of Mathematics, N. 51, pp. 75–89, 1985. 268Google Scholar
  16. [16]
    A. Fiat and M. Naor, Broadcast Encryption, Proceedings of Crypto’ 93, Lecture Notes in Computer Science, vol. 773, pp. 480–491, 1994. 266, 270, 271, 272Google Scholar
  17. [17]
    A. Fiat and T. Tessa, Dynamic Traitor Tracing, Journal of Cryptology, Vol. 14, pp. 211–223, 2001. 266MATHGoogle Scholar
  18. [18]
    E. Gafni, J. Staddon, and Y. L. Yin, Efficient Methods for Integrating Traceability and Broadcast Encryption, Advances in Cryptology-Crypto’ 99, Lecture Notes in Computer Science, vol. 1666, p. 372–387, 1999. 266Google Scholar
  19. [19]
    J. Garay, J. Staddon, and A. Wool, Long-Lived Broadcast Encryption, Advances in Cryptology-Crypto 2000, Lecture Notes in Computer Science, vol. 1880, pp. 333–352, 2000. 266CrossRefGoogle Scholar
  20. [20]
    D. Halevy and A. Shamir, The LSD Broadcast Encryption Scheme, Advances in Cryptology-Crypto’ 02, Lecture Notes in Computer Science, vol. 2442, pp. 47–60, 2002. 266Google Scholar
  21. [21]
    A. Kiayias and M. Yung, Traitor Tracing with Constant Transmission Rate, Advances in Cryptology-Eurocrypt’ 02, Lecture Notes in Computer Science, vol. 2332, pp. 450–465, 2002. 266Google Scholar
  22. [22]
    A. Kiayias and M. Yung, Self Protecting Pirates and Black-Box Traitor Tracing, Advances in Cryptology-Crypto’ 01, Lecture Notes in Computer Science, vol. 2139, pp. 63–79, 2001. 266Google Scholar
  23. [23]
    D. E. Knuth, The Art of Computer Programming, Addison Wesley, (3rd Edition), 1997. 273Google Scholar
  24. [24]
    R. Kumar, S. Rajagopalan, and A. Sahai, Coding Constructions for Blacklisting Problems without Computational Assumptions, Advances in Cryptology-Crypto’ 99, Lecture Notes in Computer Science, Vol. 1666, pp. 609–623, 1999. 266, 267, 268Google Scholar
  25. [25]
    H. Kurnio, R. Safani-Naini, and H. Wang, A Group Key Distribution Scheme with Decentralised User Join, Security in Communication Network (SCN02), Lecture Notes in Computer Science, 2002. 266Google Scholar
  26. [26]
    H. Kurnio, R. Safani-Naini, and H. Wang, A Secure Re-keying Scheme with Key Recovery Property, ACISP 2002, Lecture Notes in Computer Science, Vol. 2384, pp. 40–55, 2002. 266Google Scholar
  27. [27]
    M. Luby and J. Staddon, Combinatorial Bounds for Broadcast Encryption, Advances in Cryptology-Eurocrypt’ 98, Lecture Notes in Computer Science, vol. 1403, pp. 512–526, 1998. 266CrossRefGoogle Scholar
  28. [28]
    C. J. Mitchell and F.C. Piper, Key Storage in Secure Networks, Discrete Applied Mathematics, vol. 21, pp. 215–228, 1988. 276MATHCrossRefMathSciNetGoogle Scholar
  29. [29]
    D. Naor, M. Naor, and J. Lotspiech, Revocation and Tracing Schemes for Stateless Receivers Advances in Cryptology-Crypto’ 01, Lecture Notes in Computer Science, vol. 2139, pp. 41–62, 2001. 266Google Scholar
  30. [30]
    M. Naor and B. Pinkas, Efficient Trace and Revoke Schemes, Financial Cryptography 2000, Lecture Notes in Computer Science, vol. 1962, pp. 1–21, 2000. 266CrossRefGoogle Scholar
  31. [31]
    A. Perrig, D. Song, and J. D. Tygar, ELK, a new Protocol for Efficient Large-Group Key Distribution, in IEEE Symposium on Security and Privacy (2000). 266Google Scholar
  32. [32]
    B. Pfitzmann, Trials of Traced Traitors, Information Hiding, Lecture Notes in Computer Science, vol. 1174, pp. 49–64, 1996. 266Google Scholar
  33. [33]
    R. Poovendran and J. S. Baras, An Information Theoretic Analysis of Rooted-Tree Based Secure Multicast Key Distribution Schemes, Advances in Cryptology, Crypto’ 99, vol. 1666, pp. 624–638, 1999. 266Google Scholar
  34. [34]
    R. Safavi-Naini and H. Wang, New Constructions for Multicast Re-Keying Schemes Using Perfect Hash Families, 7th ACM Conference on Computer and Communication Security, ACM Press, pp. 228–234, 2000. 266, 272Google Scholar
  35. [35]
    R. Safavi-Naini and Y. Wang, Sequential Traitor Tracing, Lecture Notes in Computer Science, vol. 1880, p. 316–332, 2000. 266Google Scholar
  36. [36]
    J. Staddon, S. Miner, M. Franklin, D. Balfanz, M. Malkin and D. Dean, Self-Healing Key Distribution with Revocation, IEEE Symposium on Security and Privacy, May 12–15, 2002, Berkeley, California. 266Google Scholar
  37. [37]
    J. N. Staddon, D. R. Stinson and R. Wei, Combinatorial properties of frameproof and traceability codes, IEEE Transactions on Information Theory vol. 47, pp. 1042–1049, 2001. 266MATHCrossRefMathSciNetGoogle Scholar
  38. [38]
    D. R. Stinson, On Some Methods for Unconditionally Secure Key Distribution and Broadcast Encryption, Designs, Codes and Cryptography, vol. 12, pp. 215–243, 1997. 266, 269, 274, 276MATHCrossRefMathSciNetGoogle Scholar
  39. [39]
    D. R. Stinson and T. van Trung, Some New Results on Key Distribution Patterns and Broadcast Encryption, Designs, Codes and Cryptography, vol. 15, pp. 261–279, 1998. 274, 275, 276CrossRefGoogle Scholar
  40. [40]
    D. R. Stinson and R. Wei, Key preassigned traceability schemes for broadcast encryption, Proceedings of SAC’98, Lecture Notes in Computer Science, vol. 1556, pp. 144–156, 1999. 266Google Scholar
  41. [41]
    D. R. Stinson and R. Wei, Combinatorial properties and constructions of traceability schemes and frameproof codes, SIAM Journal on Discrete Mathematics, vol. 11, pp. 41–53, 1998. 266MATHCrossRefMathSciNetGoogle Scholar
  42. [42]
    D. R. Stinson and R. Wei, An Application of Ramp Schemes to Broadcast Encryption, Information Processing Letters, Vol. 69, pp. 131–135, 1999. 274CrossRefMathSciNetGoogle Scholar
  43. [43]
    D. R. Stinson and R. Wei, Generalized Cover-Free Families, preprint. 269Google Scholar
  44. [44]
    D. M. Wallner, E. J. Harder, and R. C. Agee, Key Management for Multicast: Issues and Architectures, Internet Draft ftp://ftp.ieft.org/internet-drafts/draft-wallner-key-arch-01.txt. 266
  45. [45]
    C. Wong, and S. Lam, Keystone: A Group Key Management Service, in International Conference on Telecommunications, ICT 2000. 266Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • Paolo D’Arco
    • 1
  • Douglas R. Stinson
    • 2
  1. 1.Dipartimento di Informatica ed ApplicazioniUniversità degli Studi di SalernoBaronissi (SA)Italy
  2. 2.School of Computer ScienceUniversity of WaterlooWaterloo OntarioCanada

Personalised recommendations