Combinatorial bounds for broadcast encryption

  • Michael Luby
  • Jessica Staddon
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1403)


A broadcast encryption system allows a center to communicate securely over a broadcast channel with selected sets of users. Each time the set of privileged users changes, the center enacts a protocol to establish a new broadcast key that only the privileged users can obtain, and subsequent transmissions by the center are encrypted using the new broadcast key. We study the inherent trade-off between the number of establishment keys held by each user and the number of transmissions needed to establish a new broadcast key. For every given upper bound on the number of establishment keys held by each user, we prove a lower bound on the number of transmissions needed to establish a new broadcast key. We show that these bounds are essentially tight, by describing broadcast encryption systems that come close to these bounds.


Establishment Protocol Broadcast Encryption Consistent Protocol Characteristic String Privileged User 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    R. Blom, An optimal class of symmetric key generation systems, “Advances in Cryptology-EUROCRYPT '84”, Lecture Notes in Computer Science 209 (1984), 335–338.Google Scholar
  2. 2.
    C. Blundo, A. Cresti, Space requirements for broadcast encryption, “Advances in Cryptology-EUROCRYPT '94”, Lecture Notes in Computer Science 950 (1995), pp 287–298.zbMATHMathSciNetGoogle Scholar
  3. 3.
    C. Blundo, A. De Santis, A. Herzberg, S. Kutten, U. Vaccaro and M. Yung, Perfectly secure key distribution in dynamic conferences, “Advances in Cryptology — CRYPTO '92”, Lecture Notes in Computer Science 740 (1993), pp 471–486.zbMATHCrossRefGoogle Scholar
  4. 4.
    C. Blundo, L. A. Frota Mattos, D. R. Stinson, Trade-offs between communication and storage in unconditionally secure schemes for broadcast encryption and interactive key distribution, “Advances in Cryptology-CRYPTO '96”, Lecture Notes in Computer Science 1109 (1996), pp 387–400.Google Scholar
  5. 5.
    B. Bollobás, On generalized graphs, Acta Math. Acad. Sci. Hungar., 16 (1965), pp 447–452.zbMATHMathSciNetCrossRefGoogle Scholar
  6. 6.
    P. Erdös, R. Rado, Intersection theorems for systems of sets, Journal London Math. Soc, 35 (1960), pp 85–90.zbMATHGoogle Scholar
  7. 7.
    A. Fiat, M. Naor, Broadcast encryption, “Advances in Cryptology-CRYPTO '93”, Lecture Notes in Computer Science 773 (1994), pp 480–491.zbMATHGoogle Scholar
  8. 8.
    D. Lubell, A short proof of Sperner's lemma, J. Combinatorial Theory, 1 (1966), p 299.zbMATHMathSciNetGoogle Scholar
  9. 9.
    L. D. Meshalkin, A generalization of Sperner's lemma on the number of subsets of a finite set (English translation), Theory of Probab. and its Applns., 8 (1964), pp 204–205.Google Scholar
  10. 10.
    E. Sperner, Ein Satz über Untermengen einer endlichen Menge, Math. Zeitschrift, 27 (1928), pp 544–548.zbMATHMathSciNetCrossRefGoogle Scholar
  11. 11.
    D. R. Stinson, On some methods for unconditionally secure key distribution and broadcast encryption, Designs, Codes and Cryptography, 12 (1997), pp 215–243.zbMATHMathSciNetCrossRefGoogle Scholar
  12. 12.
    D. R. Stinson and T. van Trung, Some new results on key distribution patterns and broadcast encryption, submitted for publication.Google Scholar
  13. 13.
    J. H. van Lint and R. M. Wilson, A Course in Combinatorics, Cambridge University Press, Cambridge, 1992.zbMATHGoogle Scholar
  14. 14.
    K. Yamamoto, Logarithmic order of free distributive lattices, J. Math. Soc. Japan, 6 (1954), pp 343–353.zbMATHMathSciNetCrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1998

Authors and Affiliations

  • Michael Luby
    • 1
  • Jessica Staddon
    • 2
  1. 1.International Computer Science InstituteBerkeley
  2. 2.RSA LaboratoriesRedwood City

Personalised recommendations