# Combinatorial bounds for broadcast encryption

## Abstract

A broadcast encryption system allows a center to communicate securely over a broadcast channel with selected sets of users. Each time the set of privileged users changes, the center enacts a protocol to establish a new broadcast key that only the privileged users can obtain, and subsequent transmissions by the center are encrypted using the new broadcast key. We study the inherent trade-off between the number of establishment keys held by each user and the number of transmissions needed to establish a new broadcast key. For every given upper bound on the number of establishment keys held by each user, we prove a lower bound on the number of transmissions needed to establish a new broadcast key. We show that these bounds are essentially tight, by describing broadcast encryption systems that come close to these bounds.

## Keywords

Establishment Protocol Broadcast Encryption Consistent Protocol Characteristic String Privileged User## References

- 1.R. Blom,
*An optimal class of symmetric key generation systems*, “Advances in Cryptology-EUROCRYPT '84”,*Lecture Notes in Computer Science***209**(1984), 335–338.Google Scholar - 2.C. Blundo, A. Cresti,
*Space requirements for broadcast encryption*, “Advances in Cryptology-EUROCRYPT '94”,*Lecture Notes in Computer Science***950**(1995), pp 287–298.zbMATHMathSciNetGoogle Scholar - 3.C. Blundo, A. De Santis, A. Herzberg, S. Kutten, U. Vaccaro and M. Yung,
*Perfectly secure key distribution in dynamic conferences*, “Advances in Cryptology — CRYPTO '92”,*Lecture Notes in Computer Science***740**(1993), pp 471–486.zbMATHCrossRefGoogle Scholar - 4.C. Blundo, L. A. Frota Mattos, D. R. Stinson,
*Trade-offs between communication and storage in unconditionally secure schemes for broadcast encryption and interactive key distribution*, “Advances in Cryptology-CRYPTO '96”,*Lecture Notes in Computer Science***1109**(1996), pp 387–400.Google Scholar - 5.B. Bollobás,
*On generalized graphs*, Acta Math. Acad. Sci. Hungar.,**16**(1965), pp 447–452.zbMATHMathSciNetCrossRefGoogle Scholar - 6.P. Erdös, R. Rado,
*Intersection theorems for systems of sets*, Journal London Math. Soc,**35**(1960), pp 85–90.zbMATHGoogle Scholar - 7.A. Fiat, M. Naor,
*Broadcast encryption*, “Advances in Cryptology-CRYPTO '93”,*Lecture Notes in Computer Science***773**(1994), pp 480–491.zbMATHGoogle Scholar - 8.D. Lubell,
*A short proof of Sperner's lemma*, J. Combinatorial Theory,**1**(1966), p 299.zbMATHMathSciNetGoogle Scholar - 9.L. D. Meshalkin,
*A generalization of Sperner's lemma on the number of subsets of a finite set (English translation)*, Theory of Probab. and its Applns.,**8**(1964), pp 204–205.Google Scholar - 10.E. Sperner,
*Ein Satz über Untermengen einer endlichen Menge*, Math. Zeitschrift,**27**(1928), pp 544–548.zbMATHMathSciNetCrossRefGoogle Scholar - 11.D. R. Stinson,
*On some methods for unconditionally secure key distribution and broadcast encryption*, Designs, Codes and Cryptography,**12**(1997), pp 215–243.zbMATHMathSciNetCrossRefGoogle Scholar - 12.D. R. Stinson and T. van Trung,
*Some new results on key distribution patterns and broadcast encryption*, submitted for publication.Google Scholar - 13.J. H. van Lint and R. M. Wilson,
*A Course in Combinatorics*, Cambridge University Press, Cambridge, 1992.zbMATHGoogle Scholar - 14.K. Yamamoto,
*Logarithmic order of free distributive lattices*, J. Math. Soc. Japan,**6**(1954), pp 343–353.zbMATHMathSciNetCrossRefGoogle Scholar