Combinatorial bounds for broadcast encryption
A broadcast encryption system allows a center to communicate securely over a broadcast channel with selected sets of users. Each time the set of privileged users changes, the center enacts a protocol to establish a new broadcast key that only the privileged users can obtain, and subsequent transmissions by the center are encrypted using the new broadcast key. We study the inherent trade-off between the number of establishment keys held by each user and the number of transmissions needed to establish a new broadcast key. For every given upper bound on the number of establishment keys held by each user, we prove a lower bound on the number of transmissions needed to establish a new broadcast key. We show that these bounds are essentially tight, by describing broadcast encryption systems that come close to these bounds.
KeywordsEstablishment Protocol Broadcast Encryption Consistent Protocol Characteristic String Privileged User
- 1.R. Blom, An optimal class of symmetric key generation systems, “Advances in Cryptology-EUROCRYPT '84”, Lecture Notes in Computer Science 209 (1984), 335–338.Google Scholar
- 4.C. Blundo, L. A. Frota Mattos, D. R. Stinson, Trade-offs between communication and storage in unconditionally secure schemes for broadcast encryption and interactive key distribution, “Advances in Cryptology-CRYPTO '96”, Lecture Notes in Computer Science 1109 (1996), pp 387–400.Google Scholar
- 9.L. D. Meshalkin, A generalization of Sperner's lemma on the number of subsets of a finite set (English translation), Theory of Probab. and its Applns., 8 (1964), pp 204–205.Google Scholar
- 12.D. R. Stinson and T. van Trung, Some new results on key distribution patterns and broadcast encryption, submitted for publication.Google Scholar