A Practical Clumped-Tree Multicast Encryption Scheme

  • Ling Dong
  • Kefei Chen
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3903)


We study the problem of multicasting encryption to some subsets of the privileged users and ensuring that only non-revoked users can decrypt the contents in the context of a single source multicast. We concentrate on large dynamic multicast group case with low-state users or stateless users. We propose a Practical Clumped-tree Multicast Encryption scheme (PCME) based on the idea of two-layer tree (container-tree and clumped-tree) and digital label method. The important feature of this scheme is the separation between the static container-tree and the dynamic clumped-tree. We regard a clumped-tree as an autonomous unit, and do not spread the information about revoked users in a clumped-tree to the container-tree. The separation also provides secure multicast channel for distinct GC to multicast completely different content and for any user to multicast encryption to any collection of intended subtrees. Let n be the number of privileged users. Group center, clumped-tree center and user each stores only n/29 –1, (212-1)/3+log(n/210)+1 and 6 keys independently with revocation cost being only 15 to revoke a user. Digital label method accelerates the collection of privileged subsets and the multicast of encryption, and any subtree or user can determine its size and relative position in the whole tree immediately from its digital label. The PCME scheme is truly realistic: even for an astronomical number of 256,000,000 stateless users, GC storage is less than 4 Mbytes, CC storage is less than 10K bytes, and user storage is less than 100 bytes, while for 512 revocations, message length is only 512. Except for efficiency, PCME scheme is fully scalable and it is resistant to adversarial coalitions of various sizes.


Group Center Multicast Group Message Length Complete Binary Tree Broadcast Encryption 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Berkovits, S.: How to Broadcast a Secret. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 535–541. Springer, Heidelberg (1991)Google Scholar
  2. 2.
    Fiat, A., Naor, M.: Broadcast Encryption. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 480–491. Springer, Heidelberg (1994)Google Scholar
  3. 3.
    Wong, C.K., Gouda, M., Lam, S.S.: Secure Group Communications Using Key Graphs. IEEE/ACM Transactions on Networking 8(1), 16–29 (2000)CrossRefGoogle Scholar
  4. 4.
    Wallner, D.M., Harder, E.J., Agee, R.C.: Key Management for Multicast: Issues and Architectures. Internet draft draft-wallner-key-arch-01.txt (September 1998)Google Scholar
  5. 5.
    Naor, D., Naor, M., Lotspiech, J.: Revocation and Tracing Schemes for Stateless Receivers. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 41–62. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  6. 6.
    Halevy, D., Shamir, A.: The LSD broadcast encryption scheme. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 47–60. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  7. 7.
    Gafni, E., Staddon, J., Yin, Y.L.: Efficient Methods for Integrating Traceability and Broadcast Encryption. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 372–387. Springer, Heidelberg (1999)Google Scholar
  8. 8.
    Canetti, R., Malkin, T., Nissim, K.: Efficient Communication–Storage Tradeoffs for Multicast Encryption. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 459–474. Springer, Heidelberg (1999)Google Scholar
  9. 9.
    Desmedt, Y., Wang, Y.: Perfectly Secure Message Transmission Revisited (Extended Abstract). In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 502–517. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  10. 10.
    Micciancio, D., Panjwani, S.: Optimal Communication Complexity of Generic Multicast Key Distribution. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 153–170. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  11. 11.
    Goodrich, M.T., Sun, J.Z., Tamassia, R.: Efficient Tree-Based Revocation in Groups of Low-State Devices. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 511–527. Springer, Heidelberg (2004)Google Scholar
  12. 12.
    Jho, N., Hwang, J.Y., Cheon, J.H., Kim, M.H., Lee, D.H., Yoo, E.S.: One-Way Chain Based Broadcast Encryption Schemes. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 559–574. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  13. 13.
    Chor, B., Fiat, A., Naor, M.: Tracing traitors. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 257–270. Springer, Heidelberg (1994)Google Scholar
  14. 14.
    Chor, B., Fiat, A., Naor, M., Pinkas, B.: Tracing traitors. IEEE Transactions on Information Theory 46(3), 893–910 (2000)MATHCrossRefGoogle Scholar
  15. 15.
    Chabanne, H., Phan, D.H., Pointcheval, D.: Public Traceability in Traitor Tracing Schemes. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 542–558. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  16. 16.
    Canetti, R., Garay, J., Itkis, G., Micciancio, D., Naor, M., Pinkas, B.: Multicast Security: A Taxonomy and Some Efficient Constructions. In: Proc. INFOCOM 1999, New York, NY, vol. 2, pp. 708–716 (March 1999)Google Scholar
  17. 17.
    Boneh, D., Durfee, G., Franklin, M.: Lower Bounds for Multicast Message Authentication. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 437–452. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  18. 18.
    Perrig, A., Canetti, R., Song, D., Tygar, J.D.: Efficient and Secure Source Authentication for Multicast. In: Proc. NDSS 2001, San Diego, pp. 1–12 (2001)Google Scholar
  19. 19.
    Wong, C.K., Lam, S.S.: Digital Signatures for Flows and Multicasts. IEEE/ACM Transactions on Networking 7(4), 502–513 (1999)CrossRefGoogle Scholar
  20. 20.
    Jung, E., Liu, X.Y.A., Gouda, M.G.: Key Bundles and Parcels: Secure Communication in Many Groups. In: Stiller, B., Carle, G., Karsten, M., Reichl, P. (eds.) NGC 2003 and ICQT 2003. LNCS, vol. 2816, pp. 119–130. Springer, Heidelberg (2003)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Ling Dong
    • 1
  • Kefei Chen
    • 1
  1. 1.Department of Computer Science & Engineering, National Laboratory of Modern CommunicationsShanghai Jiaotong UniversityShanghaiChina

Personalised recommendations