Abstract
We analyze group key distribution protocols for broadcast and multicast scenarios that make blackbox use of symmetric encryption and a pseudorandom generator (PRG) in deriving the group center’s messages. We first show that for a large class of such protocols, in which each transmitted ciphertext is of the form E K 1 (K2) (E being the encryption operation; K1,K2 being random or pseudorandom keys), security in the presence of a single malicious receiver is equivalent to that in the presence of collusions of corrupt receivers. On the flip side, we find that for protocols that nest the encrytion function (use ciphertexts created by enciphering ciphertexts themselves), such an equivalence fails to hold: there exist protocols that use nested encryption, are secure against single miscreants but are insecure against collusions.
Our equivalence and separation results are first proven in a symbolic, Dolev-Yao style adversarial model and subsequently translated into the computational model using a general theorem that establishes soundness of the symbolic security notions. Both equivalence and separation are shown to hold in the computational world under mild syntactic conditions (like the absence of encryption cycles).
We apply our results to the security analysis of 11 existing key distribution protocols. As part of our analysis, we uncover security weaknesses in 7 of these protocols, and provide simple fixes that result in provably secure protocols.
This material is based upon work supported by the National Science Foundation under ITR Grant CCR-0313241 and Cyberturst Grant CCR-0430595. A full version of the paper can be downloaded from the second author’s webpage.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Zhang, R., Furukawa, J., Imai, H.: Short Signature and Universal Designated Verifier Signature without Random Oracles. In: Ioannidis, J., Keromytis, A.D., Yung, M. (eds.) Applied Cryptography and Network Security. Third International Conference, ACNS 2005, New York, NY, USA, June 7-10, 2005. LNCS, vol. 3531, pp. 483–498. Springer, Heidelberg (2005)
Abadi, M., Warinschi, B.: Security analysis of cryptographically controlled access to XML documents. In: Proc. of 24th ACM Symposium on Principles of Database Systems (PODS), pp. 108–117 (2005)
Bellare, M., Yee, B.: Forward security in private key cryptography. In: Topics in Cryptology – CT-RSA, pp. 1–18 (2003)
Canetti, R., Garay, J.A., Itkis, G., Micciancio, D., Naor, M., Pinkas, B.: Multicast security: A taxonomy and some efficient constructions. In: IEEE INFOCOM 1999, pp. 708–716 (1999)
Chang, I., Engel, R., Kandlur, D., Pendarakis, D., Saha, D.: Key management for secure internet multicast using boolean function minimization techniques. In: IEEE INFOCOMM 1999, pp. 689–698 (1999)
Cheon, J.H., Jho, N.S., Kim, M.-H., Yoo, E.S.: Skipping, cascade, and combined chain schemes for broadcast encryption. In: Cryptology ePrint Archive, Report 2005/136. Prelim. version in Eurocrypt (2005)
Fan, J., Judge, P., Ammar, M.H.: Hysor: Group key management with collusion-scalability tradeoffs using a hybrid structuring of receivers. In: Proc. of the IEEE International Conference on Computer Communications Networks (2002)
Fiat, A., Naor, M.: Broadcast encryption. In: Advances in Cryptology - CRYPTO 1993, pp. 480–491 (1993)
Goodrich, M.T., Sun, J.Z., Tamassia, R.: Efficient tree-based revocation in groups of low-state devices. In: Advances in Cryptology - CRYPTO 2004, pp. 511–527 (2004)
Halevy, D., Shamir, A.: The LSD broadcast encryption scheme. In: Advances in Cryptology: CRYPTO 2002, pp. 47–60 (2002)
Hwang, J.Y., Lee, D.H., Lim, J.: Generic transformation for scalable broadcast encryption schemes. In: Advances in Cryptology - CRYPTO 2005, pp. 276–292 (2005)
Micciancio, D., Panjwani, S.: Optimal communication complexity of generic multicast key distribution. In: Advances in Cryptology - Eurocrypt 2004, pp. 153–170 (2004)
Micciancio, D., Panjwani, S.: Adaptive security of symbolic encryption. In: Kilian, J. (ed.) TCC 2005. LNCS, vol. 3378, pp. 169–187. Springer, Heidelberg (2005)
Micciancio, D., Warinschi, B.: Completeness Theorems for the Abadi-Rogaway Logic of Encrypted Expressions. Journal of Computer Security 12(1), 99–129 (2004)
Naor, D., Naor, M., Lotspiech, J.: Revocation and tracing schemes for stateless receivers. In: Advances in Cryptology – CRYPTO 2001, pp. 41–62 (2001)
Perrig, A., Song, D., Tygar, D.: ELK, a new protocol for efficient large-group key distribution. In: IEEE Symposium on Security and Privacy (2001)
Wang, P., Ning, P., Reeves, D.: Storage-efficient stateless group key distribution. In: ISC 2004, pp. 25–38 (2004)
Wong, C.K., Gouda, M., Lam, S.S.: Secure group communications using key graphs. IEEE/ACM Transactions on Networking 8(1), 16–30 (2000)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Micciancio, D., Panjwani, S. (2006). Corrupting One vs. Corrupting Many: The Case of Broadcast and Multicast Encryption. In: Bugliesi, M., Preneel, B., Sassone, V., Wegener, I. (eds) Automata, Languages and Programming. ICALP 2006. Lecture Notes in Computer Science, vol 4052. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11787006_7
Download citation
DOI: https://doi.org/10.1007/11787006_7
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-35907-4
Online ISBN: 978-3-540-35908-1
eBook Packages: Computer ScienceComputer Science (R0)