Broadcast Encryption

  • Amos Fiat
  • Moni Naor
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 773)


We introduce new theoretical measures for the qualitative and quantitative assessment of encryption schemes designed for broadcast transmissions. The goal is to allow a central broadcast site to broadcast secure transmissions to an arbitrary set of recipients while minimizing key management related transmissions. We present several schemes that allow a center to broadcast a secret to any subset of privileged users out of a universe of size n so that coalitions of k users not in the privileged set cannot learn the secret. The most interesting scheme requires every user to store O(k log k log n) keys and the center to broadcast O(k 2 log2 k log n) messages regardless of the size of the privileged set. This scheme is resilient to any coalition of k users. We also present a scheme that is resilient with probability p against a random subset of k users. This scheme requires every user to store O(log k log(1/p)) keys and the center to broadcast O(k log2 k log(1/p)) messages.


Hash Function Secret Message Security Parameter Broadcast Scheme Broadcast Encryption 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    N. Alon and J. Spencer, The Probabilistic Method, Wiley, 1992.Google Scholar
  2. 2.
    J. L. Carter and M. N. Wegman, Universal Classes of Hash Functions, Journal of Computer and System Sciences 18 (1979), pp. 143–154.CrossRefzbMATHMathSciNetGoogle Scholar
  3. 3.
    W. Diffie and M. Hellman, New Directions in Cryptography, IEEE Trans. on Information Theory, vol. IT-22,6 (1976), pp. 644–654.CrossRefMathSciNetGoogle Scholar
  4. 4.
    M.L. Fredman, J. Komlós and E. Szemerédi, Storing a Sparse Table with O(1) Worst Case Access Time, Journal of the ACM, Vol 31, 1984, pp. 538–544.CrossRefzbMATHGoogle Scholar
  5. 5.
    O. Goldreich, S. Goldwasser and S. Micali, How to Construct Random Functions Journal of the ACM 33, 1986.Google Scholar
  6. 6.
    R. Impagliazzo, L. Levin and M. Luby, Pseudo-random Generation given from a One-way Function, Proc. of the 20th ACM Symp. on Theory of Computing, 1989.Google Scholar
  7. 7.
    K. Mehlhorn, Data Structures and Algorithms: Sorting and Searching, Springer-Verlag, Berlin Heidelberg, 1984.zbMATHGoogle Scholar
  8. 8.
    R. Rivest, A. Shamir and L. Adleman, A Method for Obtaining Digital Signature and Public Key Cryptosystems, Comm. of ACM, 21 (1978), pp. 120–126.CrossRefzbMATHMathSciNetGoogle Scholar
  9. 9.
    A. Shamir, On the Generation of Cryptographically Strong Pseudo-Random Number Sequences, ACM Trans. Comput. Sys., 1 (1983), pp. 38–44.CrossRefGoogle Scholar
  10. 10.
    M. N. Wegman and J. L. Carter, New Hash Functions and Their Use in Authentication and Set Equality, Journal of Computer and System Sciences 22, pp. 265–279 (1981).CrossRefzbMATHMathSciNetGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1994

Authors and Affiliations

  • Amos Fiat
    • 1
    • 2
  • Moni Naor
    • 3
  1. 1.Department of Computer Science, School of MathematicsTel Aviv UniversityTel AvivIsrael
  2. 2.Algorithmic Research Ltd.Israel
  3. 3.Department of Computer Science and Applied MathWeizmann InstituteRehovotIsrael

Personalised recommendations