Public-Key Revocation and Tracing Schemes with Subset Difference Methods Revisited
Broadcast encryption is a very powerful primitive since it can send an encrypted message to a set of users excluding a set of revoked users. Public-key broadcast encryption (PKBE) is a special type of broadcast encryption such that anyone can run the encryption algorithm to create an encrypted message by using a public key. In this paper, we propose a new technique to construct an efficient PKBE scheme by using the subset cover framework. First, we introduce a new concept of public-key encryption named single revocation encryption (SRE) and propose an efficient SRE scheme in the random oracle model. A user in SRE is represented as a group that he belongs and a member in the group. In SRE, a sender can create a ciphertext for a specified group where one member in the group is revoked, and a receiver can decrypt the ciphertext if he belongs to the group in the ciphertext and he is not revoked in the group. Second, we show that the subset difference (SD) scheme (or the layered subset difference (LSD) scheme) and an SRE scheme can be combined to construct a public-key revocation encryption (PKRE) scheme such that a set of revoked users is specified in a ciphertext. Our PKRE scheme using the LSD scheme and our SRE scheme can reduce the size of private keys and public keys by logN factor compared with the previous scheme of Dodis and Fazio.
KeywordsPublic-key encryption Broadcast encryption Traitor tracing Trace and revoke Bilinear maps
Unable to display preview. Download preview PDF.
- 6.Boneh, D., Waters, B.: A fully collusion resistant broadcast, trace, and revoke system. In: Juels, A., Wright, R.N., di Vimercati, S.D.C. (eds.) ACM Conference on Computer and Communications Security, pp. 211–220. ACM (2006)Google Scholar
- 7.Chor, B., Fiat, A., Naor, M.: Tracing traitors. In: Desmedt, Y.G. (ed.) Advances in Cryptology - CRYPTO 1994. LNCS, vol. 839, pp. 257–270. Springer, Heidelberg (1994)Google Scholar
- 10.Fiat, A., Naor, M.: Broadcast encryption. In: Stinson, D.R. (ed.) Advances in Cryptology - CRYPTO 1993. LNCS, vol. 773, pp. 480–491. Springer, Heidelberg (1994)Google Scholar
- 13.Garg, S., Kumarasubramanian, A., Sahai, A., Waters, B.: Building efficient fully collusion-resilient traitor tracing and revocation schemes. In: Al-Shaer, E., Keromytis, A.D., Shmatikov, V. (eds.) ACM Conference on Computer and Communications Security, pp. 121–130. ACM (2010)Google Scholar
- 18.Lee, K., Koo, W.K., Lee, D.H., Park, J.H.: Public-key revocation and tracing schemes with subset difference methods revisited. Cryptology ePrint Archive, Report 2013/228 (2013), http://eprint.iacr.org/2013/228
- 19.Lewko, A.B., Sahai, A., Waters, B.: Revocation systems with very small private keys. In: IEEE Symposium on Security and Privacy, pp. 273–285. IEEE Computer Society (2010)Google Scholar
- 21.Naor, D., Naor, M., Lotspiech, J.: Revocation and tracing schemes for stateless receivers. Electronic Colloquium on Computational Complexity (ECCC) (043) (2002)Google Scholar