TY - GEN
T1 - A Concise Bounded Anonymous Broadcast Yielding Combinatorial Trace-and-Revoke Schemes
AU - Do, Xuan Thanh
AU - Phan, Duong Hieu
AU - Yung, Moti
N1 - Publisher Copyright:
© 2020, Springer Nature Switzerland AG.
PY - 2020/1/1
Y1 - 2020/1/1
N2 - This work is about constructing methods for simultaneously broadcasting multimedia data privately to a set of subscribers, and on various connections among important efficient variants of the general paradigm. Broadcast Encryption is such a fundamental primitive supporting sending a secure message to any chosen target set of N users. While many efficient constructions are known, understanding the efficiency possible for an “Anonymous Broadcast Encryption” (AnoBE), i.e., one which can hide the target set itself, is quite open. The best solutions by Barth, Boneh, and Waters (’06) and Libert, Paterson, and Quaglia (’12) are built on public key encryption (PKE) and their ciphertext sizes are, in fact, N times that of the underlying PKE (rate=N). Kiayias and Samary (’12), in turn, showed a lower bound showing that such rate is the best possible if N is an independent unbounded parameter. However, when considering certain user set size bounded by a system parameter (e.g., the security parameter), the problem remains interesting. We consider the problem of comparing AnoBE with PKE under the same assumption. We call such schemes Anonymous Broadcast Encryption for Bounded Universe – AnoBEB. We first present an AnoBEB construction for up to k users from LWE assumption, where k is bounded by the scheme security parameter. The scheme does not grow with the parameter and beat the PKE method. Actually, our scheme is as efficient as the underlying LWE public-key encryption; namely, the rate is, in fact, 1 and thus optimal. More interestingly, we move on to employ the new AnoBEB in other multimedia broadcasting methods and as a second contribution, we introduce a new approach to construct an efficient “Trace and Revoke scheme” which combines the functionalites of revocation and of tracing people (called traitors) who in a broadcasting schemes share their keys with the adversary which, in turn, generates a pirate receiver. Note that, as was put forth by Kiayias and Yung (EUROCRYPT ’02), combinatorial traitor tracing schemes can be constructed by combining a system for small universe, integrated via an outer traceability codes (collusion-secure code or identifying parent property (IPP) code). There were many efficient traitor tracing schemes from traceability codes, but no known scheme supports revocation as well. Our new approach integrates our AnoBEB system with a Robust IPP code, introduced by Barg and Kabatiansky (IEEE IT ’13). This shows an interesting use for robust IPP in cryptography. The robust IPP codes were only implicitly shown by an existence proof. In order to make our technique concrete, we propose two explicit instantiations of robust IPP codes. Our final construction gives the most efficient trace and revoke scheme in the bounded collusion model.
AB - This work is about constructing methods for simultaneously broadcasting multimedia data privately to a set of subscribers, and on various connections among important efficient variants of the general paradigm. Broadcast Encryption is such a fundamental primitive supporting sending a secure message to any chosen target set of N users. While many efficient constructions are known, understanding the efficiency possible for an “Anonymous Broadcast Encryption” (AnoBE), i.e., one which can hide the target set itself, is quite open. The best solutions by Barth, Boneh, and Waters (’06) and Libert, Paterson, and Quaglia (’12) are built on public key encryption (PKE) and their ciphertext sizes are, in fact, N times that of the underlying PKE (rate=N). Kiayias and Samary (’12), in turn, showed a lower bound showing that such rate is the best possible if N is an independent unbounded parameter. However, when considering certain user set size bounded by a system parameter (e.g., the security parameter), the problem remains interesting. We consider the problem of comparing AnoBE with PKE under the same assumption. We call such schemes Anonymous Broadcast Encryption for Bounded Universe – AnoBEB. We first present an AnoBEB construction for up to k users from LWE assumption, where k is bounded by the scheme security parameter. The scheme does not grow with the parameter and beat the PKE method. Actually, our scheme is as efficient as the underlying LWE public-key encryption; namely, the rate is, in fact, 1 and thus optimal. More interestingly, we move on to employ the new AnoBEB in other multimedia broadcasting methods and as a second contribution, we introduce a new approach to construct an efficient “Trace and Revoke scheme” which combines the functionalites of revocation and of tracing people (called traitors) who in a broadcasting schemes share their keys with the adversary which, in turn, generates a pirate receiver. Note that, as was put forth by Kiayias and Yung (EUROCRYPT ’02), combinatorial traitor tracing schemes can be constructed by combining a system for small universe, integrated via an outer traceability codes (collusion-secure code or identifying parent property (IPP) code). There were many efficient traitor tracing schemes from traceability codes, but no known scheme supports revocation as well. Our new approach integrates our AnoBEB system with a Robust IPP code, introduced by Barg and Kabatiansky (IEEE IT ’13). This shows an interesting use for robust IPP in cryptography. The robust IPP codes were only implicitly shown by an existence proof. In order to make our technique concrete, we propose two explicit instantiations of robust IPP codes. Our final construction gives the most efficient trace and revoke scheme in the bounded collusion model.
KW - Anonymous broadcast encryption
KW - Robust IPP code
KW - Secure multimedia broadcasting
KW - Trace and revoke system
UR - https://www.scopus.com/pages/publications/85091285293
U2 - 10.1007/978-3-030-57878-7_8
DO - 10.1007/978-3-030-57878-7_8
M3 - Conference contribution
AN - SCOPUS:85091285293
SN - 9783030578770
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 145
EP - 164
BT - Applied Cryptography and Network Security - 18th International Conference, ACNS 2020, Proceedings
A2 - Conti, Mauro
A2 - Zhou, Jianying
A2 - Casalicchio, Emiliano
A2 - Spognardi, Angelo
PB - Springer Science and Business Media Deutschland GmbH
T2 - 18th International Conference on Applied Cryptography and Network Security, ACNS 2020
Y2 - 19 October 2020 through 22 October 2020
ER -