Cryptology ePrint Archive: Report 2011/463

Decentralized Dynamic Broadcast Encryption

Duong Hieu Phan and David Pointcheval and Mario Strefler

Abstract: A broadcast encryption system generally involves three kinds of entities: the group manager that deals with the membership, the encryptor that encrypts the data to the registered users according to a specific policy (the target set), and the users that decrypt the data if they are authorized by the policy. Public-key broadcast encryption can be seen as removing this special role of encryptor, by allowing anybody to send encrypted data. In this paper, we go a step further in the decentralization process, by removing the group manager: the initial setup of the group, as well as the addition of further members to the system, do not require any central authority. Our construction makes black-box use of well-known primitives and can be considered as an extension to the subset-cover framework. It allows for efficient concrete instantiations, with parameter sizes that match those of the subset-cover constructions, while at the same time achieving the highest security level in the standard model under the DDH assumption.

Category / Keywords: public-key cryptography / Dynamic Broadcast Encryption, Adaptive Security, CCA2, Standard Model

Publication Info: An extended abstract appeared at SCN 2012.

Date: received 24 Aug 2011, last revised 3 Sep 2012

Contact author: strefler at di ens fr

Available format(s): PDF | BibTeX Citation

Version: 20120903:131859 (All versions of this report)

Short URL: ia.cr/2011/463

Discussion forum: Show discussion | Start new discussion