Paper 2013/477

Golden Sequence for the PPSS Broadcast Encryption Scheme with an Asymmetric Pairing

Renaud Dubois, Margaux Dugardin, and Aurore Guillevic

Abstract

Broadcast encryption is conventionally formalized as broadcast encapsulation in which, instead of a cipher- text, a session key is produced, which is required to be indistinguishable from random. Such a scheme can provide public encryption functionality in combination with a symmetric encryption through the hybrid en- cryption paradigm. The Boneh-Gentry-Waters scheme of 2005 proposed a broadcast scheme with constant-size ciphertext. It is one of the most efficient broadcast encryption schemes regarding overhead size. In this work we consider the improved scheme of Phan-Pointcheval-Shahandashi-Ste er [PPSS12] which provides an adaptive CCA broadcast encryption scheme. These two schemes may be tweaked to use bilinear pairings[DGS]. This document details our choices for the implementation of the PPSS scheme. We provide a complete golden sequence of the protocol with efficient pairings (Tate, Ate and Optimal Ate). We target a 128-bit security level, hence we use a BN-curve [BN06]. The aim of this work is to contribute to the use and the standardization of PPSS scheme and pairings in concrete systems.

Note: This document will be provided as an informative document to the ISO. We try to promote the use of pairings and advanced cryptography in concrete systems. We try to fill the lack of non ambiguous sequences as can be found to implement classic ECC.