Paper 2006/298

A Fully Collusion Resistant Broadcast, Trace, and Revoke System

Dan Boneh and Brent Waters


We introduce a simple primitive called Augmented Broadcast Encryption (ABE) that is sufficient for constructing broadcast encryption, traitor-tracing, and trace-and-revoke systems. These ABE-based constructions are resistant to an arbitrary number of colluders and are secure against adaptive adversaries. Furthermore, traitor tracing requires no secrets and can be done by anyone. These broadcast systems are designed for broadcasting to arbitrary sets of users. We then construct a secure ABE system for which the resulting concrete trace-and-revoke system has ciphertexts and private keys of size $\sqrt{N}$ where $N$ is the total number of users in the system. In particular, this is the first example of a fully collusion resistant broadcast system with sub-linear size ciphertexts and private keys that is secure against adaptive adversaries. The system is publicly traceable.

Available format(s)
Public-key cryptography
Publication info
Published elsewhere. To appear in CCS 2006.
broadcast encryptiontraitor tracing
Contact author(s)
bwaters @ csl sri com
2006-08-31: received
Short URL
Creative Commons Attribution


      author = {Dan Boneh and Brent Waters},
      title = {A Fully Collusion Resistant Broadcast, Trace, and Revoke System},
      howpublished = {Cryptology ePrint Archive, Paper 2006/298},
      year = {2006},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.