eprint.iacr.org will be offline for approximately an hour for routine maintenance again at 10pm UTC on Wednesday, April 17.

Paper 2011/463

Decentralized Dynamic Broadcast Encryption

Duong Hieu Phan, David Pointcheval, and Mario Strefler


A broadcast encryption system generally involves three kinds of entities: the group manager that deals with the membership, the encryptor that encrypts the data to the registered users according to a specific policy (the target set), and the users that decrypt the data if they are authorized by the policy. Public-key broadcast encryption can be seen as removing this special role of encryptor, by allowing anybody to send encrypted data. In this paper, we go a step further in the decentralization process, by removing the group manager: the initial setup of the group, as well as the addition of further members to the system, do not require any central authority. Our construction makes black-box use of well-known primitives and can be considered as an extension to the subset-cover framework. It allows for efficient concrete instantiations, with parameter sizes that match those of the subset-cover constructions, while at the same time achieving the highest security level in the standard model under the DDH assumption.

Available format(s)
Public-key cryptography
Publication info
Published elsewhere. An extended abstract appeared at SCN 2012.
Dynamic Broadcast EncryptionAdaptive SecurityCCA2Standard Model
Contact author(s)
strefler @ di ens fr
2012-09-03: revised
2011-08-29: received
See all versions
Short URL
Creative Commons Attribution


      author = {Duong Hieu Phan and David Pointcheval and Mario Strefler},
      title = {Decentralized Dynamic Broadcast Encryption},
      howpublished = {Cryptology ePrint Archive, Paper 2011/463},
      year = {2011},
      note = {\url{https://eprint.iacr.org/2011/463}},
      url = {https://eprint.iacr.org/2011/463}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.