Cryptology ePrint Archive: Report 2013/844

A generic view on trace-and-revoke broadcast encryption schemes

Dennis Hofheinz and Christoph Striecks

Abstract: At Eurocrypt 2011, Wee presented a generalization of threshold public key encryption, threshold signatures, and revocation schemes arising from threshold extractable hash proof systems. In particular, he gave instances of his generic revocation scheme from the DDH assumption (which led to the Naor-Pinkas revocation scheme), and from the factoring assumption (which led to a new revocation scheme). We expand on Wee's work in two directions: (a) We propose threshold extractable hash proof instantiations from the "Extended Decisional Diffie-Hellman" (EDDH) assumption due to Hemenway and Ostrovsky (PKC 2012). This in particular yields EDDH-based variants of threshold public key encryption, threshold signatures, and revocation schemes. In detail, this yields a DCR-based revocation scheme. (b) We show that our EDDH-based revocation scheme allows for a mild form of traitor tracing (and, thus, yields a new trace-and-revoke scheme). In particular, compared to Wee's factoring-based scheme, our DCR-based scheme has the advantage that it allows to trace traitors.

Category / Keywords: broadcast encryption, revocation scheme, traitor tracing, trace-and-revoke scheme, threshold extractable hash proof system, extended decisional Diffie-Hellman

Original Publication (with minor differences): CT-RSA-2014

Date: received 13 Dec 2013, last revised 28 Mar 2014

Contact author: Christoph Striecks at kit edu

Available format(s): PDF | BibTeX Citation

Version: 20140328:144236 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]