Cryptology ePrint Archive: Report 2021/1526

A Performance Evaluation of Pairing-Based Broadcast Encryption Systems

Arush Chhatrapati and Susan Hohenberger and James Trombo and Satyanarayana Vusirikala

Abstract: In a broadcast encryption system, a sender can encrypt a message for any subset of users who are listening on a broadcast channel. The goal of broadcast encryption is to leverage the broadcasting structure to achieve better efficiency than individually encrypting to each user; in particular, reducing the bandwidth (i.e., ciphertext size) required to transmit securely, although other factors such as public and private key size and the time to execute setup, encryption and decryption are also important. In this work, we conduct a detailed performance evaluation of eleven public-key, pairing-based broadcast encryption schemes offering different features and security guarantees, including public-key, identity-based, traitor-tracing, private linear and augmented systems. We implemented each system using the MCL Java pairings library, reworking some of the constructions to achieve better efficiency. We tested their performance on a variety of parameter choices, resulting in hundreds of data points to compare, with some interesting results from the classic Boneh-Gentry-Waters scheme (CRYPTO 2005) to Zhandry's recent generalized scheme (CRYPTO 2020), and more. We combine this performance data and knowledge of the systems' features with data we collected on practical usage scenarios to determine which schemes are likely to perform best for certain applications, such as video streaming services, online gaming, live sports betting and smartphone streaming. This work can inform both practitioners and future cryptographic designs in this area.

Category / Keywords: implementation / broadcast encryption, performance, implementation

Original Publication (with major differences): ACNS 2022

Date: received 17 Nov 2021, last revised 17 Nov 2021

Contact author: susan at cs jhu edu

Available format(s): PDF | BibTeX Citation

Version: 20211122:112654 (All versions of this report)

Short URL: ia.cr/2021/1526


[ Cryptology ePrint archive ]