Cryptology ePrint Archive: Report 2021/976

Reinventing BEDs: Formal Treatment of Broadcast Encryption with Dealership and Practical Constructions

Sayantan Mukherjee and Avishek Majumder

Abstract: Broadcast Encryption allows a sender to send a message to more than one receiver. In a typical broadcast encryption, the broadcaster decides the privileged set as in who all can decrypt a particular ciphertext. Gritti et al. (IJIS'16) introduced a new primitive called Broadcast Encryption with Dealership (BED), where the dealer/wholesaler decides the privileged set. This rather recently introduced primitive allows a wholesaler to buy content from the broadcaster and sell it to users. Following their construction, to date, three more constructions of broadcast encryption with dealership have been proposed. Among them, the first showed the BED construction of Gritti et al. (IJIS'16) to be insecure.

All the state-of-the-arts works were unable to fully identify the requirements of a BED scheme. We first identify and propose a new security requirement that has not been considered before. After formally defining a BED scheme, we show simple pairing-based attacks on all previous constructions rendering all of them useless. We then give the first secure BED construction in the composite-order pairing groups. This construction achieves constant-size ciphertext and secret keys but achieves selectively secure message hiding only. We then give our second construction from Li and Gong's (PKC'18) anonymous broadcast encryption. This construction achieves adaptively secure message hiding but has ciphertext size dependent on the size of the privileged set. Following that, we propose our third and final construction that achieves constant size ciphertext in the standard model and achieves adaptive message hiding security.

Category / Keywords: public-key cryptography / Broadcast Encryption, Dealer, Membership Encryption, Bilinear Pairing, Broadcast Encryption with Dealership

Date: received 21 Jul 2021, last revised 22 Jul 2021

Contact author: csayantan mukherjee at gmail com, avishek majumder1991 at gmail com

Available format(s): PDF | BibTeX Citation

Version: 20210722:092259 (All versions of this report)

Short URL: ia.cr/2021/976


[ Cryptology ePrint archive ]