Paper 2022/925

Ad Hoc Broadcast, Trace, and Revoke --- Plus Time-Space Trade-Offs for Attribute-Based Encryption

Ji Luo, University of Washington
Abstract

Traitor tracing schemes [Chor–Fiat–Naor, Crypto ’94] help content distributors fight against piracy and are defined with the content distributor as a trusted authority having access to the secret keys of all users. While the traditional model caters well to its original motivation, its centralized nature makes it unsuitable for many scenarios. For usage among mutually untrusted parties, a notion of *ad hoc* traitor tracing (naturally with the capability of broadcast and revocation) is proposed and studied in this work. Such a scheme allows users in the system to generate their own public/secret key pairs, without trusting any other entity. To encrypt, a list of public keys is used to identify the set of recipients, and decryption is possible with a secret key for any of the public keys in the list. In addition, there is a tracing algorithm that given a list of recipients’ public keys and a pirate decoder capable of decrypting ciphertexts encrypted to them, identifies at least one recipient whose secret key must have been used to construct the said decoder. Two constructions are presented. The first is based on functional encryption for circuits (conceptually, obfuscation) and has constant-size ciphertext, yet its decryption time is linear in the number of recipients. The second is a generic transformation that reduces decryption time at the cost of increased ciphertext size. A matching lower bound on the trade-off between ciphertext size and decryption time is shown, indicating that the two constructions achieve all possible optimal trade-offs, i.e., they fully demonstrate the Pareto front of efficiency. The lower bound also applies to broadcast encryption (hence all mildly expressive attribute-based encryption schemes) and is of independent interest.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Published by the IACR in CIC 2024
DOI
10.62056/a39qxrxqi
Keywords
ad hocdecentralizeddistributedflexibletraitor tracingbroadcast encryptionattribute-based encryptionobfuscation
Contact author(s)
luoji @ cs washington edu
History
2024-07-08: last of 4 revisions
2022-07-15: received
See all versions
Short URL
https://ia.cr/2022/925
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2022/925,
      author = {Ji Luo},
      title = {Ad Hoc Broadcast, Trace, and Revoke --- Plus Time-Space Trade-Offs for Attribute-Based Encryption},
      howpublished = {Cryptology {ePrint} Archive, Paper 2022/925},
      year = {2022},
      doi = {10.62056/a39qxrxqi},
      url = {https://eprint.iacr.org/2022/925}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.