TY - GEN
T1 - Fully distributed broadcast encryption
AU - Wu, Qianhong
AU - Qin, Bo
AU - Zhang, Lei
AU - Domingo-Ferrer, Josep
PY - 2011
Y1 - 2011
N2 - Broadcast encryption schemes rely on a centralized authority to generate decryption keys for each user. It is observed that, when a broadcast encryption scheme is deployed for secret escrows, a dishonest dealer can read the escrowed secrets without leaving any witnesses. We present a new broadcast encryption paradigm referred to as fully distributed broadcast encryption (FDBE) without suffering from this vulnerability. In the new paradigm, there are multiple dealers, and by contacting a number of them equal to a threshold or more, any user can join the system; then the secrets can be encrypted to any subset of users and only the intended receivers can decrypt, while an attacker cannot get any information about the encrypted message even if the attacker controls all the users outside the receiver set and corrupts some dealers, provided that the number of corrupted dealers is less than a threshold. We realize the first fully distributed broadcast encryption scheme which is proven secure under the decision Bilinear Diffie-Hellman Exponentiation assumption in the standard model. A variant is also shown to achieve sub-linear complexity in terms of public key, decryption key and ciphertext, comparable to up-to-date regular broadcast encryption schemes without robustness and strong security against misbehaving dealers.
AB - Broadcast encryption schemes rely on a centralized authority to generate decryption keys for each user. It is observed that, when a broadcast encryption scheme is deployed for secret escrows, a dishonest dealer can read the escrowed secrets without leaving any witnesses. We present a new broadcast encryption paradigm referred to as fully distributed broadcast encryption (FDBE) without suffering from this vulnerability. In the new paradigm, there are multiple dealers, and by contacting a number of them equal to a threshold or more, any user can join the system; then the secrets can be encrypted to any subset of users and only the intended receivers can decrypt, while an attacker cannot get any information about the encrypted message even if the attacker controls all the users outside the receiver set and corrupts some dealers, provided that the number of corrupted dealers is less than a threshold. We realize the first fully distributed broadcast encryption scheme which is proven secure under the decision Bilinear Diffie-Hellman Exponentiation assumption in the standard model. A variant is also shown to achieve sub-linear complexity in terms of public key, decryption key and ciphertext, comparable to up-to-date regular broadcast encryption schemes without robustness and strong security against misbehaving dealers.
KW - Access control
KW - Bilinear pairing
KW - Broadcast encryption
KW - Provable security
KW - Secrets escrow
UR - https://www.scopus.com/pages/publications/80053138624
U2 - 10.1007/978-3-642-24316-5_9
DO - 10.1007/978-3-642-24316-5_9
M3 - 会议稿件
AN - SCOPUS:80053138624
SN - 9783642243158
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 102
EP - 119
BT - Provable Security - 5th International Conference, ProvSec 2011, Proceedings
T2 - 5th International Conference on Provable Security, ProvSec 2011
Y2 - 16 October 2011 through 18 October 2011
ER -