Asymmetric group key agreement protocol for open networks and its application to broadcast encryption

Asymmetric group key agreement is a recently introduced versatile cryptographic primitive. It allows a group of users to negotiate a common encryption key which is accessible to any entities, and each user only holds her respective secret decryption key. This concept not only enables confidential communications among group users but also permits any outsider to send encrypted messages to the group. The existing instantiation is only secure against passive adversaries. In this paper, we first introduce an authenticated asymmetric group key agreement protocol which offers security against active attacks in open networks. Based on this protocol, we then propose a broadcast encryption system without relying on a trusted dealer to distribute the secret keys to the users. Our system is equipped with the perfect forward security property and has short ciphertexts. Improved systems are also described to allow a sender to select receivers for broadcast encryption and to balance the transmission overhead against the ciphertext size.