Efficient Broadcast Encryption Scheme with Log-Key Storage

  • Yong Ho Hwang
  • Pil Joong Lee
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4107)


In this paper, we present a broadcast encryption scheme with efficient transmission cost under the log-key restriction. Given n users and r revoked users, our scheme has the transmission cost of O(r) and requires the storage of O(logn) keys at each receiver. These are optimal complexities in broadcast encryptions using one-way hash functions (or pseudo-random generators.) To achieve these complexities, the stratified subset difference (SSD) scheme and the \(\overline{\textsf {B1}}\) scheme were introduced by Goodrich et al. and Hwang et al. respectively. However, their schemes have the disadvantage that transmission cost increases linearly according to the number of stratifications. By assigning the related keys between stratifications, our scheme remedies the defect and achieves very efficient transmission cost even in an environment where the key storage is restricted. To the best of our knowledge, our scheme has the most efficient transmission cost in the existing schemes with log-key storage. In addition, our result is comparable to other schemes that allow a large key storage.


Computation Cost Transmission Cost Complete Scheme Broadcast Encryption Broadcast Encryption Scheme 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Asano, T.: A Revocationn Scheme with Minimal Storage at Receivers. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 433–450. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  2. 2.
    Asano, T., Kamio, K.: A Tree Based One-Key Broadcast Encryption Scheme with Low Computational Overhead. In: Boyd, C., González Nieto, J.M. (eds.) ACISP 2005. LNCS, vol. 3574, pp. 89–100. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  3. 3.
    Attrapadung, N., Imai, H.: Graph-Decomposition-Based Framework for Subset-Cover Broadcast Encryption and Efficient Instantiations. In: Roy, B. (ed.) ASIACRYPT 2005. LNCS, vol. 3788, pp. 100–120. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  4. 4.
    Attrapadung, N., Kobara, K., Imai, H.: Sequential Key Derivation Patterns for Broadcast Encryption and Key Predistribution Schemes. In: Laih, C.-S. (ed.) ASIACRYPT 2003. LNCS, vol. 2894, pp. 374–391. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  5. 5.
    Berkovits, S.: How to broadcast a secret. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 535–541. Springer, Heidelberg (1991)Google Scholar
  6. 6.
    Blundo, C., Frota, L.A., Stinson, D.R.: Trade-off between Communication and Storage in Unconditionally Secure Schemes for Broadcast Encryption and Interactive Key Distribution. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 387–400. Springer, Heidelberg (1996)Google Scholar
  7. 7.
    Boneh, D., Gentry, C., Waters, B.: Collusion Resistant Broadcast Encryption with Short Ciphertexts and Private Keys. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 258–275. Springer, Heidelberg (2005)Google Scholar
  8. 8.
    Chor, B., Fiat, A., Naor, M.: Tracing traitor. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 257–270. Springer, Heidelberg (1994)Google Scholar
  9. 9.
    Cormen, T.H., Leiserson, C.E., Rivest, R.L., Stein, C.: Introduction to Algorithms. MIT Press, Cambridge (2001)zbMATHGoogle Scholar
  10. 10.
    Dodis, Y., Fazio, N.: Public Key Trace and Revoke Scheme Secure Against Adapitive Chosen Ciphertext Attack. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 100–115. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  11. 11.
    Fiat, A., Naor, M.: Broadcast Encryption. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 480–491. Springer, Heidelberg (1994)Google Scholar
  12. 12.
    Goodrich, M.T., Sun, J.Z., Tamassia, R.: Efficient Tree-Based Revocation in Groups of Low-State Devices. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 511–527. Springer, Heidelberg (2004)Google Scholar
  13. 13.
    Gafni, E., Staddon, J., Yin, Y.L.: Efficient Methods for Intergrating Traceability and Broadcast Encryption. In: Wiener, M.J. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 372–387. Springer, Heidelberg (1999)Google Scholar
  14. 14.
    Hwang, J.Y., Lee, D.H., Lim, J.: Generic Transformation for Scalable Broadcast Encryption Scheme. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 276–292. Springer, Heidelberg (2005)Google Scholar
  15. 15.
    Halevy, D., Shamir, A.: The LSD broadcast encryption scheme. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 47–60. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  16. 16.
    Jho, N.-S., Hwang, J.Y., Cheon, J.H., Kim, M.-H., Lee, D.H., Yoo, E.S.: One-Way Chain Based Broadcast Encryption Schemes. In: Cramer, R.J.F. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 559–574. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  17. 17.
    Kim, C.H., Hwang, Y.H., Lee, P.J.: An Efficient Public Key Trace and Revoke Scheme Secure against Adaptive Chosen Ciphertext Attack. In: Laih, C.-S. (ed.) ASIACRYPT 2003. LNCS, vol. 2894, pp. 359–373. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  18. 18.
    Mihaljevic, M.: Key Management Schemes for Stateless Receivers Based on Time Varying Heterogeneous Logical Key Hierarchy. In: Laih, C.-S. (ed.) ASIACRYPT 2003. LNCS, vol. 2894, pp. 137–154. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  19. 19.
    Naor, D., Naor, M., Lostpiech, J.: Revocation and tracing schemes for stateless receivers. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 41–62. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  20. 20.
    Naor, M., Pinkas, B.: Efficient Trace and Revoke Schemes. In: Frankel, Y. (ed.) FC 2000. LNCS, vol. 1962, pp. 1–20. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  21. 21.
    Wallner, D.M., Harder, E.J., Agee, R.C.: Key management for multicast: Issues and Architectures. IETF Network Working Group, RFC 2627 (1999)Google Scholar
  22. 22.
    Wong, C.K., Gouda, M., Lam, S.: Secure group communications using key graphs. In: ACM SIGCOMM 1998, pp. 68–79 (1998)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Yong Ho Hwang
    • 1
  • Pil Joong Lee
    • 1
  1. 1.Dept. of Electronic and Electrical Eng.POSTECHPohangKorea

Personalised recommendations