Abstract
A broadcast encryption scheme enables a server to broadcast information in a secure way over an insecure channel to an arbitrary subset of priviliged recipients. In a set-up phase, the server gives pre-defined keys to every user of the system, using secure point-to-point channels. Later on, it broadcasts an encrypted message along a broadcast channel, in such a way that only users in a priviliged subset can decrypt it, by using the pre-defined keys received in set-up phase. Usually, the broadcast message contains a fresh session key, which can subsequently be used for secure broadcast transmission to the priviliged set of recipients. In this paper we deal with two aspects of secure broadcast transmission: reliability and trust in the broadcaster. The first is a well-studied issue in communication over unreliable channels: packets can get lost and some redundancy is required to provide reliable communication. The second aspect concerns with the assumption that the broadcaster, who receives information for broadcasting from several entities, must be trusted. This issue has not previously been addressed in the broadcast transmission setting. We provide a motivating scenario in which the assumption does not hold and, for both problems, we review and extend some existing broadcast encryption schemes, in order to gain fault tolerance and to remove the need for trust in the broadcaster.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
N. Alon and J. Spencer, The Probabilistic Method, John Wiley, (2nd Edition), 2000. 272
J. Anzai, N. Matsuzaki, and T. Matsumoto, A Quick Group Key Distribution Scheme with Entity Revocation, Advances in Cryptology-Asiacrypt’ 99, Lecture Notes in Computer Science, Vol. 1716, pp. 333–347. 266
O. Berkman, M. Parnas, and J. Sgall, Efficient Dynamic Traitor Tracing, Proc. of the 11-th Annual ACM-SIAM Symposium on Discrete Algorithms (SODA 2000), pp. 586–595, 2000. 266
S. Berkovits, How to Broadcast a Secret, Advances in Cryptology-Eurocrypt’ 91, Lecture Notes in Computer Science, vol. 547, pp. 536–541, 1991. 266
C. Blundo and A. Cresti, Space Requirements for Broadcast Encryption, Advances in Cryptology-Eurocrypt’ 94, Lecture Notes in Computer Science, vol. 950, pp. 287–298, 1995. 266
C. Blundo, Luiz A. Frota Mattos, and D. R. Stinson, Generalized Beimel-Chor Schemes for Broadcast Encryption and Interactive Key Distribution, Theoretical Computer Science, vol. 200, pp. 313–334, 1998. 266
G. R. Blakley and C. Meadows, Security of Ramp Schemes, Advances in Cryptology-Crypto’ 84, Lecture Notes in Computer Science, vol.196, pp. 242–268, 1984. 280
D. Boneh and M. Franklin, An Efficient Public Key Traitor Scheme, Advances in Cryptology-Crypto’ 99, Lecture Notes in Computer Science, vol. 1666, pp. 338–353, 1999. 266
R. Canetti, J. Garay, G. Itkis, D. Micciancio, M. Naor, and B. Pinkas, Issue in Multicast Security: A Taxonomy and Efficient Constructions, Infocom’ 99, pp. 708–716, 1999. 266
R. Canetti, T. Malkin, and K. Nissim, Efficient Communication-Storage Tradeoffs for Multicast Encryption, Advances in Cryptology-Eurocrypt’ 99, Lecture Notes in Computer Science, vol. 1592, pp. 459–474, 1999. 266
B. Chor, A. Fiat, M. Naor and B. Pinkas, Traitor Tracing, IEEE Transactions on Information Theory, vol. 46, No. 3, pp. 893–910, May 2000. 266
T. M. Cover and J. A. Thomas, Elements of Information Theory, John Wiley & Sons, 1991. 280
G. Di Crescenzo and O. Kornievskaia, Efficient Multicast Encryption Schemes, Security in Communication Network (SCN02), Lecture Notes in Computer Science, 2002. 266
C. Dwork, J. Lotspiech, and M. Naor, Digital Signets: Self-Enforcing Protection of Digital Information, Proceedings of the 28-th Symposium on the Theory of Computation, pp. 489–498, 1996. 266
P. Erdos, P. Frankl, and Z. Furedi, Families of finite subsets in which no set is covered by the union of r others, Israel Journal of Mathematics, N. 51, pp. 75–89, 1985. 268
A. Fiat and M. Naor, Broadcast Encryption, Proceedings of Crypto’ 93, Lecture Notes in Computer Science, vol. 773, pp. 480–491, 1994. 266, 270, 271, 272
A. Fiat and T. Tessa, Dynamic Traitor Tracing, Journal of Cryptology, Vol. 14, pp. 211–223, 2001. 266
E. Gafni, J. Staddon, and Y. L. Yin, Efficient Methods for Integrating Traceability and Broadcast Encryption, Advances in Cryptology-Crypto’ 99, Lecture Notes in Computer Science, vol. 1666, p. 372–387, 1999. 266
J. Garay, J. Staddon, and A. Wool, Long-Lived Broadcast Encryption, Advances in Cryptology-Crypto 2000, Lecture Notes in Computer Science, vol. 1880, pp. 333–352, 2000. 266
D. Halevy and A. Shamir, The LSD Broadcast Encryption Scheme, Advances in Cryptology-Crypto’ 02, Lecture Notes in Computer Science, vol. 2442, pp. 47–60, 2002. 266
A. Kiayias and M. Yung, Traitor Tracing with Constant Transmission Rate, Advances in Cryptology-Eurocrypt’ 02, Lecture Notes in Computer Science, vol. 2332, pp. 450–465, 2002. 266
A. Kiayias and M. Yung, Self Protecting Pirates and Black-Box Traitor Tracing, Advances in Cryptology-Crypto’ 01, Lecture Notes in Computer Science, vol. 2139, pp. 63–79, 2001. 266
D. E. Knuth, The Art of Computer Programming, Addison Wesley, (3rd Edition), 1997. 273
R. Kumar, S. Rajagopalan, and A. Sahai, Coding Constructions for Blacklisting Problems without Computational Assumptions, Advances in Cryptology-Crypto’ 99, Lecture Notes in Computer Science, Vol. 1666, pp. 609–623, 1999. 266, 267, 268
H. Kurnio, R. Safani-Naini, and H. Wang, A Group Key Distribution Scheme with Decentralised User Join, Security in Communication Network (SCN02), Lecture Notes in Computer Science, 2002. 266
H. Kurnio, R. Safani-Naini, and H. Wang, A Secure Re-keying Scheme with Key Recovery Property, ACISP 2002, Lecture Notes in Computer Science, Vol. 2384, pp. 40–55, 2002. 266
M. Luby and J. Staddon, Combinatorial Bounds for Broadcast Encryption, Advances in Cryptology-Eurocrypt’ 98, Lecture Notes in Computer Science, vol. 1403, pp. 512–526, 1998. 266
C. J. Mitchell and F.C. Piper, Key Storage in Secure Networks, Discrete Applied Mathematics, vol. 21, pp. 215–228, 1988. 276
D. Naor, M. Naor, and J. Lotspiech, Revocation and Tracing Schemes for Stateless Receivers Advances in Cryptology-Crypto’ 01, Lecture Notes in Computer Science, vol. 2139, pp. 41–62, 2001. 266
M. Naor and B. Pinkas, Efficient Trace and Revoke Schemes, Financial Cryptography 2000, Lecture Notes in Computer Science, vol. 1962, pp. 1–21, 2000. 266
A. Perrig, D. Song, and J. D. Tygar, ELK, a new Protocol for Efficient Large-Group Key Distribution, in IEEE Symposium on Security and Privacy (2000). 266
B. Pfitzmann, Trials of Traced Traitors, Information Hiding, Lecture Notes in Computer Science, vol. 1174, pp. 49–64, 1996. 266
R. Poovendran and J. S. Baras, An Information Theoretic Analysis of Rooted-Tree Based Secure Multicast Key Distribution Schemes, Advances in Cryptology, Crypto’ 99, vol. 1666, pp. 624–638, 1999. 266
R. Safavi-Naini and H. Wang, New Constructions for Multicast Re-Keying Schemes Using Perfect Hash Families, 7th ACM Conference on Computer and Communication Security, ACM Press, pp. 228–234, 2000. 266, 272
R. Safavi-Naini and Y. Wang, Sequential Traitor Tracing, Lecture Notes in Computer Science, vol. 1880, p. 316–332, 2000. 266
J. Staddon, S. Miner, M. Franklin, D. Balfanz, M. Malkin and D. Dean, Self-Healing Key Distribution with Revocation, IEEE Symposium on Security and Privacy, May 12–15, 2002, Berkeley, California. 266
J. N. Staddon, D. R. Stinson and R. Wei, Combinatorial properties of frameproof and traceability codes, IEEE Transactions on Information Theory vol. 47, pp. 1042–1049, 2001. 266
D. R. Stinson, On Some Methods for Unconditionally Secure Key Distribution and Broadcast Encryption, Designs, Codes and Cryptography, vol. 12, pp. 215–243, 1997. 266, 269, 274, 276
D. R. Stinson and T. van Trung, Some New Results on Key Distribution Patterns and Broadcast Encryption, Designs, Codes and Cryptography, vol. 15, pp. 261–279, 1998. 274, 275, 276
D. R. Stinson and R. Wei, Key preassigned traceability schemes for broadcast encryption, Proceedings of SAC’98, Lecture Notes in Computer Science, vol. 1556, pp. 144–156, 1999. 266
D. R. Stinson and R. Wei, Combinatorial properties and constructions of traceability schemes and frameproof codes, SIAM Journal on Discrete Mathematics, vol. 11, pp. 41–53, 1998. 266
D. R. Stinson and R. Wei, An Application of Ramp Schemes to Broadcast Encryption, Information Processing Letters, Vol. 69, pp. 131–135, 1999. 274
D. R. Stinson and R. Wei, Generalized Cover-Free Families, preprint. 269
D. M. Wallner, E. J. Harder, and R. C. Agee, Key Management for Multicast: Issues and Architectures, Internet Draft ftp://ftp.ieft.org/internet-drafts/draft-wallner-key-arch-01.txt. 266
C. Wong, and S. Lam, Keystone: A Group Key Management Service, in International Conference on Telecommunications, ICT 2000. 266
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
D’Arco, P., Stinson, D.R. (2003). Fault Tolerant and Distributed Broadcast Encryption. In: Joye, M. (eds) Topics in Cryptology — CT-RSA 2003. CT-RSA 2003. Lecture Notes in Computer Science, vol 2612. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-36563-X_18
Download citation
DOI: https://doi.org/10.1007/3-540-36563-X_18
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-00847-7
Online ISBN: 978-3-540-36563-1
eBook Packages: Springer Book Archive