A Secure Re-keying Scheme with Key Recovery Property

  • Hartono Kurnio
  • Rei Safavi-Naini
  • Huaxiong Wang
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2384)


A commonly used solution for controlling access to information in a multicast group is to encrypt the data using a group key (session key). The group key is only known by users in the group, but not others. A multicast group is dynamic in the sense that group memberships changes in each session. To start a new session, the session key must be updated through a re-keying scheme. In this paper we propose a re-keying scheme for multiple user revocation and multiple user join. Our construction employs logical key hierarchy in conjunction with oneway hash chain to achieve higher efficiency. We prove that our scheme satisfies forward secrecy, backward secrecy and forward-backward secrecy. We also provide key recovery property which gives a system the ability to recover a session key using the previous and future session keys. We show security of the system.


Multicast Group Secret Sharing Scheme Legitimate User Forward Secrecy Group Controller 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    M. Abdalla, Y. Shavitt and A. Wool. Towards Making Broadcast Encryption Practical. Financial Cryptography’ 99, Lecture Notes in Computer Science 1648, pages 140–152, 1999.CrossRefGoogle Scholar
  2. 2.
    J. Anzai, N. Matsuzaki and T. Matsumoto. A Quick Group Key Distribution Scheme with “Entity Revocation”. Advances in Cryptology-ASIACRYPT’ 99, Lecture Notes in Computer Science 1716, pages 333–347, 1999.Google Scholar
  3. 3.
    C. Blundo and A. Cresti. Space Requirements for Broadcast Encryption. Advances in Cryptology-EUROCRYPT’ 94, Lecture Notes in Computer Science 950, pages 287–298, 1994.CrossRefGoogle Scholar
  4. 4.
    C. Blundo, L. A. Frota Mattos and D. Stinson. Trade-offs Between Communication and Storage in Unconditionally Secure Systems for Broadcast Encryption and Interactive Key Distribution. Advances in Cryptology-CRYPTO’ 96, Lecture Notes in Computer Science 1109, pages 387–400, 1996.CrossRefGoogle Scholar
  5. 5.
    J. W. Byers, M. Luby, M. Mitzenmacher and A. Rege. A Digital Fountain Approach to Reliable Distribution of Bulk Data. Proceedings of the ACM SIGCOMM’ 98, 1998.Google Scholar
  6. 6.
    R. Canetti, J. Garay, G. Itkis, D. Micciancio, M. Naor and B. Pinkas. Issues in Multicast Security: A Taxonomy and Efficient Constructions. Proceedings of INFOCOM’ 99, pages 708–716, 1999.Google Scholar
  7. 7.
    R. Canetti, T. Malkin and K. Nissim. Efficient Communication-Storage Tradeoffs for Multicast Encryption. Advances in Cryptology-EUROCRYPT’ 99, Lecture Notes in Computer Science 1592, pages 459–474, 1999.Google Scholar
  8. 8.
    I. Chang, R. Engel, D. Kandlur, D. Pendarakis and D. Saha. Key Management for Secure Internet Multicast Using Boolean Function Minimization Techniques. Proceedings of INFOCOM’ 99, pages 689–698, 1999.Google Scholar
  9. 9.
    A. Fiat and M. Naor. Broadcast Encryption. Advances in Cryptology-CRYPTO’ 93, Lecture Notes in Computer Science 773, pages 480–491, 1994.Google Scholar
  10. 10.
    FIPS 180-1. Secure Hash Standard. NIST, US Department of Commerce, Washington D.C., April 1995.Google Scholar
  11. 11.
    R. Kumar, S. Rajagopalan and A. Sahai. Coding Constructions for Blacklisting Problems Without Computational Assumptions. Advances in Cryptology-CRYPTO’ 99, Lecture Notes in Computer Science 1666, pages 609–623, 1999.Google Scholar
  12. 12.
    H. Kurnio, R. Safavi-Naini and H. Wang. Efficient Revocation Schemes for Secure Multicast. Information Security and Cryptology-ICISC 2001, Lecture Notes in Computer Science 2288, pages 160–177, 2002.CrossRefGoogle Scholar
  13. 13.
    M. Luby and J. Staddon. Combinatorial Bounds for Broadcast Encryption. Advances in Cryptology-EUROCRYPT’ 98, Lecture Notes in Computer Science 1403, pages 512–526, 1998.CrossRefGoogle Scholar
  14. 14.
    D. A. McGrew and A. T. Sherman. Key Establishment in Large Dynamic Groups Using One-Way Function Trees. Manuscript, 1998.Google Scholar
  15. 15.
    D. Naor, M. Naor and J. Lotspiech. Revocation and Tracing Schemes for Stateless Receivers. Advances in Cryptology-CRYPTO 2001, Lecture Notes in Computer Science 2139, pages 41–62, 2001.CrossRefGoogle Scholar
  16. 16.
    M. Naor and B. Pinkas. Efficient Trace and Revoke Schemes. Financial Cryptography 2000, Lecture Notes in Computer Science 1962, pages 1–20, 2001.CrossRefGoogle Scholar
  17. 17.
    A. Perrig, D. Song and J. D. Tygar. ELK, a New Protocol for Efficient Large-Group Key Distribution. IEEE Symposium on Security and Privacy 2001, pages 247–262, 2001.Google Scholar
  18. 18.
    M. O. Rabin. The Information Dispersal Algorithm and Its Applications. Sequences: Combinatorics, Compression, Security and Transmission, pages 406–419, 1990.Google Scholar
  19. 19.
    R. Rivest. The MD5 Message Digest Algorithm. RFC 1321, April 1992.Google Scholar
  20. 20.
    R. Safavi-Naini and H. Wang. New Constructions for Multicast Re-keying Schemes Using Perfect Hash Families. 7th ACM Conference on Computer and Communication Security, ACM Press, pages 228–234, 2000.Google Scholar
  21. 21.
    A. Shamir. How to Share a Secret. Communications of the ACM 22, pages 612–613, 1979.zbMATHCrossRefMathSciNetGoogle Scholar
  22. 22.
    D. R. Stinson and T. van Trung. Some New Results on Key Distribution Patterns and Broadcast Encryption. Designs, Codes and Cryptography 15, pages 261–279, 1998.CrossRefGoogle Scholar
  23. 23.
    D. M. Wallner, E. J. Harder and R. C. Agee. Key Management for Multicast: Issues and Architectures. Internet Draft (draft-wallner-key-arch-01.txt),
  24. 24.
    C. K. Wong, M. Gouda and S. S. Lam. Secure Group Communication Using Key Graphs. Proceedings of SIGCOMM’ 98, pages 68–79, 1998.Google Scholar
  25. 25.
    C. K. Wong and S. S. Lam. Keystone: A Group Key Management Service. International Conference on Telecommunications, ICT 2000, 2000.Google Scholar
  26. 26.
    Y. Zheng, J. Pieprzyk and J. Seberry. HAVAL-A One-Way Hashing Algorithm with Variable Length of Output. Advances in Cryptology-AUSCRYPT’ 92, Lecture Notes in Computer Science 718, pages 83–104, 1993.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2002

Authors and Affiliations

  • Hartono Kurnio
    • 1
  • Rei Safavi-Naini
    • 1
  • Huaxiong Wang
    • 2
  1. 1.Centre for Computer Security Research School of Information Technology and Computer ScienceUniversity of WollongongWollongongAustralia
  2. 2.Department of ComputingMacquarie UniversitySydneyAustralia

Personalised recommendations