Towards Making Broadcast Encryption Practical

  • Michel Abdalla⋆
  • Yuval Shavitt
  • Avishai Wool
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1648)


The problem we address is how to communicate securely with a set of users (the target set) over an insecure broadcast channel. In order to solve this problem, several broadcast encryption schemes have been proposed. In these systems, the parameters of major concern are the length of transmission and number of keys held by each user’s set top terminal (STT). Due to the need to withstand hardware tampering, the amount of secure memory available in the STTs is quite small, severely limiting the number of keys each user holds. In such cases, known the- oretical bounds seem to indicate that non-trivial broadcast encryption schemes are only feasible when the number of users is small.

In order to break away from these theoretical bounds, our approach is to allow a controlled number of users outside the target set to occasionally receive the multicast. This relaxation is appropriate for low-cost transmissions such as multicasting electronic coupons. For this purpose, we introduce ƒ-redundant establishment key allocations, which guarantee that the total number of recipients is no more than ƒ times the number of intended recipients. We measure the performance of such schemes by the number of transmissions they require, by their redundancy, and by their opportunity, which is the probability of a user outside the target set to be part of the multicast. We first prove a new lower bound and discuss the basic trade-offs associated with this new setting. Then we present several new ƒ-redundant establishment key allocations. We evaluate the schemes’ performance under all the relevant measures by extensive simulation. Our results indicate that, unlike previous solutions, it seems possible to design practical schemes in this new setting.


Free Rider Broadcast Encryption Redundancy Factor Full Binary Tree Actual Redundancy 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. ]BC94.
    C. Blundo and A. Cresti. Space requirements for broadcast encryption. In A. De Santis, editor, Advances in Cryptology-EUROCRYPT’94, LNCS 950, pages 287–298. Springer-Verlag, 1994.CrossRefGoogle Scholar
  2. BFS98.
    C. Blundo, L.A. Frota Mattos, and D.R. Stinson. Generalized Beimel-Chor schemes for broadcast encryption and interactive key distribution. Theoretical Computer Science, 200(1-2):313–334, 1998.zbMATHCrossRefMathSciNetGoogle Scholar
  3. CD96.
    C.J. Colbourn and J.H. Dinitz. The CRC Handbook of Combinatorial Designs. CRC Press, Boca Raton, 1996.zbMATHGoogle Scholar
  4. CEFH95.
    J.L. Cohen, M.H. Etzel, D.W. Faucher, and D.N. Heer. Security for broadband digital networks. Communications Technology, pages 58–69, August 1995.Google Scholar
  5. CFN94.
    B. Chor, A. Fiat, and M. Naor. Tracing traitors. In Yvo G. Desmedt, editor, Advances in Cryptology-CRYPTO’94, LNCS 839, pages 257–270. Springer-Verlag, 1994.Google Scholar
  6. Fei98.
    U. Feige. A threshold of ln n for approximating set cover. J. ACM, 45(4): 634–652, July 1998.zbMATHCrossRefMathSciNetGoogle Scholar
  7. FN94.
    A. Fiat and M. Naor. Broadcast encryption. In Advances in Cryptology-CRYPTO’93, LNCS 773, pages 480–491. Springer-Verlag, 1994.Google Scholar
  8. Gem98.
    Gemplus: Catalog of products and services. offer/index.htm, 1998.
  9. GJ79.
    M.R. Garey and D.S. Johnson. Computers and Intractability: A Guide to the Theory of NP-Completeness. Freeman, San Francisco, 1979.zbMATHGoogle Scholar
  10. GW97.
    T. Grossman and A. Wool. Computational experience with approximation algorithms for the set covering problem. Euro. J. Operational Research, 101(1):81–92, August 1997.zbMATHCrossRefGoogle Scholar
  11. GW98.
    E. Gabber and A. Wool. How to prove where you are: Tracking the location of customer equipment. In Proc. 5th ACM Conf. Computer and Communications Security (CCS), pages 142–149, San Francisco, November 1998.Google Scholar
  12. Hoc95.
    D.S. Hochbaum. (ed.) Approximation Algorithms for NP-Hard Problems. PWS Publishing Company, Boston, MA, 1995.Google Scholar
  13. Jai91.
    R. Jain. The Art of Computer Systems Performance Analysis. John Wiley & Sons, 1991.Google Scholar
  14. Joh74.
    D.S. Johnson. Approximation algorithms for combinatorial problems. J. Computer System Sci., 9:256–278, 1974.zbMATHCrossRefGoogle Scholar
  15. Lov75.
    L. Lovász. On the ratio of optimal integral and fractional covers. Disc. Math., 13:383–390, 1975.zbMATHCrossRefGoogle Scholar
  16. LS98.
    M. Luby and J. Staddon. Combinatorial bounds for broadcast encryption. In K. Nyberg, editor, Advances in Cryptology-EUROCRYPT’98, LNCS 1403, pages 512–526, Espoo, Finland, 1998. Springer-Verlag.CrossRefGoogle Scholar
  17. McC96.
    J. McCormac. European Scrambling Systems 5. Waterford University Press, Waterford, Ireland, 1996.Google Scholar
  18. MM92.
    W.H. Mills and R.C. Mullin. Coverings and packings. In J.H. Dinitz and D.R. Stinson, editors, Contemporary Design Theory: A Collection of Surveys, pages 317–399. John Wiley & Sons, 1992.Google Scholar
  19. MQ95.
    B.M. Macq and J.-J. Quisquater. Cryptology for digital TV broadcasting. Proceedings of the IEEE, 83(6):944–957, 1995.CrossRefGoogle Scholar
  20. NP98.
    M. Naor and B. Pinkas. Threshold traitor tracing. In Advances in Cryptology-CRYPTO’98, LNCS 1462. Springer-Verlag, 1998.Google Scholar
  21. Sch64.
    J. Schönheim. On coverings. Pacific J. Math., 14:1405–1411, 1964.zbMATHMathSciNetGoogle Scholar
  22. SvT98.
    D.R. Stinson and T. van Trung. Some new results on key distribution patterns and broadcast encryption. Designs, Codes and Cryptography, 14(3):261–279, 1998.zbMATHCrossRefMathSciNetGoogle Scholar
  23. Woo98.
    A. Wool. Key management for encrypted broadcast. In Proc. 5th ACM Conf. Computer and Communications Security (CCS), pages 7–16, San Francisco, November 1998.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1999

Authors and Affiliations

  • Michel Abdalla⋆
    • 1
  • Yuval Shavitt
    • 2
  • Avishai Wool
    • 3
  1. 1.Dept. of Computer Science & EngineeringUniversity of California at San DiegoLa Jolla
  2. 2.Lucent TechnologiesBell LaboratoriesHolmdelNJ
  3. 3.Lucent TechnologiesBell LaboratoriesMurray HillNJ

Personalised recommendations