Public-Key Revocation and Tracing Schemes with Subset Difference Methods Revisited

  • Kwangsu Lee
  • Woo Kwon Koo
  • Dong Hoon Lee
  • Jong Hwan Park
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8713)


Broadcast encryption is a very powerful primitive since it can send an encrypted message to a set of users excluding a set of revoked users. Public-key broadcast encryption (PKBE) is a special type of broadcast encryption such that anyone can run the encryption algorithm to create an encrypted message by using a public key. In this paper, we propose a new technique to construct an efficient PKBE scheme by using the subset cover framework. First, we introduce a new concept of public-key encryption named single revocation encryption (SRE) and propose an efficient SRE scheme in the random oracle model. A user in SRE is represented as a group that he belongs and a member in the group. In SRE, a sender can create a ciphertext for a specified group where one member in the group is revoked, and a receiver can decrypt the ciphertext if he belongs to the group in the ciphertext and he is not revoked in the group. Second, we show that the subset difference (SD) scheme (or the layered subset difference (LSD) scheme) and an SRE scheme can be combined to construct a public-key revocation encryption (PKRE) scheme such that a set of revoked users is specified in a ciphertext. Our PKRE scheme using the LSD scheme and our SRE scheme can reduce the size of private keys and public keys by logN factor compared with the previous scheme of Dodis and Fazio.


Public-key encryption Broadcast encryption Traitor tracing Trace and revoke Bilinear maps 


  1. 1.
    Abdalla, M., Dent, A.W., Malone-Lee, J., Neven, G., Phan, D.H., Smart, N.P.: Identity-based traitor tracing. In: Okamoto, T., Wang, X. (eds.) PKC 2007. LNCS, vol. 4450, pp. 361–376. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  2. 2.
    Boneh, D., Boyen, X., Goh, E.J.: Hierarchical identity based encryption with constant size ciphertext. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 440–456. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  3. 3.
    Boneh, D., Franklin, M.K.: Identity-based encryption from the weil pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  4. 4.
    Boneh, D., Gentry, C., Waters, B.: Collusion resistant broadcast encryption with short ciphertexts and private keys. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 258–275. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  5. 5.
    Boneh, D., Sahai, A., Waters, B.: Fully collusion resistant traitor tracing with short ciphertexts and private keys. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 573–592. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  6. 6.
    Boneh, D., Waters, B.: A fully collusion resistant broadcast, trace, and revoke system. In: Juels, A., Wright, R.N., di Vimercati, S.D.C. (eds.) ACM Conference on Computer and Communications Security, pp. 211–220. ACM (2006)Google Scholar
  7. 7.
    Chor, B., Fiat, A., Naor, M.: Tracing traitors. In: Desmedt, Y.G. (ed.) Advances in Cryptology - CRYPTO 1994. LNCS, vol. 839, pp. 257–270. Springer, Heidelberg (1994)Google Scholar
  8. 8.
    Delerablée, C.: Identity-based broadcast encryption with constant size ciphertexts and private keys. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 200–215. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  9. 9.
    Dodis, Y., Fazio, N.: Public key broadcast encryption for stateless receivers. In: Feigenbaum, J. (ed.) DRM 2002. LNCS, vol. 2696, pp. 61–80. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  10. 10.
    Fiat, A., Naor, M.: Broadcast encryption. In: Stinson, D.R. (ed.) Advances in Cryptology - CRYPTO 1993. LNCS, vol. 773, pp. 480–491. Springer, Heidelberg (1994)Google Scholar
  11. 11.
    Fujisaki, E., Okamoto, T.: Secure integration of asymmetric and symmetric encryption schemes. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 537–554. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  12. 12.
    Furukawa, J., Attrapadung, N.: Fully collusion resistant black-box traitor revocable broadcast encryption with short private keys. In: Arge, L., Cachin, C., Jurdziński, T., Tarlecki, A. (eds.) ICALP 2007. LNCS, vol. 4596, pp. 496–508. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  13. 13.
    Garg, S., Kumarasubramanian, A., Sahai, A., Waters, B.: Building efficient fully collusion-resilient traitor tracing and revocation schemes. In: Al-Shaer, E., Keromytis, A.D., Shmatikov, V. (eds.) ACM Conference on Computer and Communications Security, pp. 121–130. ACM (2010)Google Scholar
  14. 14.
    Gentry, C., Waters, B.: Adaptive security in broadcast encryption systems (with short ciphertexts). In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 171–188. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  15. 15.
    Goodrich, M.T., Sun, J.Z., Tamassia, R.: Efficient tree-based revocation in groups of low-state devices. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 511–527. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  16. 16.
    Halevy, D., Shamir, A.: The lsd broadcast encryption scheme. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 47–60. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  17. 17.
    Kiayias, A., Pehlivanoglu, S.: Pirate evolution: How to make the most of your traitor keys. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 448–465. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  18. 18.
    Lee, K., Koo, W.K., Lee, D.H., Park, J.H.: Public-key revocation and tracing schemes with subset difference methods revisited. Cryptology ePrint Archive, Report 2013/228 (2013),
  19. 19.
    Lewko, A.B., Sahai, A., Waters, B.: Revocation systems with very small private keys. In: IEEE Symposium on Security and Privacy, pp. 273–285. IEEE Computer Society (2010)Google Scholar
  20. 20.
    Naor, D., Naor, M., Lotspiech, J.: Revocation and tracing schemes for stateless receivers. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 41–62. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  21. 21.
    Naor, D., Naor, M., Lotspiech, J.: Revocation and tracing schemes for stateless receivers. Electronic Colloquium on Computational Complexity (ECCC) (043) (2002)Google Scholar
  22. 22.
    Naor, M., Pinkas, B.: Efficient trace and revoke schemes. In: Frankel, Y. (ed.) FC 2000. LNCS, vol. 1962, pp. 1–20. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  23. 23.
    Park, J.H., Kim, H.J., Sung, H.M., Lee, D.H.: Public key broadcast encryption schemes with shorter transmissions. IEEE Trans. Broadcast. 54(3), 401–411 (2008)CrossRefGoogle Scholar
  24. 24.
    Park, J.H., Lee, D.H.: Fully collusion-resistant traitor tracing scheme with shorter ciphertexts. Des. Codes Cryptography 60(3), 255–276 (2011)CrossRefzbMATHGoogle Scholar
  25. 25.
    Park, J.H., Rhee, H.S., Lee, D.H.: Fully collusion-resistant trace-and-revoke scheme in prime-order groups. Journal of Communications and Networks 13(5), 428–441 (2011)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Kwangsu Lee
    • 1
  • Woo Kwon Koo
    • 1
  • Dong Hoon Lee
    • 1
  • Jong Hwan Park
    • 2
  1. 1.CISTKorea UniversityKorea
  2. 2.Sangmyung UniversityKorea

Personalised recommendations