Broadcast Encryption with Guessing Secrecy

  • Yohei WatanabeEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10681)


Perfect secrecy, which is a fundamental security notion introduced by Shannon, guarantees that no information on plaintexts is leaked from corresponding ciphertexts in the information-theoretic sense. Although it captures the strongest security, it is well-known that the secret-key size must be equal or larger than the plaintext-size to achieve perfect secrecy. Furthermore, probability distribution on secret keys must be uniform. Alimomeni and Safavi-Naini (ICITS 2012) proposed a new security notion, called guessing secrecy, to relax the above two restrictions, and showed that unlike perfect secrecy, even non-uniform keys can be used for providing guessing secrecy. Iwamoto and Shikata (ISIT 2015) showed secure concrete constructions of a symmetric-key encryption scheme with non-uniform keys in the guessing secrecy framework. In this work, we extend their results to the broadcast encryption setting. We first define guessing secrecy of broadcast encryption, and show relationships among several guessing-secrecy notions and perfect secrecy. We derive lower bounds on secret keys, and show the Fiat-Naor one-bit construction with non-uniform keys is also secure in the sense of guessing secrecy.


Broadcast encryption Guessing secrecy Information-theoretic security Non-uniform distribution 



We would like to thank the anonymous reviewers for fruitful comments. We would also like to thank Junji Shikata for his feedback. The author is supported by JSPS Research Fellowship for Young Scientists. This work was supported by Grant-in-Aid for JSPS Fellows Grant Number JP16J10532 and JP17H01752.


  1. 1.
    Alimomeni, M., Safavi-Naini, R.: Guessing Secrecy. In: Smith, A. (ed.) ICITS 2012. LNCS, vol. 7412, pp. 1–13. Springer, Heidelberg (2012). CrossRefGoogle Scholar
  2. 2.
    Berkovits, S.: How to broadcast a secret. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 535–541. Springer, Heidelberg (1991). CrossRefGoogle Scholar
  3. 3.
    Blundo, C., Cresti, A.: Space requirements for broadcast encryption. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 287–298. Springer, Heidelberg (1995). Google Scholar
  4. 4.
    Blundo, C., Mattos, L.A.F., Stinson, D.R.: Trade-offs between communication and storage in unconditionally secure schemes for broadcast encryption and interactive key distribution. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 387–400. Springer, Heidelberg (1996). Google Scholar
  5. 5.
    Boneh, D., Gentry, C., Waters, B.: Collusion resistant broadcast encryption with short ciphertexts and private keys. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 258–275. Springer, Heidelberg (2005). CrossRefGoogle Scholar
  6. 6.
    Chen, H., Ling, S., Padró, C., Wang, H., Xing, C.: Key predistribution schemes and one-time broadcast encryption schemes from algebraic geometry codes. In: Parker, M.G. (ed.) IMACC 2009. LNCS, vol. 5921, pp. 263–277. Springer, Heidelberg (2009). CrossRefGoogle Scholar
  7. 7.
    Cover, T.M., Thomas, J.A.: Elements of Information Theory. Wiley-Interscience, 2nd edn. July 2006Google Scholar
  8. 8.
    Csiszár, I., Koerner, J.: Information Theory: Coding Theorems for Discrete Memoryless Systems, 2nd edn. Cambridge University Press, Cambridge (2011)CrossRefGoogle Scholar
  9. 9.
    Dodis, Y., Fazio, N.: Public key broadcast encryption for stateless receivers. In: Feigenbaum, J. (ed.) DRM 2002. LNCS, vol. 2696, pp. 61–80. Springer, Heidelberg (2003). CrossRefGoogle Scholar
  10. 10.
    Dodis, Y., Smith, A.: Entropic security and the encryption of high entropy messages. In: Kilian, J. (ed.) TCC 2005. LNCS, vol. 3378, pp. 556–577. Springer, Heidelberg (2005). CrossRefGoogle Scholar
  11. 11.
    Fiat, A., Naor, M.: Broadcast encryption. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 480–491. Springer, Heidelberg (1994). CrossRefGoogle Scholar
  12. 12.
    Garay, J.A., Staddon, J., Wool, A.: Long-lived broadcast encryption. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 333–352. Springer, Heidelberg (2000). CrossRefGoogle Scholar
  13. 13.
    Gentry, C., Waters, B.: Adaptive security in broadcast encryption systems (with Short Ciphertexts). In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 171–188. Springer, Heidelberg (2009). CrossRefGoogle Scholar
  14. 14.
    Iwamoto, M., Shikata, J.: Constructions of symmetric-key encryption with guessing secrecy. In: IEEE International Symposium on Information Theory 2015, pp. 725–729, June 2015Google Scholar
  15. 15.
    Iwamoto, M., Shikata, J.: Information theoretic security for encryption based on conditional rényi entropies. In: Padró, C. (ed.) ICITS 2013. LNCS, vol. 8317, pp. 103–121. Springer, Cham (2014). CrossRefGoogle Scholar
  16. 16.
    Kurosawa, K., Yoshida, T., Desmedt, Y., Burmester, M.: Some bounds and a construction for secure broadcast encryption. In: Ohta, K., Pei, D. (eds.) ASIACRYPT 1998. LNCS, vol. 1514, pp. 420–433. Springer, Heidelberg (1998). CrossRefGoogle Scholar
  17. 17.
    Luby, M., Staddon, J.: Combinatorial bounds for broadcast encryption. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 512–526. Springer, Heidelberg (1998). CrossRefGoogle Scholar
  18. 18.
    Naor, D., Naor, M., Lotspiech, J.: Revocation and tracing schemes for stateless receivers. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 41–62. Springer, Heidelberg (2001). CrossRefGoogle Scholar
  19. 19.
    Padró, C., Gracia, I., Martín, S.: Improving the trade-off between storage and communication in broadcast encryption schemes. Discrete Appl. Math. 143(1–3), 213–220 (2004)MathSciNetCrossRefzbMATHGoogle Scholar
  20. 20.
    Padró, C., Gracia, I., Martín, S., Morillo, P.: Linear broadcast encryption schemes. Discrete Appl. Math. 128(1), 223–238 (2003)MathSciNetCrossRefzbMATHGoogle Scholar
  21. 21.
    Phan, D.H., Pointcheval, D., Strefler, M.: Security notions for broadcast encryption. In: Lopez, J., Tsudik, G. (eds.) ACNS 2011. LNCS, vol. 6715, pp. 377–394. Springer, Heidelberg (2011). CrossRefGoogle Scholar
  22. 22.
    Russell, A., Wang, H.: How to fool an unbounded adversary with a short key. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 133–148. Springer, Heidelberg (2002). CrossRefGoogle Scholar
  23. 23.
    Shannon, C.E.: Communication theory of secrecy systems. Bell Syst. Tech. J. 28, 656–715 (1949)MathSciNetCrossRefzbMATHGoogle Scholar
  24. 24.
    Watanabe, Y., Hanaoka, G., Shikata, J.: Unconditionally secure revocable storage: tight bounds, optimal construction, and robustness. In: Nascimento, A.C.A., Barreto, P. (eds.) ICITS 2016. LNCS, vol. 10015, pp. 213–237. Springer, Cham (2016). CrossRefGoogle Scholar
  25. 25.
    Watanabe, Y., Shikata, J.: Unconditionally secure broadcast encryption schemes with trade-offs between communication and storage. IEICE Trans. 99–A(6), 1097–1106 (2016)CrossRefGoogle Scholar
  26. 26.
    Yamamoto, H.: Rate-distortion theory for the shannon cipher system. IEEE Trans. Inf. Theor. 43(3), 827–835 (1997)MathSciNetCrossRefzbMATHGoogle Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  1. 1.Graduate School of Informatics and EngineeringThe University of Electro-CommunicationsTokyoJapan
  2. 2.Information Technology Research InstituteAISTTokyoJapan

Personalised recommendations