Revocation and Tracing Based on Ternary Tree: Towards Optimal Broadcast Encryption Scheme

  • Kazuhide Fukushima
  • Shinsaku Kiyomoto
  • Yutaka Miyake
  • Kouichi Sakurai
Part of the Communications in Computer and Information Science book series (CCIS, volume 314)


This paper proposes a broadcast encryption scheme with traitor tracing based on the ternary tree structure. The subset difference method with ternary tree reduces the communication cost and tracing cost of the original method with the binary tree. However, straightforward expansion of the method ends in failure due to the vulnerability to coalition attacks. Thus, we design a new cover-finding algorithm and label assignment algorithm in order to achieve a coalition-resistant revocation and tracing schemes. Our analysis on efficiency and security shows that our scheme is an improvement of the existing broadcast encryption schemes: complete subtree and subset difference methods.


Broadcast encryption Subset difference method Traitor tracing Ternary tree 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Berkovits, S.: How to Broadcast a Secret. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 535–541. Springer, Heidelberg (1991)Google Scholar
  2. 2.
    Fiat, A., Naor, M.: Broadcast Encryption. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 480–491. Springer, Heidelberg (1994)Google Scholar
  3. 3.
    Naor, D., Naor, M., Lotspiech, J.: Revocation and Tracing Schemes for Stateless Receivers. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 41–62. Springer, Heidelberg (2001), CrossRefGoogle Scholar
  4. 4.
    Halevy, D., Shamir, A.: The LSD Broadcast Encryption Scheme. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 47–161. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  5. 5.
    Goodrich, M.T., Sun, J.Z., Tamassia, R.: Efficient Tree-Based Revocation in Groups of Low-State Devices. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 511–527. Springer, Heidelberg (2004)Google Scholar
  6. 6.
    Jho, N.S., Hwang, J.Y., Cheon, J.H., Kim, M.H., Lee, D.H., Yoo, E.S.: One-Way Chain Based Broadcast Encryption Schemes. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 559–574. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  7. 7.
    Hwang, J.Y., Lee, D.H., Lim, J.: Generic Transformation for Scalable Broadcast Encryption Schemes. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 276–292. Springer, Heidelberg (2005)Google Scholar
  8. 8.
    Attrapadung, N., Imai, H.: Practical broadcast encryption from graph-theoretic techniques and subset-incremental-chain structure. IEICE Transaction on Fundamental of Electronics, Communications and Computer Sciences, Special Section on Cryptography and Information Security E90-A, 187–203 (2007)Google Scholar
  9. 9.
    Asano, T.: A Revocation Scheme with Minimal Storage at Receivers. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 433–450. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  10. 10.
    Attrapadung, N., Kobara, K., Imai, H.: Sequential Key Derivation Patterns for Broadcast Encryption and Key Predistribution Schemes. In: Laih, C.-S. (ed.) ASIACRYPT 2003. LNCS, vol. 2894, pp. 374–391. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  11. 11.
    Gentry, C., Ramzan, Z.: RSA Accumulator Based Broadcast Encryption. In: Zhang, K., Zheng, Y. (eds.) ISC 2004. LNCS, vol. 3225, pp. 73–86. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  12. 12.
    Boneh, D., Gentry, C., Waters, B.: Collusion Resistant Broadcast Encryption with Short Ciphertexts and Private Keys. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 258–275. Springer, Heidelberg (2005)Google Scholar
  13. 13.
    Wang, W., Ma, J., Moon, S.: Ternary Tree Based Group Key Management in Dynamic Peer Networks. In: Wang, Y., Cheung, Y.-M., Liu, H. (eds.) CIS 2006. LNCS (LNAI), vol. 4456, pp. 513–522. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  14. 14.
    Graham, R.L., Li, M., Yao, F.F.: Optimal tree structures for group key management with batch updates. SIAM J. on Discrete Mathematics 21, 532–547 (2007)MathSciNetzbMATHCrossRefGoogle Scholar
  15. 15.
    Tripathi, S., Biswas, G.P.: Design of efficient ternary-tree based group key agreement protocol for dynamic groups. In: Proc. of First International Conference on Communication Systems and Networks, COMSNET 2009 (2009)Google Scholar
  16. 16.
    Fukushima, K., Kiyomoto, S., Tanaka, T., Sakurai, K.: Ternary Subset Difference Method and Its Quantitative Analysis. In: Chung, K.-I., Sohn, K., Yung, M. (eds.) WISA 2008. LNCS, vol. 5379, pp. 225–239. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  17. 17.
    Fukushima, K., Kiyomoto, S., Miyake, Y., Sakurai, K.: Towards optimal revocation and tracing schemes — the power of the ternary tree —. In: Proc. of International Conference on Security and Cryptography (SECRYPT 2011), pp. 37–49 (2011)Google Scholar
  18. 18.
    Chor, B., Fiat, A., Naor, M.: Tracing Traitors. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 257–270. Springer, Heidelberg (1994)Google Scholar
  19. 19.
    Kurosawa, K., Desmedt, Y.: Optimum Traitor Tracing and Asymmetric Schemes. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 145–157. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  20. 20.
    Boneh, D., Franklin, M.: An Efficient Public Key Traitor Scheme (Extended Abstract). In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 338–353. Springer, Heidelberg (1999)Google Scholar
  21. 21.
    Kurosawa, K., Yoshida, T.: Linear Code Implies Public-Key Traitor Tracing. In: Naccache, D., Paillier, P. (eds.) PKC 2002. LNCS, vol. 2274, pp. 172–187. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  22. 22.
    Chabanne, H., Phan, D.H., Pointcheval, D.: Public Traceability in Traitor Tracing Schemes. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 542–558. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  23. 23.
    Boneh, D., Sahai, A., Waters, B.: Fully Collusion Resistant Traitor Tracing with Short Ciphertexts and Private Keys. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 573–592. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  24. 24.
    Shin, S., Kobara, K., Imai, H.: A secure network storage system with information privacy. In: Proc. of Western European Workshop on Research in Cryptology (WEWoRC 2005). LNI, vol. P-74, pp. 22–31 (2005)Google Scholar
  25. 25.
    Okuaki, S., Kunihiro, N., Ohta, K.: Estimation of a message length for subset difference method. In: Proc. of Symposium on Cryptography and Information Security (SCIS 2008), vol. 2E1-2 (2008) (in Japanese)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Kazuhide Fukushima
    • 1
    • 2
  • Shinsaku Kiyomoto
    • 1
    • 2
  • Yutaka Miyake
    • 1
    • 2
  • Kouichi Sakurai
    • 1
    • 2
  1. 1.KDDI R&D Laboratories Inc.Japan
  2. 2.Faculity of Information Science and Electrical EngineeringKyushu UniversityJapan

Personalised recommendations