Improved Broadcast Encryption Scheme with Constant-Size Ciphertext

  • Renaud Dubois
  • Aurore Guillevic
  • Marine Sengelin Le Breton
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7708)


The Boneh-Gentry-Waters (BGW) [3] broadcast encryption scheme is optimal regarding the overhead size. This performance relies on the use of a pairing. Hence this protocol can benefit from public key improvements. The main lasting constraint is the computation time at receiver end as it depends on the number of revoked users. In this paper we describe two modifications to improve BGW bandwidth and time complexity. First we rewrite the protocol with an asymmetric pairing over Barreto-Naehrig (BN) curves instead of a symmetric one over supersingular curves. This modification leads to a practical gain of 60% in speed and 84% in bandwidth. The second tweaks allows to reduce the computation time from O(n − r) to min (O(r),O(n − r)) for the worst case (and better for the average case). We give performance measures of our implementation for a 128-bit security level of the modified protocol on a smartphone.


Broadcast encryption asymmetric pairings Barreto-Naehrig curves Android 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Barreto, P.S.L.M., Naehrig, M.: Pairing-Friendly Elliptic Curves of Prime Order. In: Preneel, B., Tavares, S. (eds.) SAC 2005. LNCS, vol. 3897, pp. 319–331. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  2. 2.
    Blake, I.F., Seroussi, G., Smart, N.P. (eds.): Advances in Elliptic Curve Cryptography. London Mathematical Society Lecture Note Series, vol. 317. Cambridge University Press (2005)Google Scholar
  3. 3.
    Boneh, D., Gentry, C., Waters, B.: Collusion Resistant Broadcast Encryption with Short Ciphertexts and Private Keys. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 258–275. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  4. 4.
    Cheon, J.H.: Discrete logarithm problems with auxiliary inputs. J. Cryptology 23, 457–476 (2010)MathSciNetzbMATHCrossRefGoogle Scholar
  5. 5.
    Dubois, R., Guillevic, A., Sengelin Le Breton, M.: Improved Broadcast Encryption Scheme with Constant-Size Ciphertext. In: Abdalla, M., Lange, T. (eds.) Pairing 2012. LNCS, vol. 7708, pp. 196–202. Springer, Heidelberg (2013)Google Scholar
  6. 6.
    Galbraith, S.D., Paterson, K.G., Smart, N.P.: Pairings for cryptographers. Discrete Applied Mathematics 156(16), 3113–3121 (2008)MathSciNetzbMATHCrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Renaud Dubois
    • 1
  • Aurore Guillevic
    • 1
    • 2
  • Marine Sengelin Le Breton
    • 1
  1. 1.Thales Communications and SecurityColombes CedexFrance
  2. 2.Crypto Team, DIENSParis Cedex 05France

Personalised recommendations