Contributory Broadcast Encryption with Efficient Encryption and Short Ciphertexts

被引：36

作者：

Wu, Qianhong ^{[1
,2
,3
]}

Qin, Bo ^{[4
]}

Zhang, Lei ^{[5
]}

Domingo-Ferrer, Josep ^{[6
]}

Farras, Oriol ^{[6
]}

Manjon, Jesus A. ^{[6
]}

机构：

[1] Beihang Univ, Sch Elect & Informat Engn, Beijing 100093, Peoples R China

[2] Xidian Univ, State Key Lab Integrated Serv Networks, Beijing 100093, Peoples R China

[3] Chinese Acad Sci, State Key Lab Informat Secur, Inst Informat Engn, Beijing 100093, Peoples R China

[4] Renmin Univ China, Key Lab Data Engn & Knowledge Engn, Minist Educ, Sch Informat, ZhongGuanCun St 59, Beijing, Peoples R China

[5] E China Normal Univ, Shanghai Key Lab Trustworthy Comp, Inst Software Engn, Shanghai 200062, Peoples R China

[6] Univ Rovira & Virgili, Dept Comp Engn & Math, UNESCO Chair Data Privacy, E-43007 Tarragona, Spain

来源：

IEEE TRANSACTIONS ON COMPUTERS | 2016年 / 65卷 / 02期

基金：

北京市自然科学基金;

关键词：

Broadcast encryption; group key agreement; contributory broadcast encryption; provable security; KEY MANAGEMENT SCHEME; AGREEMENT; SECURITY;

D O I：

10.1109/TC.2015.2419662

中图分类号：

TP3 [计算技术、计算机技术];

学科分类号：

0812 ;

摘要：

Broadcast encryption (BE) schemes allow a sender to securely broadcast to any subset of members but require a trusted party to distribute decryption keys. Group key agreement (GKA) protocols enable a group of members to negotiate a common encryption key via open networks so that only the group members can decrypt the ciphertexts encrypted under the shared encryption key, but a sender cannot exclude any particular member from decrypting the ciphertexts. In this paper, we bridge these two notions with a hybrid primitive referred to as contributory broadcast encryption (ConBE). In this new primitive, a group of members negotiate a common public encryption key while each member holds a decryption key. A sender seeing the public group encryption key can limit the decryption to a subset of members of his choice. Following this model, we propose a ConBE scheme with short ciphertexts. The scheme is proven to be fully collusion-resistant under the decision n-Bilinear Diffie-Hellman Exponentiation (BDHE) assumption in the standard model. Of independent interest, we present a new BE scheme that is aggregatable. The aggregatability property is shown to be useful to construct advanced protocols.

引用

页码：466 / 479

页数：14

共 50 条

[1]

Abdalla M, 2010, LECT NOTES COMPUT SC, V6055, P351

[2]

[Anonymous], 1993, CRYPTO, DOI DOI 10.1007/3-540-48329-2

[3]

[Anonymous], 1994, P EUROCRYPT

[4] An efficient time-bound hierarchical key management scheme for secure broadcasting [J].

Bertino, Elisa ;

Shang, Ning ;

Wagstaff, Samuel S., Jr. .

IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, 2008, 5 (02) :65-70

[5]

Boneh D, 2005, LECT NOTES COMPUT SC, V3621, P258

[6] Hierarchical identity based encryption with constant size ciphertext [J].

Boneh, D ;

Boyen, X ;

Goh, EJ .

ADVANCES IN CRYPTOLOGY - EUROCRYPT 2005,PROCEEDINGS, 2005, 3494 :440-456

[7]

Boneh D., 2003, Contemporary Mathematics, P71, DOI DOI 10.1090/CONM/324/05731

[8]

Boneh D, 2014, LECT NOTES COMPUT SC, V8441, P533, DOI 10.1007/978-3-642-55220-5_30

[9]

Boyd C, 2003, LECT NOTES COMPUT SC, V2567, P161

[10]

Bresson E, 2002, LECT NOTES COMPUT SC, V2332, P321

← 1 2 3 4 5 →