1 / 8

Explicit Exclusive Set Systems with Applications to Broadcast Encryption

Explicit Exclusive Set Systems with Applications to Broadcast Encryption. David Woodruff. Joint with Craig Gentry and Zulfikar Ramzan To appear in FOCS 2006. Broadcast Encryption. Clients. Server. 1 server, n clients Server broadcasts to all clients at once

naif
Download Presentation

Explicit Exclusive Set Systems with Applications to Broadcast Encryption

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Explicit Exclusive Set Systems with Applications to Broadcast Encryption David Woodruff Joint with Craig Gentry and Zulfikar Ramzan To appear in FOCS 2006

  2. Broadcast Encryption Clients Server • 1 server, n clients • Server broadcasts to all clients at once • E.g., payperview TV, music, videos • Only privileged users can understand broadcasts • E.g., those who pay their monthly bills • Need to encrypt broadcasts

  3. Subset Cover Framework [NNL] • Offline stage: • For some S ½ [n], server creates a key K(S) and distributes it to all users in S • Let C be the collection of S • Server space complexity ~ |C| • ith user space complexity ~ # S containing i

  4. Subset Cover Framework [NNL] • Online stage: • Given a set R ½ [n] of at most r revoked users • Server establishes a session key M that only users in the set [n] n R know • Finds S1, …, St with [n] n R = S1[ … [ St • Encrypt M under each of K(S1), …, K(St) • Content encrypted using session key M

  5. Subset Cover Framework [NNL] • Communication complexity ~ t • Tolerate up to r revoked users • Tolerate any number of colluders • Information-theoretic security

  6. The Combinatorics Problem • Find a family C of subsets of {1, …., n} such that any large set S µ {1, …, n} is the union of a small number of sets in C S = S1[ S2[[ St • Parameters: • Universe is [n] = {1, …, n} • |S| >= n-r • Write S as a union of · t sets in C • Goal: • Minimize |C|

  7. Our Results • Main result: |C| = poly(r,t) • n, r, t all arbitrary • Match lower bound up to poly(r,t) • In applications r, t << n • When r,t << n, get |C| = O(rt ) • Our construction is explicit • Find sets S = S1[ … [ St in poly(r, t, log n) time • Improved cryptographic applications

  8. Cryptographic Implications • Our explicit exclusive set system yield almost optimal information-theoretic broadcast encryption and multi-certificate revocation schemes • General n,r,t • Contrasts with previous explicit systems • Poly(r,t, log n) time to find keys for broadcast • Contrasts with probabilistic constructions • Parameters • For poly(r, log n) server storage complexity, we can set t = r log (n/r), but previously t = (r2 log n)

More Related