DOI QR코드

DOI QR Code

An Efficient Broadcast Encryption System with Delegation of Decryption

복호화 위임을 제공하는 효율적인 브로드캐스트 암호시스템

  • Han, Su Min (Graduate School of Information Security, Korea University) ;
  • Park, Seung Hwan (Graduate School of Information Security, Korea University) ;
  • Park, Jong Hwan (Division of Computer Science. College of Computer Software and Media Technology. Sangmyung University) ;
  • Lee, Dong Hoon (Graduate School of Information Security, Korea University)
  • 한수민 (고려대학교 정보보호대학원) ;
  • 박승환 (고려대학교 정보보호대학원) ;
  • 박종환 (상명대학교 소프트웨어대학 컴퓨터과학과) ;
  • 이동훈 (고려대학교 정보보호대학원)
  • Received : 2013.08.08
  • Accepted : 2013.09.25
  • Published : 2013.09.30

Abstract

In a Broadcast Encryption System, a sender sends an encrypted message to a large set of receivers at once over an insecure channel and it enables only users in a target set to decrypt the message with their private keys. In 2005, Boneh et al. proposed a fully collusion-resistant public key broadcast encryption in which the ciphertext and the privatekey sizes are constant. In general, pairing-based broadcast encryption system is efficient in bandwidth and storing aspects than non-pairing based broadcast encryption system, however, it requires many computational costs that resource-constrained devices is not suit to be applied. In this paper, we propose a Broadcast Encryption scheme(called BEWD) that user can decrypt a ciphertext more efficiently. The scheme is based on Boneh et al.scheme. More precisely, it reduces receiver's computational costs by delegating pairing computation to a proxy server which computation is required to receiver in Boneh et al.scheme. Furthermore, the scheme enables a user to check if the proxy server compute correctly. We show that our scheme is secure against selective IND-RCCA adversaries under l-BDHE assumption.

브로드캐스트 암호시스템은 송신자가 수신자 집합을 지정하여 생성한 암호문을 공개된 채널을 통해 전송하면, 수신자 집합에 속하는 정당한 사용자만이 메시지를 복호화 할 수 있는 암호 기법이다. 2005년도에는 공모공격에 안전하며 상수크기의 암호문과 비밀키를 가지는 페어링 기반의 기법이 Boneh 등에 의해 제안되었다. 일반적으로 페어링 기반의 기법은 사용자로부터 많은 연산량을 요구하기 때문에 리소스에 제한이 있는 기기에 적용하기에는 어려움이 있었다. 본 논문에서는 Boneh 등의 기법을 기반으로 브로드캐스트 암호시스템에서 암호문을 효율적으로 복호화 하는 기법(BEWD)을 제안한다. 제안하는 기법에서는 복호화 시에 요구되는 페어링연산과 다른 사용자들의 공개키가 쓰이는 연산을 제 3자인 프록시 서버에 위임함으로써 사용자에게 요구되는 연산량을 줄인다. 또한 사용자는 서버의 올바른 계산을 확인을 할 수 있다. 제안하는 기법은 n-BDHE가정 하에 선택적인 IND-RCCA에 안전한 기법이다.

Keywords

References

  1. W. Diffie and M. E. Hellman, "New directions in cryptography," IEEE Transactions on Information Theory, vol. IT-22, no. 6, pp. 644-654, Nov. 1976
  2. A. Fiat and M. Naor, "Broadcast encryption," Advances in Cryptology, CRYPTO'93, LNCS 773, pp. 480-491, 1994.
  3. Sherman S.M. Chowa, Man Ho Aub, Willy Susilob, "Server-aided signatures verification secure against collusion attack," Information Security Technical Report, Volume 17, Issue 3, February 2013, Pages 46-57 https://doi.org/10.1016/j.istr.2012.10.007
  4. Xavier Boyen, "A Tapestry of Identity-Based Encryption: Practical Frameworks Compared," International Journal of Applied Cryptography, volume 1, number 1, pages 3-21. Inderscience, 2008 https://doi.org/10.1504/IJACT.2008.017047
  5. B. G. Kang, M. S. Lee, and J. H. Park. Efficient delegation of pairing computation.Cryptology ePrint Archive, Report 2005/259, 2005. http://eprint.iacr.org/.
  6. B. Chevallier-Mames, J.S. Coron, N. McCullagh, D. Naccache, and M. Scott. "Secure delegation of elliptic-curve pairing," In CARDIS, LNCS 6035, pp. 24-35, Springer, 2010.
  7. D. Naor, M. Naor, and J. Lotspiech. "Revocation and tracing schemes for stateless receiver," Advances in Cryptology, CRYPTO'01, LNCS 2139, pp. 41-62, 2001.
  8. Y. Dodis and N. Fazio, "Public key trace and revoke scheme secure against adaptive chosen ciphertext attack," In Public Key Cryptography—PKC 2003. Springer Berlin Heidelberg, pp. 100-115. Jan. 2003.
  9. D. Boneh, C. Gentry, and B. Waters, "Collusion resistant broadcast encryption with short ciphertexts and private keys," Advances in Cryptology, CRYPTO'05, LNCS 3621, pp. 258-275, 2005.
  10. C. Delerablee, "Identity-based broadcast encryption with constant size ciphertexts and private keys," Advances in Cryptology, CRYPTO'07, LNCS 4833, pp. 200-215, 2007.
  11. C. Gentry and B. Waters, "Adaptive security in broadcast encryption systems (with short ciphertexts)," Advances in Cryptology, CRYPTO'01, LNCS 5479, pp. 171-188, 2009.
  12. A.B. Lewko, A. Sahai, and B. Waters, "Revocation systems with very small private keys," Proceedings of the 2010 IEEE Symposium on Security and Privacy, pp. 273-285, May 2010.
  13. D. H. Phan, D. Pointcheval, S. F. Shahandashti, and M. Streer, "Adaptive CCA broadcast encryption with constant size secret keys and ciphertexts," Information Security and Privacy. Springer Berlin Heidelberg, pp. 308-321, 2012.
  14. Renaud Dubois, Aurore Guillevic, Marine Sengelin Le Breton, "Improved Broadcast Encryption Scheme with Constant-Size Ciphertext," Pairing-Based Cryptography - Pairing 2012 Lecture Notes in Computer Science Volume 7708, 2013, pp 196-202
  15. M. Green, S. Hohenberger, B. Waters, Outsourcing the Decryption of ABE Ciphertexts". Proceedings of the 20th USENIX conference on Security. USENIX Association, pp. 34-34. 2011.
  16. B. Waters. "Ciphertext-policy attribute-based encryption: An expressive, efficient, and provably secure realization," In Public Key Cryptography—PKC 2011. Springer Berlin Heidelberg, pp. 53-70. 2011
  17. J.K. Liu, C.K. Chu, J. Zhou, "Identity-Based Server-Aided Decryption," In ACISP 2011, LNCS, vol. 6812, pp. 337-352, Springer, 2011
  18. D. Boneh and M. Franklin, " Identity-Based Encryption from the Weil Pairing," Advances in Cryptology, CRYPTO'01, LNCS 2139, pp. 213-229, 2001.
  19. T. ElGamal, "A public key cryptosystem and a signature scheme based on discrete logarithms," IEEE Transactions on Information Theory, vol. IT-31, no. 4, pp. 469-472, 1985.
  20. R. Canetti, H. Krawczyk, and J.B. Nielsen. "Relaxing chosen-ciphertext security." Advances in Cryptology, CRYPTO'03, LNCS 2729, pp. 565-582, 2003.
  21. E. Fujisaki and T. Okamoto, "Secure integration of asymmetric and symmetric encryption schemes," Advances in Cryptology, CRYPTO'99, LNCS 1666, pp. 537-554, 1999.