How to generate cryptographically strong sequences of pseudo-random bits
SIAM Journal on Computing
CRYPTO '93 Proceedings of the 13th annual international cryptology conference on Advances in cryptology
Iolus: a framework for scalable secure multicasting
SIGCOMM '97 Proceedings of the ACM SIGCOMM '97 conference on Applications, technologies, architectures, and protocols for computer communication
Secure group communications using key graphs
IEEE/ACM Transactions on Networking (TON)
A Protocol to Achieve Independence in Constant Rounds
IEEE Transactions on Parallel and Distributed Systems
New constructions for multicast re-keying schemes using perfect hash families
Proceedings of the 7th ACM conference on Computer and communications security
Communications of the ACM
Reliable group rekeying: a performance analysis
Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications
The LSD Broadcast Encryption Scheme
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
Efficient Trace and Revoke Schemes
FC '00 Proceedings of the 4th International Conference on Financial Cryptography
Key Establishment in Large Dynamic Groups Using One-Way Function Trees
IEEE Transactions on Software Engineering
Self-Healing Key Distribution with Revocation
SP '02 Proceedings of the 2002 IEEE Symposium on Security and Privacy
ELK, a New Protocol for Efficient Large-Group Key Distribution
SP '01 Proceedings of the 2001 IEEE Symposium on Security and Privacy
A Secure Group Key Management Communication Lower Bound
A Secure Group Key Management Communication Lower Bound
Theory and application of trapdoor functions
SFCS '82 Proceedings of the 23rd Annual Symposium on Foundations of Computer Science
A lower bound for multicast key distribution
Computer Networks: The International Journal of Computer and Telecommunications Networking
Efficient communication-storage tradeoffs for multicast encryption
EUROCRYPT'99 Proceedings of the 17th international conference on Theory and application of cryptographic techniques
Corrupting one vs. corrupting many: the case of broadcast and multicast encryption
ICALP'06 Proceedings of the 33rd international conference on Automata, Languages and Programming - Volume Part II
Computational bounds on hierarchical data processing with applications to information security
ICALP'05 Proceedings of the 32nd international conference on Automata, Languages and Programming
Collusion resistant broadcast encryption with short ciphertexts and private keys
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
Scalable secure one-to-many group communication using dual encryption
Computer Communications
Optimizing the batch mode of group rekeying: lower bound and new protocols
INFOCOM'10 Proceedings of the 29th conference on Information communications
Corrupting one vs. corrupting many: the case of broadcast and multicast encryption
ICALP'06 Proceedings of the 33rd international conference on Automata, Languages and Programming - Volume Part II
Computational soundness, co-induction, and encryption cycles
EUROCRYPT'10 Proceedings of the 29th Annual international conference on Theory and Applications of Cryptographic Techniques
Hi-index | 0.00 |
We prove a tight lower bound on the communication complexity of secure multicast key distribution protocols in which rekey messages are built using symmetric-key encryption, pseudo-random generators, and secret sharing schemes. Our lower bound shows that the amortized cost of updating the group key for each group membership change (as a function of the current group size) is at least log2(n) - o(1) basic rekey messages. This lower bound matches, up to a subconstant additive term, the upper bound due to Canetti et al. [Proc. INFOCOM 1999], who showed that log2(n) basic rekey messages (each time a user joins and/or leaves the group) are sufficient. Our lower bound is, thus, optimal up to a small subconstant additive term. The result of this paper considerably strengthens previous lower bounds by Canetti et al. [Proc. Eurocrypt 1999] and Snoeyink et al. [Computer Networks, 47(3):2005], which allowed for neither the use of pseudorandom generators and secret sharing schemes nor the iterated (nested) application of the encryption function. Our model (which allows for arbitrarily nested combinations of encryption, pseudorandom generators and secret sharing schemes) is much more general and, in particular, encompasses essentially all known multicast key distribution protocols of practical interest.