Random oracles are practical: a paradigm for designing efficient protocols
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
CRYPTO '93 Proceedings of the 13th annual international cryptology conference on Advances in cryptology
Revocation and Tracing Schemes for Stateless Receivers
CRYPTO '01 Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology
Public Key Trace and Revoke Scheme Secure against Adaptive Chosen Ciphertext Attack
PKC '03 Proceedings of the 6th International Workshop on Theory and Practice in Public Key Cryptography: Public Key Cryptography
Adaptive Security in Broadcast Encryption Systems (with Short Ciphertexts)
EUROCRYPT '09 Proceedings of the 28th Annual International Conference on Advances in Cryptology: the Theory and Applications of Cryptographic Techniques
Dual System Encryption: Realizing Fully Secure IBE and HIBE under Simple Assumptions
CRYPTO '09 Proceedings of the 29th Annual International Cryptology Conference on Advances in Cryptology
Identity-based broadcast encryption with constant size ciphertexts and private keys
ASIACRYPT'07 Proceedings of the Advances in Crypotology 13th international conference on Theory and application of cryptology and information security
Revocation Systems with Very Small Private Keys
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
Security notions for broadcast encryption
ACNS'11 Proceedings of the 9th international conference on Applied cryptography and network security
Collusion resistant broadcast encryption with short ciphertexts and private keys
CRYPTO'05 Proceedings of the 25th annual international conference on Advances in Cryptology
Adaptive CCA broadcast encryption with constant-size secret keys and ciphertexts
ACISP'12 Proceedings of the 17th Australasian conference on Information Security and Privacy
| Hi-index | 0.00 |
Broadcast encryption aims at sending a content to a large arbitrary group of users at once. Currently, the most efficient schemes provide constant-size headers, that encapsulate ephemeral session keys under which the payload is encrypted. However, in practice, and namely for pay-TV, providers have to send various contents to different groups of users. Headers are thus specific to each group, one for each channel: as a consequence, the global overhead is linear in the number of channels. Furthermore, when one wants to zap to and watch another channel, one has to get the new header and decrypt it to learn the new session key: either the headers are sent quite frequently or one has to store all the headers, even if one watches one channel only. Otherwise, the zapping time becomes unacceptably long. This paper deals with encapsulation of several ephemeral keys, for various groups and thus various channels, in one header only, and we call this new primitive Multi-Channel Broadcast Encryption -- MCBE: one can hope for a much shorter global overhead and a much shorter zapping time since the decoder already has the information to decrypt any available channel at once. Our candidates are private variants of the Boneh-Gentry-Waters scheme, with a constant-size global header, independently of the number of channels.