Abstract
In a broadcast encryption scheme, digital content is encrypted to ensure that only privileged users can recover the content from the encrypted broadcast. Key material is usually held in a “tamper-resistant,” replaceable, smartcard. A coalition of users may attack such a system by breaking their smartcards open, extracting the keys, and building “pirate decoders” based on the decryption keys they extract. In this paper we suggest the notion of long-lived broadcast encryption as a way of adapting broadcast encryption to the presence of pirate decoders and maintaining the security of broadcasts to privileged users while rendering all pirate decoders useless. When a pirate decoder is detected in a long-lived encryption scheme, the keys it contains are viewed as compromised and are no longer used for encrypting content. We provide both empirical and theoretical evidence indicating that there is a long-lived broadcast encryption scheme that achieves a steady state in which only a small fraction of cards need to be replaced in each epoch. That is, for any fraction β, the parameter values may be chosen in such a way to ensure that eventually, at most β of the cards must be replaced in each epoch.
Long-lived broadcast encryption schemes are a more comprehensive solution to piracy than traitor-tracing schemes, because the latter only seek to identify the makers of pirate decoders and don’t deal with how to maintain secure broadcasts once keys have been compromised. In addition, long-lived schemes are a more efficient long-term solution than revocation schemes, because their primary goal is to minimize the amount of recarding that must be done in the long term.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
M. Abdalla, Y. Shavitt, and A. Wool. Towards making broadcast encryption practical. In M. Franklin, editor, Proc. Financial Cryptography’99, Lecture Notes in Computer Science 1648 (1999), pp. 140–157. To appear in IEEE/ACM Trans, on Networking.
R. Anderson and M. Kuhn. Low cost attacks on tamper resistant devices. In 5th Security Protocols Workshop, Lecture Notes in Computer Science 1361 (1997), pp. 125–136.
J. Anzai, N. Matsuzaki and T. Matsumoto. A Quick Group Key Distribution Scheme with “Entity Revocation” In Advances in Cryptology-Asiacrypt’ 99, Lecture Notes in Computer Science (1999), pp. 333–347.
S. Berkovits. How to Broadcast a Secret. In Advances in Cryptology-Eurocrypt’ 91, Lecture Notes in Computer Science 547 (1992), pp. 536–541.
C. Blundo and A. Cresti. Space Requirements for Broadcast Encryption. In Advances in Cryptology-Eurocrypt’ 94, Lecture Notes in Computer Science 950 (1994), pp. 287–298.
C. Blundo, L. A. Frota Mattos and D. Stinson. Trade-offs Between Communication and Storage in Unconditionally Secure Systems for Broadcast Encryption and Interactive Key Distribution. In Advances in Cryptology-Crypto’ 96, Lecture Notes in Computer Science 1109 (1996), pp. 387–400.
D. Boneh and M. Franklin. An Efficient Public Key Traitor Tracing Scheme. In Advances in Cryptology-Crypto’ 99, Lecture Notes in Computer Science 1666 (1999), pp. 338–353.
R. Canetti, J. Garay, G. Itkis, D. Micciancio, M. Naor and B. Pinkas. Multicast Security: A Taxonomy and Efficient Constructions. In Proc. INFOCOM 1999, Vol. 2, pp. 708–716, New York, NY, March 1999.
R. Canetti, T. Malkin and K. Nissim. Efficient Communication-Storage Tradeoffs for Multicast Encryption. In Advances in Cryptology-Eurocrypt’ 99, Lecture Notes in Computer Science.
R. Canetti and B. Pinkas. A Taxonomy of Multicast Security Issues. Internet draft. Available at: ftp://ftp.ietf.org/internet-drafts/draft-canetti-secure-multicast-taxonomy-00.txt
B. Chor, A. Fiat, M. Naor and B. Pinkas. Tracing Traitors. Full version to appear in IEEE Transactions on Information Theory. Preliminary version in Advances in Cryptology-Crypto’ 94, Lecture Notes in Computer Science 839 (1994), pp. 257–270.
P. Erdös, P. Frankl and Z. Füredi. Families of Finite Sets in which No Set is Covered by the Union of r Other. Israel Journal of Mathematics 51 (1985), pp. 75–89.
A. Fiat and M. Naor. Broadcast Encryption. In Advances in Cryptology-Crypto’ 93, Lecture Notes in Computer Science 773 (1994), pp. 480–491.
E. Gafni, J. Staddon and Y. Yin. Efficient Methods for Integrating Braodcast Encryption and Traceability. In Advances in Cryptology-Crypto’ 99, Lecture Notes in Computer Science 1666 (1999), pp. 372–387.
M. Just, E. Kranakis, D. Krizanc and P. van Oorschot. On Key Distribution via True Broadcasting. In Proceedings of 2nd ACM Conference on Computer and Communications Security, November 1994, pp. 81–88.
M. Kuhn. Personal communication, 1999.
R. Kumar, S. Rajagopalan and A. Sahai. Coding Constructions for Blacklisting Problems without Computational Assumptions. In Advances in Cryptology-Crypto’ 99, Lecture Notes in Computer Science 1666 (1999), pp. 609–623.
M. Luby and J. Staddon. Combinatorial Bounds for Broadcast Encryption. In Advances in Cryptology-Eurocrypt’ 98, Lecture Notes in Computer Science, 1403 (1998), pp. 512–526.
J. McCormac. European Scrambling Systems 5. Waterford University Press, 1996.
M. Naor and B. Pinkas. Efficient Trace and Revoke Schemes. In Proc. Financial Cryptography 2000, Anguila, February 2000.
J. Pitman. Probability. Springer-Verlag, 1993.
S. Setia, S. Koussih, S. Jajodia and E. Harder. Kronos: A Scalable Group Re-Keying Approach for Secure Multicast. In 2000 IEEE Symposium on Security and Privacy, pp. 215–228.
D. Stinson. Cryptography: Theory and Practice. CRC Press, 1995.
D. Stinson and R. Wei. Combinatorial Properties and Constructions of Traceability Schemes and Frameproof Codes. SIAM J. Discrete Math, 11 (1998), pp. 41–53.
D. Stinson and R. Wei. Key Preassigned Traceability Schemes for Broadcast Encryption. In Proc. SAC’ 98, Lecture Notes in Computer Science 1556 (1999), pp. 144–156.
D. Wallner, E. Harder and R. Agee. Key Management for Multicast: Issues and Architectures. Internet Request for Comments, 2627 (June 1999). Available at: ftp://ftp.ietf.org/rfc/rfc2627.txt.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2000 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Garay, J.A., Staddon, J., Wool, A. (2000). Long-Lived Broadcast Encryption. In: Bellare, M. (eds) Advances in Cryptology — CRYPTO 2000. CRYPTO 2000. Lecture Notes in Computer Science, vol 1880. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-44598-6_21
Download citation
DOI: https://doi.org/10.1007/3-540-44598-6_21
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-67907-3
Online ISBN: 978-3-540-44598-2
eBook Packages: Springer Book Archive