Abstract
Some years ago two efficient broadcast encryption schemes for stateless receivers, referred to as SD (Subset Difference Method) [NNL01] and LSD (Layered Subset Difference Method) [HS02] , were proposed. They represent one of the most suitable solution to broadcast encryption. In this paper we focus on the following issue: both schemes assume uniform probabilities of revocation of the receivers. However, in some applications, such an assumption might not hold: receivers in a certain area, due to historical and legal reasons, can be considered trustworthy, while receivers from others might exhibit more adversarial behaviours. Can we modify SD and LSD to better fit settings in which the probabilities of revocation are non-uniform?
More precisely, we study how to optimise user key storage in the SD and LSD schemes in presence of non-uniform probabilities of revocation for the receivers. Indeed, we would like to give less keys to users with higher probability of revocation compared to trustworthy users. We point out that this leads to the construction of binary trees satisfying some optimality criteria.
We start our analysis revisiting a similar study, which aims at minimising user key storage in LKH schemes. It was shown that such a problem is related to the well-known optimal codeword length selection problem in information theory. We discuss the approach therein pursued, pointing out that a characterisation of the properties a key assignment for LKH schemes has to satisfy, does not hold. We provide a new characterisation and give a proof of it. Then, we show that also user key storage problems of SD and LSD are related to an interesting coding theory problem, referred to as source coding with Campbell’s penalties. Hence, we discuss existing solutions to the coding problem.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Baer, M.: Source coding for campbell’s penalties. IEEE Transactions on Information Theory 52(10), 4380–4393 (2006)
Berkovits, S.: How to broadcast a secret. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 535–541. Springer, Heidelberg (1991)
Campbell, L.L.: Definition of entropy by means of a coding problem. Zeitschrift fur Wahrscheinlichkeitstheorie und wandte Gebiete 6, 113–118 (1966)
Chang, I., Engel, R., Kandlur, D., Pendarakis, D., Saha, D.: Key management for secure internet multicast using boolean function minimization techniques. In: Proceedings of IEEE INFOCOMM 1999, vol. 2, pp. 689–698 (1999)
Canetti, R., Garay, J., Itkis, G., Micciancio, D., Naor, M., Pinkas, B.: Multicast security: A taxonomy and some efficient constructions. In: Proceedings of INFOCOMM 1999, pp. 708–716 (1999)
Canetti, R., Malkin, T., Nissim, K.: Efficient communication-storage tradeoffs for multicast encryption. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 459–474. Springer, Heidelberg (1999)
Cover, T., Thomas, J.: Elements of Information Theory. Wiley, Chichester (1991)
Caronni, G., Waldvogel, M., Sun, D., Plattner, B.: Efficient security for large and dynamic multicast groups. In: IEEE 7th Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises (WET ICE 1998) (1998)
Erdos, P., Frankl, P., Furedi, Z.: Families of finite subsets in which no set is covered by the union of r others. Israel Journal of Mathematics (51), 75–89 (1985)
Fiat, A., Naor, M.: Broadcast encryption. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 480–491. Springer, Heidelberg (1994)
Goodrich, M.T., Sun, J.Z., Tamassia, R.: Efficient tree-based revocation in groups of low-state devices. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 511–527. Springer, Heidelberg (2004)
Hwang, Y.H., Lee, P.J.: Efficient broadcast encryption scheme with log-key storage. In: Di Crescenzo, G., Rubin, A. (eds.) FC 2006. LNCS, vol. 4107, pp. 281–295. Springer, Heidelberg (2006)
Hwang, J.Y., Lee, D.H., Lim, J.: Generic transformation for scalable broadcast encryption schemes. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 276–292. Springer, Heidelberg (2005)
Halevy, D., Shamir, A.: The LSD broadcast encryption scheme. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 47–60. Springer, Heidelberg (2002)
Jho, N., Hwang, J.Y., Cheon, J.H., Kim, M., Lee, D.H., Yoo, E.S.: One-way chain based broadcast encryption schemes. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 559–574. Springer, Heidelberg (2005)
Larmore, L.L., Hirschberg, D.S.: A fast algorithm for optimal length-limited Huffman codes. Journal of Association for Computing Machinery 37(2), 464–473 (1990)
Micciancio, D., Panjwani, S.: Optimal communication complexity of generic multicast key distribution. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 153–170. Springer, Heidelberg (2004)
Naor, D., Naor, M., Lotspiech, J.: Revocation and tracing schemes for stateless receivers. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 41–62. Springer, Heidelberg (2001), Full version, http://www.wisdom.weizmann.ac.il/~naor/
Poovendran, R., Baras, J.S.: An information theoretic analysis of rooted-tree based secure multicast key distribution schemes. IEEE Transactions on Information Theory 47(7), 2824–2834 (2001); Preliminary version In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, p. 624. Springer, Heidelberg (1999)
Sherman, A.T., McGrew, D.A.: Key establishment in large dynamic groups using one-way function trees. IEEE Transactions on Software Engineering 29(5), 444–458 (2003)
Snoeyink, J., Suri, S., Varghese, G.: A lower bound for multicast key distribution. In: Proceedings of IEEE INFOCOMM 2001, pp. 422–431 (2001)
Wong, C., Gouda, M., Lam, S.: Secure group communications using key graphs. In: Proceedings ACM SIGCOMM 1998. ACM, New York (1998)
Wallner, D., Hardler, E., Agee, R.: Key management for multicast: Issues and architectures. RFC 2627, National Security Agency (June 1999)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
D’Arco, P., De Santis, A. (2009). Optimising SD and LSD in Presence of Non-uniform Probabilities of Revocation. In: Desmedt, Y. (eds) Information Theoretic Security. ICITS 2007. Lecture Notes in Computer Science, vol 4883. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-10230-1_4
Download citation
DOI: https://doi.org/10.1007/978-3-642-10230-1_4
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-10229-5
Online ISBN: 978-3-642-10230-1
eBook Packages: Computer ScienceComputer Science (R0)