Fully Collusion-Resistant Broadcast Encryption and Traitor Tracing Systems
Speaker: Brent Waters , SRI
Date: April 7 2006
Time: 10:30AM to 12:00PM
Location: 32-G449 Patil/Kiva, Stata Ctr
Contact: Be Blackburn, 3-6098, imbe@mit.edu
Relevant URL: http://eprint.iacr.org/2006/045.pdf
A Broadcast Encryption cryptosystem allows a sender to encrypt a
message to some target set of users. In a secure system users in the
target set can decrypt the ciphertext and no collusion of users
outside of the target set can learn anything about the
message. Broadcast encryption systems have a variety of
applications. For example, we could build a shared encrypted
filesystem from broadcast encryption where a user broadcast encrypts a
file to the set of users he wants to share it with. Broadcast
encryption is also useful for large-scale content distribution; a
content distributor such as DirectTV or XMRadio will encrypt its
digital media content to the devices of all paying subscribers.
The primary challenge with broadcast encryption is to design secure
systems with small ciphertext size. For example, we could achieve a
broadcast encryption scheme with ciphertexts linear in the number of
receivers by simply encrypting a message (or symmetric encryption key)
separately to each user the target set. However, this approach is
inefficient and becomes infeasible in large systems where there could
be many users in a target set.
In this talk I will present two recent developments in broadcast
encryption. First, I will discuss my work with Dan Boneh and Craig
Gentry on a broadcast encryption scheme that has constant ciphertext
size and constant size private keys. Our scheme can be used to
encrypt to arbitrary sets of users and is secure against an arbitrary
number of colluding attackers. Somewhat surprisingly, the only
previous fully-collusion resistant scheme is the trivial where we
encrypt to each user separately.
Additionally, I will present some very recent work with Dan Boneh and
Amit Sahai on a related problem known as "Tracing Traitors". Our
tracing traitors construction allows us to trace a creator of a
"pirate box". Our solution achieves O(\sqrt(n)) size ciphertexts and
is secure against an arbitrary number of colluders.
Links:
http://eprint.iacr.org/2006/045.pdf
http://eprint.iacr.org/2005/018.pdf
See other events that are part of Cryptography and Information Security Seminar Seminars 2005/2006
See other events happening in April 2006
