Broadcast Encryption Scheme Based on Binary Cubes Alexey Urivskiy JSC «InfoTeCS», Moscow, Russia...

Broadcast Encryption Scheme Based on Binary Cubes

Alexey UrivskiyJSC «InfoTeCS», Moscow, Russia

[email protected]

What is Broadcast Encryption?Center

ChannelChannel

MessagePrivileged users Revoked users

Alexey Urivskiy ACCT'2014

Purpose

Securely broadcast a message to an arbitrary dynamically changing subset of stateless receivers.


Typical BE-Applications

• pay-TV systems;• tactical radio;• positioning systems;• digital rights management solutions;• etc.


Preliminary Phase: Key Distribution

4Center

1

2 3


1 2 3 4


Broadcast Phase: Message

Index = Information on which users are in which subset

Ciphertexts = The Session Key encrypted on Key Encryption Keys (KEK)

Encrypted message = The Message encrypted on the Session Key

Index Ciphertexts Encrypted message

HEADER BODY


Performance Parameters

• Transmission overheadthe header’s length

• User key blockthe number of KEKs of the user

• Processing complexity• Security

focus only on information-theoretic secure


Designing a good BES?Provided the BES is• secure • computationally efficientgiven • the network size• the number of the revoked usersto balance • the size of the user key block and• the transmission overhead


Naive Scheme

1 2 3 4


Properties

• Transmission overhead Largest possible

• User key blockSmallest possible = 1 Key

• Processing complexityLow


Trivial Scheme 1 2 3 4

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15


Properties

• Transmission overhead Smallest possible = 1 KEK

• User key blockLargest possible

• Processing complexityLow


The CuBES

Cubes Based Broadcast Encryption Scheme


Why we say ‘CUBES’?x y z1 1 11 1 01 0 10 1 11 0 00 1 00 0 10 0 0

y

x

z

(1,1,1)

(0,1,1)

(0,0,1)

(1,0,1)

(0,1,0)(0,0,0)

(1,1,0)(1,0,0)

Binary cube of dimension 3Alexey Urivskiy

ACCT'2014

1 2 3 4

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

1 1 1 11 1 11 1 11 1 1

1 1 11 11 11 1

1 11 1

1 11

11

1

00

00

0 000

0 00 000 0

0

0 0 00 0

000

000

0

000 0

Binary cube of dimension 4Alexey Urivskiy

ACCT'2014

1 2 3 4

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

Properties for N users

• 2N -1 keys in total

• 2N-1 keys for every user

• 1 KEK to handle any configuration of revoked users

Limitation: in practice N ≤ 20Alexey Urivskiy

ACCT'2014

Approach

• Partition users into small group.• Apply the trivial scheme

to every group.• Apply a logical hierarchy to group of

users – a tree-like construction.


Hierarchy Example - 24 users

Binary cube (keys) for 2 (virtual) users

Binary cube (keys) for 3 (virtual) users

Binary cube (keys) for 4 usersUser


Users Key Block Example

3


1 2 3 4

12

3

4

5

6

7

8

910

11

12

13

14

15

12

3

4

5

6

7

12

3

3



3

2

14

124579

11

1246

1



Example 4x3x2

User’s storage14 KEKs

Coverage5 KEKs


Example 6x4


Coverage4 KEKs


Example 8x3


Coverage3 KEKs


Worst case analysis

0 1 2 3 4 5 6 7 80

1

2

3

4

5

6

7

4x3x2

6x4

8x3

# Revoked users

Cove

rage

, #

KEKs


SchemeTransmission

overhead, KEKs

User keyblock,KEKs

8x8x4x4x4x4x4x4x4 ~82000 3049x9x6x6x6x5x4x3 ~78500 62910x10x7x7x6x6x6 ~76000 1242

Users: N=220

Revoked users: r=216

CuBES Example


0

20000

40000

60000

80000

100000

120000

140000

0 30000 60000 90000 120000Cove

rage

, #

KEKs

# Revoked users8x8x4x4x4x4x4x4x4 9x9x6x6x6x5x4x3 10x10x7x7x6x6x6


Thank you!Questions?


Broadcast Encryption Scheme Based on Binary Cubes Alexey Urivskiy JSC «InfoTeCS», Moscow, Russia...

Documents

Transcript of Broadcast Encryption Scheme Based on Binary Cubes Alexey Urivskiy JSC «InfoTeCS», Moscow, Russia...