Broadcast Encryption Scheme Based on Binary Cubes
Alexey UrivskiyJSC «InfoTeCS», Moscow, Russia
What is Broadcast Encryption?Center
ChannelChannel
MessagePrivileged users Revoked users
Alexey Urivskiy ACCT'2014
Purpose
Securely broadcast a message to an arbitrary dynamically changing subset of stateless receivers.
Alexey Urivskiy ACCT'2014
Typical BE-Applications
• pay-TV systems;• tactical radio;• positioning systems;• digital rights management solutions;• etc.
Alexey Urivskiy ACCT'2014
Preliminary Phase: Key Distribution
4Center
1
2 3
Alexey Urivskiy ACCT'2014
1 2 3 4
Alexey Urivskiy ACCT'2014
Broadcast Phase: Message
Index = Information on which users are in which subset
Ciphertexts = The Session Key encrypted on Key Encryption Keys (KEK)
Encrypted message = The Message encrypted on the Session Key
Index Ciphertexts Encrypted message
HEADER BODY
Alexey Urivskiy ACCT'2014
Performance Parameters
• Transmission overheadthe header’s length
• User key blockthe number of KEKs of the user
• Processing complexity• Security
focus only on information-theoretic secure
Alexey Urivskiy ACCT'2014
Designing a good BES?Provided the BES is• secure • computationally efficientgiven • the network size• the number of the revoked usersto balance • the size of the user key block and• the transmission overhead
Alexey Urivskiy ACCT'2014
Naive Scheme
1 2 3 4
Alexey Urivskiy ACCT'2014
Properties
• Transmission overhead Largest possible
• User key blockSmallest possible = 1 Key
• Processing complexityLow
Alexey Urivskiy ACCT'2014
Trivial Scheme 1 2 3 4
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
Alexey Urivskiy ACCT'2014
Properties
• Transmission overhead Smallest possible = 1 KEK
• User key blockLargest possible
• Processing complexityLow
Alexey Urivskiy ACCT'2014
The CuBES
Cubes Based Broadcast Encryption Scheme
Alexey Urivskiy ACCT'2014
Why we say ‘CUBES’?x y z1 1 11 1 01 0 10 1 11 0 00 1 00 0 10 0 0
y
x
z
(1,1,1)
(0,1,1)
(0,0,1)
(1,0,1)
(0,1,0)(0,0,0)
(1,1,0)(1,0,0)
Binary cube of dimension 3Alexey Urivskiy
ACCT'2014
1 2 3 4
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
1 1 1 11 1 11 1 11 1 1
1 1 11 11 11 1
1 11 1
1 11
11
1
00
00
0 000
0 00 000 0
0
0 0 00 0
000
000
0
000 0
Binary cube of dimension 4Alexey Urivskiy
ACCT'2014
1 2 3 4
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
Properties for N users
• 2N -1 keys in total
• 2N-1 keys for every user
• 1 KEK to handle any configuration of revoked users
Limitation: in practice N ≤ 20Alexey Urivskiy
ACCT'2014
Approach
• Partition users into small group.• Apply the trivial scheme
to every group.• Apply a logical hierarchy to group of
users – a tree-like construction.
Alexey Urivskiy ACCT'2014
Hierarchy Example - 24 users
Binary cube (keys) for 2 (virtual) users
Binary cube (keys) for 3 (virtual) users
Binary cube (keys) for 4 usersUser
Alexey Urivskiy ACCT'2014
Users Key Block Example
3
Alexey Urivskiy ACCT'2014
1 2 3 4
12
3
4
5
6
7
8
910
11
12
13
14
15
12
3
4
5
6
7
12
3
3
Users Key Block Example
Alexey Urivskiy ACCT'2014
3
2
14
124579
11
1246
1
Users Key Block Example
Alexey Urivskiy ACCT'2014
Example 4x3x2
User’s storage14 KEKs
Coverage5 KEKs
Alexey Urivskiy ACCT'2014
Example 6x4
User’s storage47 KEKs
Coverage4 KEKs
Alexey Urivskiy ACCT'2014
Example 8x3
User’s storage131 KEKs
Coverage3 KEKs
Alexey Urivskiy ACCT'2014
Worst case analysis
0 1 2 3 4 5 6 7 80
1
2
3
4
5
6
7
4x3x2
6x4
8x3
# Revoked users
Cove
rage
, #
KEKs
Alexey Urivskiy ACCT'2014
SchemeTransmission
overhead, KEKs
User keyblock,KEKs
8x8x4x4x4x4x4x4x4 ~82000 3049x9x6x6x6x5x4x3 ~78500 62910x10x7x7x6x6x6 ~76000 1242
Users: N=220
Revoked users: r=216
CuBES Example
Alexey Urivskiy ACCT'2014
0
20000
40000
60000
80000
100000
120000
140000
0 30000 60000 90000 120000Cove
rage
, #
KEKs
# Revoked users8x8x4x4x4x4x4x4x4 9x9x6x6x6x5x4x3 10x10x7x7x6x6x6
Alexey Urivskiy ACCT'2014
Thank you!Questions?
Alexey Urivskiy ACCT'2014
Top Related