TY - GEN
T1 - Permanent revocation in attribute based broadcast encryption
AU - Dolev, Shlomi
AU - Gilboa, Niv
AU - Kopeetsky, Marina
PY - 2012/1/1
Y1 - 2012/1/1
N2 - We propose a new and efficient scheme for broadcast encryption. A broadcast encryption system allows a broadcaster to send an encrypted message to a dynamically chosen subset RS, |RS|=n, of a given set of users, such that only users in this subset can decrypt the message. An important component of broadcast encryption schemes is revocation of users by the broadcaster, thereby updating the subset RS. Revocation may be either temporary, for a specific cipher text, or permanent. In the existing public key schemes which support temporary revocation of the users, the broadcaster is required to keep track of the revoked users. We present the first public key broadcast encryption scheme that supports permanent revocation of users. Unlike previous schemes, the broadcaster in our scheme should not keep track of the revoked users (saving memory and computation power). Our scheme is fully collusion-resistant. In other words, even if all the revoked users collude, the revoked user cannot encrypt messages without receiving new keys from the broadcaster. The procedure is based on Cipher-text Policy Attribute-Based Encryption (CP-ABE). The overhead of revocation in our system is constant in all major performance measures including length of private and public keys, computational complexity, user's storage space, and computational complexity of encryption and decryption. The scheme we construct improves on our original scheme in a poster presentation [7] by a factor of O(log n) in all major performance measures.
AB - We propose a new and efficient scheme for broadcast encryption. A broadcast encryption system allows a broadcaster to send an encrypted message to a dynamically chosen subset RS, |RS|=n, of a given set of users, such that only users in this subset can decrypt the message. An important component of broadcast encryption schemes is revocation of users by the broadcaster, thereby updating the subset RS. Revocation may be either temporary, for a specific cipher text, or permanent. In the existing public key schemes which support temporary revocation of the users, the broadcaster is required to keep track of the revoked users. We present the first public key broadcast encryption scheme that supports permanent revocation of users. Unlike previous schemes, the broadcaster in our scheme should not keep track of the revoked users (saving memory and computation power). Our scheme is fully collusion-resistant. In other words, even if all the revoked users collude, the revoked user cannot encrypt messages without receiving new keys from the broadcaster. The procedure is based on Cipher-text Policy Attribute-Based Encryption (CP-ABE). The overhead of revocation in our system is constant in all major performance measures including length of private and public keys, computational complexity, user's storage space, and computational complexity of encryption and decryption. The scheme we construct improves on our original scheme in a poster presentation [7] by a factor of O(log n) in all major performance measures.
KW - Ciphertext Policy Attribute Based Encryption
KW - broadcast encryption
KW - permanent revocation
UR - http://www.scopus.com/inward/record.url?scp=84881081044&partnerID=8YFLogxK
U2 - https://doi.org/10.1109/CyberSecurity.2012.33
DO - https://doi.org/10.1109/CyberSecurity.2012.33
M3 - Conference contribution
SN - 9780769550145
T3 - Proceedings of the 2012 ASE International Conference on Cyber Security, CyberSecurity 2012
SP - 203
EP - 208
BT - Proceedings of the 2012 ASE International Conference on Cyber Security, CyberSecurity 2012
T2 - 2012 ASE International Conference on Cyber Security, CyberSecurity 2012
Y2 - 14 December 2012 through 16 December 2012
ER -