期刊
IEEE TRANSACTIONS ON COMPUTERS
卷 65, 期 2, 页码 466-479出版社
IEEE COMPUTER SOC
DOI: 10.1109/TC.2015.2419662
关键词
Broadcast encryption; group key agreement; contributory broadcast encryption; provable security
资金
- Chinese National Key Basic Research Program (973 program) [2012CB315905]
- Natural Science Foundation of China [61370190, 61173154, 61472429, 61402029, 61272501, 61202465, 61321064, 61003214]
- Beijing Natural Science Foundation [4132056]
- Fundamental Research Funds for the Central Universities
- Renmin University of China [14XNLF02]
- Beijing Key Laboratory of Trusted Computing
- European Union
- Spanish Government [TSI-020302-2010-153, TIN2011-27076-C03-01]
- Catalan Government [2014 SGR 537]
- Templeton World Charity Foundation [TWCF0095]
- Shanghai NSF [12ZR1443500]
- Shanghai Chen Guang Program [12CG24]
- Science and Technology Commission of Shanghai Municipality [13JC1403500]
- ICREA-Academia by the Catalan Government
- Google Faculty Research Award
Broadcast encryption (BE) schemes allow a sender to securely broadcast to any subset of members but require a trusted party to distribute decryption keys. Group key agreement (GKA) protocols enable a group of members to negotiate a common encryption key via open networks so that only the group members can decrypt the ciphertexts encrypted under the shared encryption key, but a sender cannot exclude any particular member from decrypting the ciphertexts. In this paper, we bridge these two notions with a hybrid primitive referred to as contributory broadcast encryption (ConBE). In this new primitive, a group of members negotiate a common public encryption key while each member holds a decryption key. A sender seeing the public group encryption key can limit the decryption to a subset of members of his choice. Following this model, we propose a ConBE scheme with short ciphertexts. The scheme is proven to be fully collusion-resistant under the decision n-Bilinear Diffie-Hellman Exponentiation (BDHE) assumption in the standard model. Of independent interest, we present a new BE scheme that is aggregatable. The aggregatability property is shown to be useful to construct advanced protocols.
作者
我是这篇论文的作者
点击您的名字以认领此论文并将其添加到您的个人资料中。
推荐
暂无数据