Multi-channel broadcast encryption

Phan, Duong Hieu; Pointcheval, David; Trinh, Viet Cuong

doi:10.1145/2484313.2484348

Cited by 9 publications

(22 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Secret-key Public-key Signing Verifying [3] 1|G| 1|G| + 1| | 2|G| + + 3 3P + 1H [4] 1|G|+ 1| | 2| | 2|G| 2 + 2 ( + 3)exp + 2H [5] ( + 1)|G| 1|G|+ 1| | 2|G| 4 exp + 3 H 2 exp + 3P (3 + 1)H Ours 3|G|+ 1|G| 3|G|+ 1| | 3|G|+ (n + 3)|G| (2 + 9)exp + (2 + 1)H ( + 1)exp + 3P+(2 + 1)H time. Second, using direct approach [14,15], which leads to quite efficient resulted schemes (constant-size of both public parameters and signature, as well as efficient computing time); however these schemes are only secure under strong assumptions (generalization of the Diffie-Hellman exponent assumption, GDDHE assumption), although GDDHE assumption introduced by Boneh and Boyen at Eurocrypt'05 [16] now has been accepted widely by researchers [17][18][19][20][21][22]. Aggregate Signature.…”

Section: Signaturementioning

confidence: 99%

A Short Server-Aided Certificateless Aggregate Multisignature Scheme in the Standard Model

Trinh

2019

Security and Communication Networks

Self Cite

View full text Add to dashboard Cite

Aggregate signature scheme allows each signer to sign a different message and then all those signatures are aggregated into a single short signature. In contrast, multisignature scheme allows multisigners to jointly sign only one message. Aggregate multisignature scheme is a combination of both aforementioned signature schemes, where signers can choose to generate either a multisignature or an aggregate signature. This combination scheme has many concrete application scenarios such as Bitcoin blockchain, Healthcare, Multicast Acknowledgment Aggregation, and so on. On the other hand, to deal with the problems of expensive certificates in certified public key cryptography and key escrow in identity-based cryptography, the notion of certificateless public key cryptography has been introduced by Riyami and Paterson at Asiacrypt'03. In this paper, we propose the first certificateless aggregate multisignature scheme that achieves the constant-size of signature and is secure in the standard model under a generalization of the Diffie-Hellman exponent assumption. In our scheme, however, the signature is generated with the help of the authority.

show abstract

Section: Signaturementioning

confidence: 99%

A Short Server-Aided Certificateless Aggregate Multisignature Scheme in the Standard Model

Trinh

2019

Security and Communication Networks

Self Cite

View full text Add to dashboard Cite

show abstract

“…In this work, we propose a new approach to construct CP-ABE schemes with constant size ciphertext supporting CNF access policy. For that purpose, we make use of the techniques given in the Junod-Karlov ABBE scheme [20] to achieve CNF access policy and to fight against attribute collusion and the ones from the Multi-Channel Broadcast Encryption (MCBE) scheme given in [27] in order to achieve the constant size of the ciphertext.…”

Section: Our Contributionmentioning

confidence: 99%

“…First, we make use of the techniques given in the Junod-Karlov ABBE scheme [20] to fight against attribute collusion. We finally integrate the techniques from the MCBE scheme in [27] to obtain a ciphertext with a constant size. Note that both ABBE scheme [20] and MCBE scheme in [27] are constructed from BGW scheme [8].…”

Section: Intuitionmentioning

confidence: 99%

See 1 more Smart Citation

Constant-Size Ciphertext Attribute-Based Encryption from Multi-channel Broadcast Encryption

Canard

Trinh

2016

Information Systems Security

Self Cite

View full text Add to dashboard Cite

Attribute-based encryption (ABE) is an extension of traditional public key encryption in which the encryption and decryption phases are based on user's attributes. More precisely, we focus on ciphertext-policy ABE (CP-ABE) where the secret-key is associated to a set of attributes and the ciphertext is generated with an access policy. It then becomes feasible to decrypt a ciphertext only if one's attributes satisfy the used access policy. CP-ABE scheme with constant-size ciphertext supporting fine-grained access control has been investigated at AsiaCrypt'15 and then at TCC'16. The former makes use of the conversion technique between ABE and spatial encryption, and the later studies the pair encodings framework. In this paper, we give a new approach to construct such kind of CP-ABE scheme. More precisely, we propose private CP-ABE schemes with constant-size ciphertext, supporting CNF (Conjunctive Normal Form) access policy, with the simple restriction that each attribute can only appear kmax times in the access formula. Our two constructions are based on the BGW scheme at Crypto'05. The first scheme is basic selective secure (in the standard model) while our second one reaches the selective CCA security (in the random oracle model).

show abstract

“…The sessions keys of all channels should indeed be compacted into one ciphertext only, there are thus some relations between keys inside one session and the security model has to take these relations into account. Finally, Phan, Pointcheval and Trinh [30] made a significant breakthrough by proposing a formalization of the multi-channel Broadcast Encryption problem, using the dummy-helper technique.…”

Section: Related Workmentioning

confidence: 99%

Broadcast encryption with dealership

Gritti

Susilo

Plantard

et al. 2015

Int. J. Inf. Secur.

View full text Add to dashboard Cite

In this paper, we introduce a new cryptographic primitive called broadcast encryption with dealership. This notion, which has never been discussed in the cryptography literature, is applicable to many realistic broadcast services, for example subscription-based television service. Specifically, the new primitive enables a dealer to bulk buy the access to some products (e.g., TV channels) from the broadcaster, and hence, it will enable the dealer to resell the contents to the subscribers with a cheaper rate. Therefore, this creates business opportunity model for the dealer. We highlight the security consideration in such a scenario and capture the security requirements in the security model. Subsequently, we present a concrete scheme, which is proven secure under the decisional bilinear Diffie-Hellman exponent and the Diffie-Hellman exponent assumptions. Abstract In this paper, we introduce a new cryptographic primitive called Broadcast Encryption with Dealership (BED). This notion, which has never been discussed in the cryptography literature, is applicable to many realistic broadcast services, for example subscription-based television service. Specifically, the new primitive enables a dealer to bulk buy the access to some products (e.g. TV channels) from the broadcaster and hence, it will enable the dealer to resell the contents to the subscribers with a cheaper rate. Therefore, this creates business opportunity model for the dealer. We highlight the security consideration in such a scenario, and capture the security requirements in the security model. Subsequently, we present a concrete scheme, which is proven secure under the Decision Bilinear Diffie-Hellman Exponent (DBDHE) and the Diffie-Hellman Exponent (DHE) assumptions.

show abstract

Multi-channel broadcast encryption

Cited by 9 publications

References 12 publications

A Short Server-Aided Certificateless Aggregate Multisignature Scheme in the Standard Model

A Short Server-Aided Certificateless Aggregate Multisignature Scheme in the Standard Model

Constant-Size Ciphertext Attribute-Based Encryption from Multi-channel Broadcast Encryption

Broadcast encryption with dealership

Contact Info

Product

Resources

About