中国邮电高校学报(英文) ›› 2009, Vol. 16 ›› Issue (1): 69-75.doi: 10.1016/S1005-8885(08)60181-8

• Artificial Intelligence • 上一篇    下一篇

Broadcast encryption schemes based on RSA

牟宁波,胡予濮,欧海文   

  1. The Ministry of Education Key Laboratory of Computer Networks and Information Security, Xidian University, Xi’an 710071, China
  • 收稿日期:1900-01-01 修回日期:1900-01-01 出版日期:2009-02-26
  • 通讯作者: 牟宁波

Broadcast encryption schemes based on RSA

MU Ning-bo, HU Yu-pu, OU Hai-wen   

  1. The Ministry of Education Key Laboratory of Computer Networks and Information Security, Xidian University, Xi’an 710071, China
  • Received:1900-01-01 Revised:1900-01-01 Online:2009-02-26
  • Contact: MU Ning-bo

摘要:

Three broadcast schemes for small receiver set using the property of RSA modulus are presented. They can solve the problem of data redundancy when the size of receiver set is small. In the proposed schemes, the center uses one key to encrypt the message and can revoke authorization conveniently. Every authorized user only needs to store one decryption key of a constant size. Among these three schemes, the first one has indistinguishability against adaptive chosen ciphertext attack (IND-CCA2) secure, and any collusion of authorized users cannot produce a new decryption key but the sizes of encryption modulus and ciphertext are linear in the number of receivers. In the second scheme, the size of ciphertext is half of the first one and any two authorized users can produce a new decryption key, but the center can identify them using the traitor tracing algorithm. The third one is the most efficient but the center cannot identify the traitors exactly.

关键词:

broadcast;encryption,;traitor;tracing,;authorization;revocation,;RSA

Abstract:

Three broadcast schemes for small receiver set using the property of RSA modulus are presented. They can solve the problem of data redundancy when the size of receiver set is small. In the proposed schemes, the center uses one key to encrypt the message and can revoke authorization conveniently. Every authorized user only needs to store one decryption key of a constant size. Among these three schemes, the first one has indistinguishability against adaptive chosen ciphertext attack (IND-CCA2) secure, and any collusion of authorized users cannot produce a new decryption key but the sizes of encryption modulus and ciphertext are linear in the number of receivers. In the second scheme, the size of ciphertext is half of the first one and any two authorized users can produce a new decryption key, but the center can identify them using the traitor tracing algorithm. The third one is the most efficient but the center cannot identify the traitors exactly.

Key words:

broadcast encryption;traitor tracing;authorization revocation;RSA