Acta Metallurgica Sinica(English letters) ›› 2009, Vol. 16 ›› Issue (1): 69-75.doi: 10.1016/S1005-8885(08)60181-8

• Wireless • Previous Articles     Next Articles

Broadcast encryption schemes based on RSA

MU Ning-bo, HU Yu-pu, OU Hai-wen   

  1. The Ministry of Education Key Laboratory of Computer Networks and Information Security, Xidian University, Xi’an 710071, China
  • Received:1900-01-01 Revised:1900-01-01 Online:2009-02-26
  • Contact: MU Ning-bo


Three broadcast schemes for small receiver set using the property of RSA modulus are presented. They can solve the problem of data redundancy when the size of receiver set is small. In the proposed schemes, the center uses one key to encrypt the message and can revoke authorization conveniently. Every authorized user only needs to store one decryption key of a constant size. Among these three schemes, the first one has indistinguishability against adaptive chosen ciphertext attack (IND-CCA2) secure, and any collusion of authorized users cannot produce a new decryption key but the sizes of encryption modulus and ciphertext are linear in the number of receivers. In the second scheme, the size of ciphertext is half of the first one and any two authorized users can produce a new decryption key, but the center can identify them using the traitor tracing algorithm. The third one is the most efficient but the center cannot identify the traitors exactly.

Key words:

broadcast encryption;traitor tracing;authorization revocation;RSA