Bridging Broadcast Encryption and Group Key AgreementResearch Paper • September 8th, 2011
Contract Type FiledSeptember 8th, 2011Abstract. Broadcast encryption (BE) schemes allow a sender to secure- ly broadcast to any subset of members but requires a trusted party to distribute decryption keys. Group key agreement (GKA) protocols en- able a group of members to negotiate a common encryption key via open networks so that only the members can decrypt the ciphertexts encrypted under the shared encryption key, but a sender cannot exclude any partic- ular member from decrypting the ciphertexts. In this paper, we bridge these two notions with a hybrid primitive referred to as contributory broadcast encryption (CBE). In this new primitive, a group of member- s negotiate a common public encryption key while each member holds a decryption key. A sender seeing the public group encryption key can limit the decryption to a subset of members of his choice. Following this model, we propose a CBE scheme with short ciphertexts. The scheme is proven to be fully collusion-resistant under the decision n-Bilinear Diffie- Hellman Ex