Broadcast Encryption Scheme Based on Binary Cubes Alexey Urivskiy JSC «InfoTeCS», Moscow, Russia
What is Broadcast Encryption? Center Channel Message Privileged usersRevoked users Alexey Urivskiy ACCT'2014
Purpose Securely broadcast a message to an arbitrary dynamically changing subset of stateless receivers. Alexey Urivskiy ACCT'2014
Typical BE-Applications pay-TV systems; tactical radio; positioning systems; digital rights management solutions; etc. Alexey Urivskiy ACCT'2014
Preliminary Phase: Key Distribution 4 Center Alexey Urivskiy ACCT'2014
1234
Broadcast Phase: Message Index = Information on which users are in which subset Ciphertexts = The Session Key encrypted on Key Encryption Keys (KEK) Encrypted message = The Message encrypted on the Session Key IndexCiphertextsEncrypted message HEADER BODY Alexey Urivskiy ACCT'2014
Performance Parameters Transmission overhead the header’s length User key block the number of KEKs of the user Processing complexity Security focus only on information-theoretic secure Alexey Urivskiy ACCT'2014
Designing a good BES? Provided the BES is secure computationally efficient given the network size the number of the revoked users to balance the size of the user key block and the transmission overhead Alexey Urivskiy ACCT'2014
Naive Scheme 1234 Alexey Urivskiy ACCT'2014
Properties Transmission overhead Largest possible User key block Smallest possible = 1 Key Processing complexity Low Alexey Urivskiy ACCT'2014
Trivial Scheme Alexey Urivskiy ACCT'2014
Properties Transmission overhead Smallest possible = 1 KEK User key block Largest possible Processing complexity Low Alexey Urivskiy ACCT'2014
The CuBES Cubes Based Broadcast Encryption Scheme Alexey Urivskiy ACCT'2014
Why we say ‘CUBES’? xyz y x z (1,1,1) (0,1,1) (0,0,1) (1,0,1) (0,1,0)(0,0,0) (1,1,0) (1,0,0) Binary cube of dimension 3 Alexey Urivskiy ACCT'2014
Binary cube of dimension 4 Alexey Urivskiy ACCT'2014
Properties for N users 2 N -1 keys in total 2 N-1 keys for every user 1 KEK to handle any configuration of revoked users Limitation: in practice N ≤ 20 Alexey Urivskiy ACCT'2014
Approach Partition users into small group. Apply the trivial scheme to every group. Apply a logical hierarchy to group of users – a tree-like construction. Alexey Urivskiy ACCT'2014
Hierarchy Example - 24 users Binary cube (keys) for 2 (virtual) users Binary cube (keys) for 3 (virtual) users Binary cube (keys) for 4 users User Alexey Urivskiy ACCT'2014
Users Key Block Example 3 Alexey Urivskiy ACCT'2014
Users Key Block Example Alexey Urivskiy ACCT'2014
Users Key Block Example Alexey Urivskiy ACCT'2014
Example 4x3x2 User’s storage 14 KEKs Coverage 5 KEKs Alexey Urivskiy ACCT'2014
Example 6x4 User’s storage 47 KEKs Coverage 4 KEKs Alexey Urivskiy ACCT'2014
Example 8x3 User’s storage 131 KEKs Coverage 3 KEKs Alexey Urivskiy ACCT'2014
Worst case analysis # Revoked users Coverage, # KEKs Alexey Urivskiy ACCT'2014
Scheme Transmission overhead, KEKs User key block, KEKs 8x8x4x4x4x4x4x4x4 ~ x9x6x6x6x5x4x3 ~ x10x7x7x6x6x6 ~ Users: N=2 20 Revoked users: r=2 16 CuBES Example Alexey Urivskiy ACCT'2014
Coverage, # KEKs # Revoked users 8x8x4x4x4x4x4x4x49x9x6x6x6x5x4x310x10x7x7x6x6x6 Alexey Urivskiy ACCT'2014
Thank you! Questions? Alexey Urivskiy ACCT'2014