Efficient and Secure Member Deletion in Group Signature Scheme

1
Generic Transformation for Scalable Broadcast
Encryption Schemes
CRYPTO 05
Jung Yeon Hwang, Dong Hoon Lee, Jong In Lim
2
Contents

• Broadcast Encryption (BE)
• Concept / Applications
• Related Works
• Our Approach for Scalability
• Design Principle
• Generic Transformation
• Compiled Examples
• Concluding Remarks

3
Broadcast Encryption Concept
Message Sender
Broadcast Encryption Message
s session key , m contents
Subscribers
4
BE Applications

• Satellite-based Business
• Group Communication
• Digital Rights Management
• Home network content protection
• AACS (Advanced Access Content System) group
• 2004. 7. IBM, Intel, Microsoft, Panasonic, Sony,
  Toshiba,
• Disney, Warner Bros. Studios

5
BE Basic Goal

• How to efficiently exclude illegal users from a
  privileged set ?

Revoked User
Privileged User

• Transmission Overhead (TO)
• User Storage Overhead (SO)
• Computation Overhead (CO)

one-to-many communication Transmission
efficiency
6
BE Related Works

• Unicast Power-Set Solutions
• Middle Ground Revocation-state ?
• Define a collection of subsets
• - Combinatorial Approach (collusion)
• - Tree Structure (SD,LSD,SSD), Line Segment (PI)
• Reveal Information of Revoked Users
• - Secret Sharing
• Accumulate Information of Privileged Users
• - One-Way Accumulator

7
Problem of Scalability Our Solution

• Large Number of Users?
• Impractical due to
• Excessive User Storage and/or Computation
  Overhead
• Modular Approach for Scalability
• Reduction in User Storage and Computation
• Slight Increase in Transmission Overhead
• Structure Preserving
• - Security
• - Type of Key Sharing Symmetric / Public Key
• - Connection State Stateful / Stateless

8
Our Solution Modular Approach

• Independent Hierarchical Application of BE to
  small subsets

• User Structure nws

w-ary Tree
Sibling Set Sa
e
Height s
Se
8
1



Se1
1
2
3
4
5
7
8
6


Se18
Users
4
1
6
5
7
8
2
3
Ue184
9
Our Solution Modular Approach

• Independent Hierarchical Application of BE

- Key Assignment
Tree





Ue184
10
Our Solution Modular Approach

• Independent Hierarchical Application of BE

- Revocation
Tree
Se



Se1


Se18
ue115
ue182
Revoked nodes (Steiner Tree)
Revoked Users (leaves)
11
Our Solution Modular Approach

• Independent Hierarchical Application of BE

- Revocation
Tree
Se

Se1
Se11
Se18
ue115
ue182
Revoked nodes
12
Our Solution Performance Analysis

• User Storage Overhead
• 1 s?SOB(n1/s)
• Preserve log-key restriction
• (1 s log n1/s 1 log n)
• Computation Overhead
• COB(n1/s)
• Transmission Overhead
• s?TOB(n1/s)

Height s
Sibling Set
wn1/s
13
Examples

• User Devices with Limited Resources
• Transmission-Restricted/Low Bandwidth Application

14
Example 1 For Low Resource Environment

• BE scheme B1 with
• log n 1 SO, 2 r TO, n CO

Transformation
15
Example 1 For Low Resource Environment

• User Structure Number line

i
1


U1
U2
U3
Un
Un-1
U4
Ui
U5
U6

• Basic Tool One-way chain

points
chain-value
F 0,1? ? 0,1?
sdi ?R 0,1?
16
Example 1 For Low Resource Environment

• Key Assignment of B1 1log n (Log-Key
  Restriction)

sd6
chain-values
F(sd5)
F2(sd8)
F26(sd32)
F10(sd16)
F5(sd1)

• Revocation of B1 2r (r number of revoked
  users)

16
8
n computations
17
Example 1 Security

• Subset Cover Framework (by Naor et al.)
• Subset Interval (line segment)

Existence of Pseudo-Random Sequence Number
Generator
Key assignment method satisfies Key
Indistinguishability
18
Example 2 Low Bandwidth BE

• Jumping One-way Chain Schemes by Jho et. al at
  Eurocrypt05

Performance. TO r/2 1, SO (n24n)/8,
CO n/2

• Application of Different BE Schemes B2

19
Performance Analysis

• N108 users and w100 for worst case

B1
B2
SD
SD
The gap of log key restriction
B2
B1
User Storage Overhead
Transmission Overhead
20
Concluding Remarks

• Average case analysis
• Traitor Tracing Other Properties
• Multi-dimensional Cube

21
Thank you