Reinventing BrED: A Practical Construction

Avishek Majumder; Sayantan Mukherjee

doi:10.62056/ak5txl86bm

Reinventing BrED: A Practical Construction

Formal Treatment of Broadcast Encryption with Dealership

Authors

Avishek Majumder, Sayantan Mukherjee

Avishek Majumder

UPES, Dehradun, India
avishek dot majumder1991 at gmail dot com

Sayantan Mukherjee

IIT Jammu, India
csayantan dot mukherjee at gmail dot com

Keywords: Broadcast Encryption with Dealership Dealer Broadcast Encryption Pairing-based Cryptography

Abstract

Broadcast Encryption (BE) allows a sender to send an encrypted message to multiple receivers. In a typical broadcast encryption scenario, the broadcaster decides the set of users who can decrypt a particular ciphertext (denoted as the privileged set). Gritti et al. (IJIS'16) introduced a new primitive called Broadcast Encryption with Dealership (BrED), where the dealer decides the privileged set. A BrED scheme allows a dealer to buy content from the broadcaster and sell it to users. It provides better flexibility in managing a large user base. To date, quite a few different constructions of BrED schemes have been proposed by the research community.

We find that all existing BrED schemes are insecure under the existing security definitions. We demonstrate a concrete attack on all the existing schemes in the purview of the existing security definition. We also find that the security definitions proposed in the state-of-the-art BrED schemes do not capture the real world. We argue about the inadequacy of existing definitions and propose a new security definition that models the real world more closely. Finally, we propose a new BrED construction and prove it to be secure in our newly proposed security model.

References

[AD16]

Kamalesh Acharya and Ratna Dutta. Secure and Efficient Construction of Broadcast Encryption with Dealership. In Liqun Chen and Jinguang Han, editors, Provable Security - 10th International Conference, ProvSec 2016, Nanjing, China, November 10-11, 2016, Proceedings, volume 10005 of Lecture Notes in Computer Science, pages 277–295. 2016. DOI: 10.1007/978-3-319-47422-9_16

Google Scholar ePrint

[AD17]

Kamalesh Acharya and Ratna Dutta. Recipient Revocable Broadcast Encryption Schemes Without Random Oracles. In Howon Kim and Dong-Chan Kim, editors, Information Security and Cryptology - ICISC 2017 - 20th International Conference, Seoul, South Korea, November 29 - December 1, 2017, Revised Selected Papers, volume 10779 of Lecture Notes in Computer Science, pages 191–213. 2017. Springer. DOI: 10.1007/978-3-319-78556-1_11

Google Scholar ePrint

[AD21]

Kamalesh Acharya and Ratna Dutta. Constructing provable secure broadcast encryption scheme with dealership. J. Inf. Secur. Appl., 58:102736, 2021. DOI: 10.1016/J.JISA.2020.102736

Google Scholar ePrint

[BGW05]

Dan Boneh, Craig Gentry, and Brent Waters. Collusion Resistant Broadcast Encryption with Short Ciphertexts and Private Keys. In Victor Shoup, editor, Advances in Cryptology - CRYPTO 2005: 25th Annual International Cryptology Conference, Santa Barbara, California, USA, August 14-18, 2005, Proceedings, volume 3621 of Lecture Notes in Computer Science, pages 258–275. 2005. Springer. DOI: 10.1007/11535218_16

Google Scholar ePrint

[BSW07]

John Bethencourt, Amit Sahai, and Brent Waters. Ciphertext-Policy Attribute-Based Encryption. In 2007 IEEE Symposium on Security and Privacy (S&P 2007), 20-23 May 2007, Oakland, California, USA, pages 321–334. 2007. IEEE Computer Society. DOI: 10.1109/SP.2007.11

Google Scholar ePrint

[Del07]

Cécile Delerablée. Identity-Based Broadcast Encryption with Constant Size Ciphertexts and Private Keys. In Kaoru Kurosawa, editor, Advances in Cryptology - ASIACRYPT 2007, 13th International Conference on the Theory and Application of Cryptology and Information Security, Kuching, Malaysia, December 2-6, 2007, Proceedings, volume 4833 of Lecture Notes in Computer Science, pages 200–215. 2007. Springer. DOI: 10.1007/978-3-540-76900-2_12

Google Scholar ePrint

[DL78]

Richard A. DeMillo and Richard J. Lipton. A Probabilistic Remark on Algebraic Program Testing. Inf. Process. Lett., 7(4):193–195, 1978. DOI: 10.1016/0020-0190(78)90067-4

Google Scholar ePrint

[Duc10]

Léo Ducas. Anonymity from Asymmetry: New Constructions for Anonymous HIBE. In Josef Pieprzyk, editor, Topics in Cryptology - CT-RSA 2010, The Cryptographers' Track at the RSA Conference 2010, San Francisco, CA, USA, March 1-5, 2010. Proceedings, volume 5985 of Lecture Notes in Computer Science, pages 148–164. 2010. Springer. DOI: 10.1007/978-3-642-11925-5_11

Google Scholar ePrint

[FN93]

Amos Fiat and Moni Naor. Broadcast Encryption. In Douglas R. Stinson, editor, Advances in Cryptology - CRYPTO '93, 13th Annual International Cryptology Conference, Santa Barbara, California, USA, August 22-26, 1993, Proceedings, volume 773 of Lecture Notes in Computer Science, pages 480–491. 1993. Springer. DOI: 10.1007/3-540-48329-2_40

Google Scholar ePrint

[GLR18]

Junqing Gong, Benoît Libert, and Somindu C. Ramanna. Compact IBBE and Fuzzy IBE from Simple Assumptions. In Dario Catalano and Roberto De Prisco, editors, Security and Cryptography for Networks - 11th International Conference, SCN 2018, Amalfi, Italy, September 5-7, 2018, Proceedings, volume 11035 of Lecture Notes in Computer Science, pages 563–582. 2018. Springer. DOI: 10.1007/978-3-319-98113-0_30

Google Scholar ePrint

[GSP⁺16]

Clémentine Gritti, Willy Susilo, Thomas Plantard, Kaitai Liang, and Duncan S. Wong. Broadcast encryption with dealership. Int. J. Inf. Sec., 15(3):271–283, 2016. DOI: 10.1007/S10207-015-0285-X

Google Scholar ePrint

[GW09]

Craig Gentry and Brent Waters. Adaptive Security in Broadcast Encryption Systems (with Short Ciphertexts). In Antoine Joux, editor, Advances in Cryptology - EUROCRYPT 2009, 28th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Cologne, Germany, April 26-30, 2009. Proceedings, volume 5479 of Lecture Notes in Computer Science, pages 171–188. 2009. Springer. DOI: 10.1007/978-3-642-01001-9_10

Google Scholar ePrint

[KLEL17]

Joon Sik Kim, Young Kyung Lee, Jieun Eom, and Dong Hoon Lee. Recipient Revocable Broadcast Encryption with Dealership. In Howon Kim and Dong-Chan Kim, editors, Information Security and Cryptology - ICISC 2017 - 20th International Conference, Seoul, South Korea, November 29 - December 1, 2017, Revised Selected Papers, volume 10779 of Lecture Notes in Computer Science, pages 214–228. 2017. Springer. DOI: 10.1007/978-3-319-78556-1_12

Google Scholar ePrint

[LG18]

Jiangtao Li and Junqing Gong. Improved Anonymous Broadcast Encryptions - Tight Security and Shorter Ciphertext. In Bart Preneel and Frederik Vercauteren, editors, Applied Cryptography and Network Security - 16th International Conference, ACNS 2018, Leuven, Belgium, July 2-4, 2018, Proceedings, volume 10892 of Lecture Notes in Computer Science, pages 497–515. 2018. Springer. DOI: 10.1007/978-3-319-93387-0_26

Google Scholar ePrint

[RCS12]

Somindu C. Ramanna, Sanjit Chatterjee, and Palash Sarkar. Variants of Waters' Dual System Primitives Using Asymmetric Pairings - (Extended Abstract). In Marc Fischlin, Johannes Buchmann, and Mark Manulis, editors, Public Key Cryptography - PKC 2012 - 15th International Conference on Practice and Theory in Public Key Cryptography, Darmstadt, Germany, May 21-23, 2012. Proceedings, volume 7293 of Lecture Notes in Computer Science, pages 298–315. 2012. Springer. DOI: 10.1007/978-3-642-30057-8_18

Google Scholar ePrint

[Sch80]

Jacob T. Schwartz. Fast Probabilistic Algorithms for Verification of Polynomial Identities. J. ACM, 27(4):701–717, 1980. DOI: 10.1145/322217.322225

Google Scholar ePrint

[Sho97]

Victor Shoup. Lower Bounds for Discrete Logarithms and Related Problems. In Walter Fumy, editor, Advances in Cryptology - EUROCRYPT '97, International Conference on the Theory and Application of Cryptographic Techniques, Konstanz, Germany, May 11-15, 1997, Proceeding, volume 1233 of Lecture Notes in Computer Science, pages 256–266. 1997. Springer. DOI: 10.1007/3-540-69053-0_18

Google Scholar ePrint

[Wee16]

Hoeteck Wee. Déjà Q: Encore! Un Petit IBE. In Eyal Kushilevitz and Tal Malkin, editors, Theory of Cryptography - 13th International Conference, TCC 2016-A, Tel Aviv, Israel, January 10-13, 2016, Proceedings, Part II, volume 9563 of Lecture Notes in Computer Science, pages 237–258. 2016. Springer. DOI: 10.1007/978-3-662-49099-0_9

Google Scholar ePrint

[Zip79]

Richard Zippel. Probabilistic algorithms for sparse polynomials. In Edward W. Ng, editor, Symbolic and Algebraic Computation, EUROSAM '79, An International Symposiumon Symbolic and Algebraic Computation, Marseille, France, June 1979, Proceedings, volume 72 of Lecture Notes in Computer Science, pages 216–226. 1979. Springer. DOI: 10.1007/3-540-09519-5_73

Google Scholar ePrint

PDF Open access

DOI: https://doi.org/10.62056/ak5txl86bm

History

Submitted: 2024-07-09
Accepted: 2024-09-02
Published: 2024-10-07

How to cite

Avishek Majumder and Sayantan Mukherjee, Reinventing BrED: A Practical Construction. IACR Communications in Cryptology, vol. 1, no. 3, Oct 07, 2024, doi: 10.62056/ak5txl86bm.

License

Copyright is held by the author(s)

This work is licensed under a Creative Commons Attribution (CC BY) license.

@article{CiC-1-3-47,
    author = "Majumder, Avishek and Mukherjee, Sayantan",
    journal = "{IACR} {C}ommunications in {C}ryptology",
    publisher = "{I}nternational {A}ssociation for {C}ryptologic {R}esearch",
    title = "Reinventing Br{ED}: A Practical Construction",
    volume = "1",
    number = "3",
    date = "2024-10-07",
    year = "2024",
    issn = "3006-5496",
    doi = "10.62056/ak5txl86bm"
}

TY - JOUR
AU - Majumder, Avishek
AU - Mukherjee, Sayantan
PY - 2024
TI - Reinventing BrED: A Practical Construction
JF - IACR Communications in Cryptology
JA - CIC
VL - 1
IS - 3
DO - 10.62056/ak5txl86bm
UR - https://doi.org/10.62056/ak5txl86bm
AB - <p> Broadcast Encryption (BE) allows a sender to send an encrypted message to multiple receivers. In a typical broadcast encryption scenario, the broadcaster decides the set of users who can decrypt a particular ciphertext (denoted as the privileged set). Gritti et al. (IJIS'16) introduced a new primitive called Broadcast Encryption with Dealership (BrED), where the dealer decides the privileged set. A BrED scheme allows a dealer to buy content from the broadcaster and sell it to users. It provides better flexibility in managing a large user base. To date, quite a few different constructions of BrED schemes have been proposed by the research community.</p><p> We find that all existing BrED schemes are insecure under the existing security definitions. We demonstrate a concrete attack on all the existing schemes in the purview of the existing security definition. We also find that the security definitions proposed in the state-of-the-art BrED schemes do not capture the real world. We argue about the inadequacy of existing definitions and propose a new security definition that models the real world more closely. Finally, we propose a new BrED construction and prove it to be secure in our newly proposed security model. </p>
ER -

Avishek Majumder and Sayantan Mukherjee, Reinventing BrED: A Practical Construction. IACR Communications in Cryptology, vol. 1, no. 3, Oct 07, 2024, doi: 10.62056/ak5txl86bm.