Korea University CRYPTO ‘05 Jung Yeon Hwang, Dong Hoon Lee, Jong In Lim Generic Transformation for...
-
Upload
emory-elliott -
Category
Documents
-
view
216 -
download
0
Transcript of Korea University CRYPTO ‘05 Jung Yeon Hwang, Dong Hoon Lee, Jong In Lim Generic Transformation for...
Korea University
CRYPTO ‘05
Jung Yeon Hwang, Dong Hoon Lee, Jong In Lim
Generic Transformation for Scalable Broadcast Encryption Schemes
2
Contents
Broadcast Encryption (BE)
Concept / Applications
Related Works
Our Approach for Scalability
Design Principle
Generic Transformation
Compiled Examples
Concluding Remarks
3
Broadcast Encryption : Concept
Message Sender
s : session key , m :contents
Header Body
Broadcast Encryption Message
Contents
Subscribers
4
BE : Applications
Satellite-based Business
Group Communication
Digital Rights ManagementHome network content protection
AACS (Advanced Access Content System) group
2004. 7. IBM, Intel, Microsoft, Panasonic, Sony, Toshiba,
Disney, Warner Bros. Studios
5
BE : Basic Goal
How to efficiently exclude illegal users from a privileged set ?
Revoked User Privileged User
Transmission Overhead (TO)
User Storage Overhead (SO)
Computation Overhead (CO)
one-to-many communication : Transmission efficiency
6
BE : Related Works
Unicast & Power-Set Solutions
Middle Ground : Revocation-state ?
Define a collection of subsets
- Combinatorial Approach (collusion)
- Tree Structure (SD,LSD,SSD), Line Segment (PI)
Reveal Information of Revoked Users
- Secret Sharing
Accumulate Information of Privileged Users
- One-Way Accumulator
7
Problem of Scalability & Our Solution
Large Number of Users?Impractical due to
Excessive User Storage and/or Computation Overhead
Modular Approach for Scalability
Reduction in User Storage and Computation
Slight Increase in Transmission Overhead
Structure Preserving
- Security
- Type of Key Sharing : Symmetric / Public Key
- Connection State : Stateful / Stateless
8
Our Solution : Modular Approach
…
…Se
Se1
Se18
User Structure : n=ws
w-ary Tree
… …
…
Ue184
Sibling Set Sa
Users
Independent & Hierarchical Application of BE to small subsets
e
1 8
1 2 3 4 5 6 7 8
41 2 3 5 6 7 8
Height = s
9
Our Solution : Modular Approach
…
…
Independent & Hierarchical Application of BE
- Key Assignment
Se
Se1
Se18
Tree
… …
…
Ue184
10
Our Solution : Modular Approach
…
…Se
Se1
Se18
Independent & Hierarchical Application of BE
- Revocation Tree
… …
…
Revoked Users (leaves) Revoked nodes (Steiner Tree)
ue115 ue182
11
Our Solution : Modular Approach
…Se
Se1
Se18
Independent & Hierarchical Application of BE
- Revocation Tree
…
Revoked nodes
… …
…Se11
ue115 ue182
12
Our Solution : Performance Analysis
User Storage Overhead1 + sᆞ SOB(n1/s)
Preserve “log-key restriction”
(1+ s log n1/s = 1+ log n)
Computation OverheadCOB(n1/s)
Transmission Overhead≤ sᆞ TOB(n1/s)
Sibling Set
Height : s
w=n1/s
13
Examples
User Devices with Limited Resources
Transmission-Restricted/Low Bandwidth
Application
14
Example 1 : For Low Resource Environment
BE scheme B1 with
log n +1 SO, 2 r TO, n CO
Transformation
BE scheme B1 with
log n +1 SO, 2 r log n /log log n TO, log n CO
15
Example 1 : For Low Resource Environment
User Structure : Number line
U1 U2 U3 UnUn-1U4 Ui… …
Basic Tool : One-way chain
F(sdi) F2(sdi) F3(sdi) Fj- 1+1(sdi)
ui ui+1 ui+2 uj points
chain-value
F: {0,1}κ → {0,1}κ
U5 U6
F1(sdi) F2(sdi) Fj-i(sdi)sdi
sdi ←R {0,1}κ
i1 … …
16
541 2 3 6 7 8 9 10 11 1312 3214 1615
Example 1 : For Low Resource Environment
Revocation of B1 : 2r (r : number of revoked users)
54
F4(sdi)
1 2 3 6 7 8 9 10 11 1312
F3(sd8) F2(sd9) F21(sd32)
32
F3(sd1) F2(sd8) F1(sd9) F20(sd32)
Key Assignment of B1 : 1+log n (Log-Key Restriction)
chain-valuesF2(sd8)
F(sd5)
F10(sd16)
sd6
F5(sd1) F26(sd32)
…
n computations
168
17
Example 1 : Security
Subset Cover Framework (by Naor et al.)
Subset : Interval (line segment)
Existence of Pseudo-Random Sequence Number Generator
Key assignment method satisfies Key Indistinguishability
18
Example 2 : Low Bandwidth BE
Jumping One-way Chain Schemes by Jho et. al at Eurocrypt’05
Application of Different BE Schemes : B2
Performance. TO : [r/2] +1, SO : (n2+4n)/8, CO : n/2
…
… … …
19
Performance Analysis
N=108 users and w=100 for worst case
Transmission Overhead User Storage Overhead
The gap of log key restriction
SD
B1
B2
B1
B2
SD
20
Concluding Remarks
Average case analysis
Traitor Tracing & Other Properties
Multi-dimensional Cube
m2
m1
m3
u=(1,1,1)
m1
m2
u=(1,1)
x 축
y 축
z 축
x 축
y 축
u
revoked users: u=(4,6), v=(8,4)
u u
Cover= {C+[1,3],C
-[5,6],C
+[7,7],C
-[9,11],
C+4,[1,5],C
-4,[7,11],C
+8,[1,3],C
+8,[1,3],}
1 11
11
v vv
C+[1,3] C-
[5,6] C+[7,7]
C-[9,11]
C+4,[1,5]
C-4,[7,11]
C-8,[5,11]
C+8,[1,3]
21
Thank you