Explicit Exclusive Set Systems with Applications to Broadcast Encryption David Woodruff Joint with Craig Gentry and Zulfikar Ramzan To appear in FOCS 2006.

Presentation on theme: "Explicit Exclusive Set Systems with Applications to Broadcast Encryption David Woodruff Joint with Craig Gentry and Zulfikar Ramzan To appear in FOCS 2006."— Presentation transcript:

Explicit Exclusive Set Systems with Applications to Broadcast Encryption David Woodruff Joint with Craig Gentry and Zulfikar Ramzan To appear in FOCS 2006

Broadcast Encryption Server Clients 1 server, n clients Server broadcasts to all clients at once E.g., payperview TV, music, videos Only privileged users can understand broadcasts E.g., those who pay their monthly bills Need to encrypt broadcasts

Subset Cover Framework [NNL] Offline stage: For some S ½ [n], server creates a key K(S) and distributes it to all users in S Let C be the collection of S Server space complexity ~ |C| ith user space complexity ~ # S containing i

Subset Cover Framework [NNL] Online stage: Given a set R ½ [n] of at most r revoked users Server establishes a session key M that only users in the set [n] n R know Finds S 1, …, S t with [n] n R = S 1 [ … [ S t Encrypt M under each of K(S 1 ), …, K(S t ) Content encrypted using session key M

Subset Cover Framework [NNL] Communication complexity ~ t Tolerate up to r revoked users Tolerate any number of colluders Information-theoretic security

The Combinatorics Problem Find a family C of subsets of {1, …., n} such that any large set S µ {1, …, n} is the union of a small number of sets in C S = S 1 [ S 2 [ [ S t Parameters: Universe is [n] = {1, …, n} |S| >= n-r Write S as a union of · t sets in C Goal: Minimize |C|

Our Results Main result: |C| = poly(r,t) n, r, t all arbitrary Match lower bound up to poly(r,t) In applications r, t << n When r,t << n, get |C| = O(rt ) Our construction is explicit Find sets S = S 1 [ … [ S t in poly(r, t, log n) time Improved cryptographic applications

Cryptographic Implications Our explicit exclusive set system yield almost optimal information-theoretic broadcast encryption and multi- certificate revocation schemes General n,r,t Contrasts with previous explicit systems Poly(r,t, log n) time to find keys for broadcast Contrasts with probabilistic constructions Parameters For poly(r, log n) server storage complexity, we can set t = r log (n/r), but previously t = (r 2 log n)

Download ppt "Explicit Exclusive Set Systems with Applications to Broadcast Encryption David Woodruff Joint with Craig Gentry and Zulfikar Ramzan To appear in FOCS 2006."

Similar presentations