Ternary subset difference revocation in public key framework supporting outsider anonymity

In public key broadcast encryption, anyone can securely transmit a message to a group of receivers such that privileged users can decrypt it. The three important parameters of the broadcast encryption scheme are the length of the ciphertext, the size of private/public key, and the performance of encryption/decryption. It is suggested to decrease them as much as possible; however, it turns out that decreasing one increases the other in most schemes. This paper proposes a new broadcast encryption scheme for tiny Internet of Things (IoT) equipment (BESTIE), minimizing the private key size in each user. In the proposed scheme, the private key size is O(logn), the public key size is O(logn), the encryption time per subset is O(logn), the decryption time is O(logn), and the ciphertext text size is O(r), where n denotes the maximum number of users, and r indicates the number of revoked users. The proposed scheme is the first subset difference-based broadcast encryption scheme to reduce the private key size O(logn) without sacrificing the other parameters. We prove that our proposed scheme is secure under q-Simplified Multi-Exponent Bilinear Diffie-Hellman (q-SMEBDH) in the standard model.

Download Full-text

Combinatorial Subset Difference—IoT-Friendly Subset Representation and Broadcast Encryption

Sensors ◽

10.3390/s20113140 ◽

2020 ◽

Vol 20 (11) ◽

pp. 3140 ◽

Cited By ~ 2

Author(s):

Jiwon Lee ◽

Seunghwa Lee ◽

Jihye Kim ◽

Hyunok Oh

Keyword(s):

Public Key ◽

Broadcast Encryption ◽

Experimental Result ◽

The Internet ◽

Ip Address ◽

The Public ◽

Semantic Security ◽

Subset Difference ◽

Chosen Ciphertext Attack ◽

The Internet Of Things

In the Internet of Things (IoT) systems, it is often required to deliver a secure message to a group of devices. The public key broadcast encryption is an efficient primitive to handle IoT broadcasts, by allowing a user (or a device) to broadcast encrypted messages to a group of legitimate devices. This paper proposes an IoT-friendly subset representation called Combinatorial Subset Difference (CSD), which generalizes the existing subset difference (SD) method by allowing wildcards (*) in any position of the bitstring. Based on the CSD representation, we first propose an algorithm to construct the CSD subset, and a CSD-based public key broadcast encryption scheme. By providing the most general subset representation, the proposed CSD-based construction achieves a minimal header size among the existing broadcast encryption. The experimental result shows that our CSD saves the header size by 17% on average and more than 1000 times when assuming a specific IoT example of IP address with 20 wildcards and 2 20 total users, compared to the SD-based broadcast encryption. We prove the semantic security of CSD-based broadcast encryption under the standard l-BDHE assumption, and extend the construction to a chosen-ciphertext-attack (CCA)-secure version.

Download Full-text