broadcast encryption scheme based on binary cubes alexey urivskiy jsc «infotecs», moscow, russia...
TRANSCRIPT
![Page 1: Broadcast Encryption Scheme Based on Binary Cubes Alexey Urivskiy JSC «InfoTeCS», Moscow, Russia alexey.urivskiy@mail.ru](https://reader035.vdocuments.us/reader035/viewer/2022062322/56649eda5503460f94be8c9d/html5/thumbnails/1.jpg)
Broadcast Encryption Scheme Based on Binary Cubes
Alexey UrivskiyJSC «InfoTeCS», Moscow, Russia
![Page 2: Broadcast Encryption Scheme Based on Binary Cubes Alexey Urivskiy JSC «InfoTeCS», Moscow, Russia alexey.urivskiy@mail.ru](https://reader035.vdocuments.us/reader035/viewer/2022062322/56649eda5503460f94be8c9d/html5/thumbnails/2.jpg)
What is Broadcast Encryption?Center
ChannelChannel
MessagePrivileged users Revoked users
Alexey Urivskiy ACCT'2014
![Page 3: Broadcast Encryption Scheme Based on Binary Cubes Alexey Urivskiy JSC «InfoTeCS», Moscow, Russia alexey.urivskiy@mail.ru](https://reader035.vdocuments.us/reader035/viewer/2022062322/56649eda5503460f94be8c9d/html5/thumbnails/3.jpg)
Purpose
Securely broadcast a message to an arbitrary dynamically changing subset of stateless receivers.
Alexey Urivskiy ACCT'2014
![Page 4: Broadcast Encryption Scheme Based on Binary Cubes Alexey Urivskiy JSC «InfoTeCS», Moscow, Russia alexey.urivskiy@mail.ru](https://reader035.vdocuments.us/reader035/viewer/2022062322/56649eda5503460f94be8c9d/html5/thumbnails/4.jpg)
Typical BE-Applications
• pay-TV systems;• tactical radio;• positioning systems;• digital rights management solutions;• etc.
Alexey Urivskiy ACCT'2014
![Page 5: Broadcast Encryption Scheme Based on Binary Cubes Alexey Urivskiy JSC «InfoTeCS», Moscow, Russia alexey.urivskiy@mail.ru](https://reader035.vdocuments.us/reader035/viewer/2022062322/56649eda5503460f94be8c9d/html5/thumbnails/5.jpg)
Preliminary Phase: Key Distribution
4Center
1
2 3
Alexey Urivskiy ACCT'2014
![Page 6: Broadcast Encryption Scheme Based on Binary Cubes Alexey Urivskiy JSC «InfoTeCS», Moscow, Russia alexey.urivskiy@mail.ru](https://reader035.vdocuments.us/reader035/viewer/2022062322/56649eda5503460f94be8c9d/html5/thumbnails/6.jpg)
1 2 3 4
Alexey Urivskiy ACCT'2014
![Page 7: Broadcast Encryption Scheme Based on Binary Cubes Alexey Urivskiy JSC «InfoTeCS», Moscow, Russia alexey.urivskiy@mail.ru](https://reader035.vdocuments.us/reader035/viewer/2022062322/56649eda5503460f94be8c9d/html5/thumbnails/7.jpg)
Broadcast Phase: Message
Index = Information on which users are in which subset
Ciphertexts = The Session Key encrypted on Key Encryption Keys (KEK)
Encrypted message = The Message encrypted on the Session Key
Index Ciphertexts Encrypted message
HEADER BODY
Alexey Urivskiy ACCT'2014
![Page 8: Broadcast Encryption Scheme Based on Binary Cubes Alexey Urivskiy JSC «InfoTeCS», Moscow, Russia alexey.urivskiy@mail.ru](https://reader035.vdocuments.us/reader035/viewer/2022062322/56649eda5503460f94be8c9d/html5/thumbnails/8.jpg)
Performance Parameters
• Transmission overheadthe header’s length
• User key blockthe number of KEKs of the user
• Processing complexity• Security
focus only on information-theoretic secure
Alexey Urivskiy ACCT'2014
![Page 9: Broadcast Encryption Scheme Based on Binary Cubes Alexey Urivskiy JSC «InfoTeCS», Moscow, Russia alexey.urivskiy@mail.ru](https://reader035.vdocuments.us/reader035/viewer/2022062322/56649eda5503460f94be8c9d/html5/thumbnails/9.jpg)
Designing a good BES?Provided the BES is• secure • computationally efficientgiven • the network size• the number of the revoked usersto balance • the size of the user key block and• the transmission overhead
Alexey Urivskiy ACCT'2014
![Page 10: Broadcast Encryption Scheme Based on Binary Cubes Alexey Urivskiy JSC «InfoTeCS», Moscow, Russia alexey.urivskiy@mail.ru](https://reader035.vdocuments.us/reader035/viewer/2022062322/56649eda5503460f94be8c9d/html5/thumbnails/10.jpg)
Naive Scheme
1 2 3 4
Alexey Urivskiy ACCT'2014
![Page 11: Broadcast Encryption Scheme Based on Binary Cubes Alexey Urivskiy JSC «InfoTeCS», Moscow, Russia alexey.urivskiy@mail.ru](https://reader035.vdocuments.us/reader035/viewer/2022062322/56649eda5503460f94be8c9d/html5/thumbnails/11.jpg)
Properties
• Transmission overhead Largest possible
• User key blockSmallest possible = 1 Key
• Processing complexityLow
Alexey Urivskiy ACCT'2014
![Page 12: Broadcast Encryption Scheme Based on Binary Cubes Alexey Urivskiy JSC «InfoTeCS», Moscow, Russia alexey.urivskiy@mail.ru](https://reader035.vdocuments.us/reader035/viewer/2022062322/56649eda5503460f94be8c9d/html5/thumbnails/12.jpg)
Trivial Scheme 1 2 3 4
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
Alexey Urivskiy ACCT'2014
![Page 13: Broadcast Encryption Scheme Based on Binary Cubes Alexey Urivskiy JSC «InfoTeCS», Moscow, Russia alexey.urivskiy@mail.ru](https://reader035.vdocuments.us/reader035/viewer/2022062322/56649eda5503460f94be8c9d/html5/thumbnails/13.jpg)
Properties
• Transmission overhead Smallest possible = 1 KEK
• User key blockLargest possible
• Processing complexityLow
Alexey Urivskiy ACCT'2014
![Page 14: Broadcast Encryption Scheme Based on Binary Cubes Alexey Urivskiy JSC «InfoTeCS», Moscow, Russia alexey.urivskiy@mail.ru](https://reader035.vdocuments.us/reader035/viewer/2022062322/56649eda5503460f94be8c9d/html5/thumbnails/14.jpg)
The CuBES
Cubes Based Broadcast Encryption Scheme
Alexey Urivskiy ACCT'2014
![Page 15: Broadcast Encryption Scheme Based on Binary Cubes Alexey Urivskiy JSC «InfoTeCS», Moscow, Russia alexey.urivskiy@mail.ru](https://reader035.vdocuments.us/reader035/viewer/2022062322/56649eda5503460f94be8c9d/html5/thumbnails/15.jpg)
Why we say ‘CUBES’?x y z1 1 11 1 01 0 10 1 11 0 00 1 00 0 10 0 0
y
x
z
(1,1,1)
(0,1,1)
(0,0,1)
(1,0,1)
(0,1,0)(0,0,0)
(1,1,0)(1,0,0)
Binary cube of dimension 3Alexey Urivskiy
ACCT'2014
![Page 16: Broadcast Encryption Scheme Based on Binary Cubes Alexey Urivskiy JSC «InfoTeCS», Moscow, Russia alexey.urivskiy@mail.ru](https://reader035.vdocuments.us/reader035/viewer/2022062322/56649eda5503460f94be8c9d/html5/thumbnails/16.jpg)
1 2 3 4
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
1 1 1 11 1 11 1 11 1 1
1 1 11 11 11 1
1 11 1
1 11
11
1
00
00
0 000
0 00 000 0
0
0 0 00 0
000
000
0
000 0
Binary cube of dimension 4Alexey Urivskiy
ACCT'2014
![Page 17: Broadcast Encryption Scheme Based on Binary Cubes Alexey Urivskiy JSC «InfoTeCS», Moscow, Russia alexey.urivskiy@mail.ru](https://reader035.vdocuments.us/reader035/viewer/2022062322/56649eda5503460f94be8c9d/html5/thumbnails/17.jpg)
1 2 3 4
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
Properties for N users
• 2N -1 keys in total
• 2N-1 keys for every user
• 1 KEK to handle any configuration of revoked users
Limitation: in practice N ≤ 20Alexey Urivskiy
ACCT'2014
![Page 18: Broadcast Encryption Scheme Based on Binary Cubes Alexey Urivskiy JSC «InfoTeCS», Moscow, Russia alexey.urivskiy@mail.ru](https://reader035.vdocuments.us/reader035/viewer/2022062322/56649eda5503460f94be8c9d/html5/thumbnails/18.jpg)
Approach
• Partition users into small group.• Apply the trivial scheme
to every group.• Apply a logical hierarchy to group of
users – a tree-like construction.
Alexey Urivskiy ACCT'2014
![Page 19: Broadcast Encryption Scheme Based on Binary Cubes Alexey Urivskiy JSC «InfoTeCS», Moscow, Russia alexey.urivskiy@mail.ru](https://reader035.vdocuments.us/reader035/viewer/2022062322/56649eda5503460f94be8c9d/html5/thumbnails/19.jpg)
Hierarchy Example - 24 users
Binary cube (keys) for 2 (virtual) users
Binary cube (keys) for 3 (virtual) users
Binary cube (keys) for 4 usersUser
Alexey Urivskiy ACCT'2014
![Page 20: Broadcast Encryption Scheme Based on Binary Cubes Alexey Urivskiy JSC «InfoTeCS», Moscow, Russia alexey.urivskiy@mail.ru](https://reader035.vdocuments.us/reader035/viewer/2022062322/56649eda5503460f94be8c9d/html5/thumbnails/20.jpg)
Users Key Block Example
3
Alexey Urivskiy ACCT'2014
![Page 21: Broadcast Encryption Scheme Based on Binary Cubes Alexey Urivskiy JSC «InfoTeCS», Moscow, Russia alexey.urivskiy@mail.ru](https://reader035.vdocuments.us/reader035/viewer/2022062322/56649eda5503460f94be8c9d/html5/thumbnails/21.jpg)
1 2 3 4
12
3
4
5
6
7
8
910
11
12
13
14
15
12
3
4
5
6
7
12
3
3
Users Key Block Example
Alexey Urivskiy ACCT'2014
![Page 22: Broadcast Encryption Scheme Based on Binary Cubes Alexey Urivskiy JSC «InfoTeCS», Moscow, Russia alexey.urivskiy@mail.ru](https://reader035.vdocuments.us/reader035/viewer/2022062322/56649eda5503460f94be8c9d/html5/thumbnails/22.jpg)
3
2
14
124579
11
1246
1
Users Key Block Example
Alexey Urivskiy ACCT'2014
![Page 23: Broadcast Encryption Scheme Based on Binary Cubes Alexey Urivskiy JSC «InfoTeCS», Moscow, Russia alexey.urivskiy@mail.ru](https://reader035.vdocuments.us/reader035/viewer/2022062322/56649eda5503460f94be8c9d/html5/thumbnails/23.jpg)
Example 4x3x2
User’s storage14 KEKs
Coverage5 KEKs
Alexey Urivskiy ACCT'2014
![Page 24: Broadcast Encryption Scheme Based on Binary Cubes Alexey Urivskiy JSC «InfoTeCS», Moscow, Russia alexey.urivskiy@mail.ru](https://reader035.vdocuments.us/reader035/viewer/2022062322/56649eda5503460f94be8c9d/html5/thumbnails/24.jpg)
Example 6x4
User’s storage47 KEKs
Coverage4 KEKs
Alexey Urivskiy ACCT'2014
![Page 25: Broadcast Encryption Scheme Based on Binary Cubes Alexey Urivskiy JSC «InfoTeCS», Moscow, Russia alexey.urivskiy@mail.ru](https://reader035.vdocuments.us/reader035/viewer/2022062322/56649eda5503460f94be8c9d/html5/thumbnails/25.jpg)
Example 8x3
User’s storage131 KEKs
Coverage3 KEKs
Alexey Urivskiy ACCT'2014
![Page 26: Broadcast Encryption Scheme Based on Binary Cubes Alexey Urivskiy JSC «InfoTeCS», Moscow, Russia alexey.urivskiy@mail.ru](https://reader035.vdocuments.us/reader035/viewer/2022062322/56649eda5503460f94be8c9d/html5/thumbnails/26.jpg)
Worst case analysis
0 1 2 3 4 5 6 7 80
1
2
3
4
5
6
7
4x3x2
6x4
8x3
# Revoked users
Cove
rage
, #
KEKs
Alexey Urivskiy ACCT'2014
![Page 27: Broadcast Encryption Scheme Based on Binary Cubes Alexey Urivskiy JSC «InfoTeCS», Moscow, Russia alexey.urivskiy@mail.ru](https://reader035.vdocuments.us/reader035/viewer/2022062322/56649eda5503460f94be8c9d/html5/thumbnails/27.jpg)
SchemeTransmission
overhead, KEKs
User keyblock,KEKs
8x8x4x4x4x4x4x4x4 ~82000 3049x9x6x6x6x5x4x3 ~78500 62910x10x7x7x6x6x6 ~76000 1242
Users: N=220
Revoked users: r=216
CuBES Example
Alexey Urivskiy ACCT'2014
![Page 28: Broadcast Encryption Scheme Based on Binary Cubes Alexey Urivskiy JSC «InfoTeCS», Moscow, Russia alexey.urivskiy@mail.ru](https://reader035.vdocuments.us/reader035/viewer/2022062322/56649eda5503460f94be8c9d/html5/thumbnails/28.jpg)
0
20000
40000
60000
80000
100000
120000
140000
0 30000 60000 90000 120000Cove
rage
, #
KEKs
# Revoked users8x8x4x4x4x4x4x4x4 9x9x6x6x6x5x4x3 10x10x7x7x6x6x6
Alexey Urivskiy ACCT'2014
![Page 29: Broadcast Encryption Scheme Based on Binary Cubes Alexey Urivskiy JSC «InfoTeCS», Moscow, Russia alexey.urivskiy@mail.ru](https://reader035.vdocuments.us/reader035/viewer/2022062322/56649eda5503460f94be8c9d/html5/thumbnails/29.jpg)
Thank you!Questions?
Alexey Urivskiy ACCT'2014