Broadcast encryption with short keys and transmissions

Abstract

Broadcast Encryption allows a broadcaster to broadcast an encrypted message so that only a dynamically changing designated group of users can decrypt it. The stateless setting considers the case where the private key at each user is never updated. A central open problem in this area is to design a stateless scheme where both the size of transmission header which encapsulates the session key and the size of private key at each user are small and independent of the number of users (all/privileged/revoked users). We propose schemes that meet this requirement by providing a tradeoff between security against collusion and non-secret storage size. The proposed schemes are based upon new notions of one-way accumulators which are of independent interest.