Broadcast encryption schemes based on RSA  被引量：2

作　　者：MU Ning-bo HU Yu-pu OU Hai-wen 

机构地区：[1]The Ministry of Education Key Laboratory of Computer Networks and Information Security, Xidian University, Xi'an 710071, China [2]Key Laboratory of Information Security and Secrecy, Beijing Institute of Electronic Science and Technology, Beijing 100070, China

出　　处：《The Journal of China Universities of Posts and Telecommunications》2009年第1期69-75,共7页中国邮电高校学报（英文版）

基　　金：supported by the National Natural Science Foundation of China (60473029);the National Basic Research Program of China (2007CB311201);the Open Foundation of Beijing Institute of Electronic Science and Technology.

摘　　要：Three broadcast schemes for small receiver set using the property of RSA modulus are presented. They can solve the problem of data redundancy when the size of receiver set is small. In the proposed schemes, the center uses one key to encrypt the message and can revoke authorization conveniently. Every authorized user only needs to store one decryption key of a constant size. Among these three schemes, the first one has indistinguishability against adaptive chosen ciphertext attack （IND-CCA2） secure, and any collusion of authorized users cannot produce a new decryption key but the sizes of encryption modulus and ciphertext are linear in the number of receivers. In the second scheme, the size of ciphertext is half of the first one and any two authorized users can produce a new decryption key, but the center can identify them using the traitor tracing algorithm. The third one is the most efficient but the center cannot identify the traitors exactly.Three broadcast schemes for small receiver set using the property of RSA modulus are presented. They can solve the problem of data redundancy when the size of receiver set is small. In the proposed schemes, the center uses one key to encrypt the message and can revoke authorization conveniently. Every authorized user only needs to store one decryption key of a constant size. Among these three schemes, the first one has indistinguishability against adaptive chosen ciphertext attack （IND-CCA2） secure, and any collusion of authorized users cannot produce a new decryption key but the sizes of encryption modulus and ciphertext are linear in the number of receivers. In the second scheme, the size of ciphertext is half of the first one and any two authorized users can produce a new decryption key, but the center can identify them using the traitor tracing algorithm. The third one is the most efficient but the center cannot identify the traitors exactly.

关 键 词：broadcast encryption traitor tracing authorization revocation RSA 

分 类 号：TP311.52[自动化与计算机技术—计算机软件与理论] TP309[自动化与计算机技术—计算机科学与技术]