Design And Analysis Of Public Key Broadcast Encryption Schemes

Broadcast encryption allows a broadcaster to securely distribute messages to a dynamically changing set of users over an insecure channel. An unrevoked user can use his private key to decrypt the broadcast, while any revoked user should not be able to decrypt the broadcast. There are two different settings of broadcast encryption schemes in the literature: the symmetric key and public key settings. In the public setting, any user is able to play the role of a broadcaster, thus surmounting the shortcomings of the symmetric key setting.For evaluation of these public-key broadcast encryption schemes, there are important criteria: public key size, private key size, ciphertext size, encryption and decryption cost. Depending on applications, the requirements on these parameters are different. Keeping low storage of cryptographic key is particularly crucial in small devices such as smart cards. Thus, an important problem is how to shorten the length of ciphertext while maintaining low user storage cost overhead. The first work in this dissertation is that we propose a new efficient identity-based revocation scheme using bilinear pairing. In this scheme, the public key and private key size is a constant value, and the ciphertext size is very short. Moreover, the scheme is secure against adaptive-identity chosen plaintext attack in the standard model.In traditional public key broadcast encryption, the broadcaster requires an explicitly specified list of revoked users or unrevoked users. Thus, it can't satisfy all requirements in application scenarios. Attribute-based broadcast encryption is a novel broadcast encryption, in which the broadcaster just need a set of descriptive attributes and the access to the broadcast information is still securely controlled at the same time. Unfortunately, existing attttribute-based broadcast encryption scheme suffers from large ciphertext size or pairing computing numbers, which is linearly increasing based on the number of attributes in the access policy. Therefore, the second work in this dissertation is that we propose a new efficient construction of ciphertext policy attribute-based broadcast encryption to reduce the ciphertext size and pairing computing numbers to constant. The scheme is secure against selective access-structure chosen plaintext attack in the standard model. Besides, we apply one-time signature technology to obtain a selective access-structure chosen-ciphertext secure extention in the standard model.