Unconditionally Secure Broadcast Encryption Schemes with Tradeoffs between Communication and Storage
- Y. Watanabe and J. Shikata
- IEICE Transactions on Fundamentals
An (≤n,≤ω)-one-time secure broadcast encryption scheme (BES) allows a sender to choose any subset of receivers so that only the designated users can decrypt a ciphertext. In this paper, we first show an efficient construction of an (≤n,≤ω)-one-time secure BES with general ciphertext sizes. Specifically, we propose a generic construction of an (≤n,≤ω)-one-time secure BES from key predistribution systems (KPSs) when its ciphertext size is equal to integer multiple of the plaintext size, and our construction includes all known constructions. However, there are many possible combinations of the KPSs to realize the BES in our construction methodology, and therefore, we show that which combination is the best one in the sense that secret-key size can be minimized. Our (optimized) construction provides a flexible parameter setup (i.e. we can adjust the secret-key sizes) by setting arbitrary ciphertext sizes based on restrictions on channels such as channel capacity and channel bandwidth.