September 26, 2021

Dedicated Forum to help removing adware, malware, spyware, ransomware, trojans, viruses and more!

Reinventing BEDs: Formal Treatment of Broadcast Encryption with Dealership and Practical Constructions, by Sayantan Mukherjee and Avishek Majumder

Broadcast Encryption allows a sender to send a message to more than one receiver. In a typical broadcast encryption, the broadcaster decides the privileged set as in who all can decrypt a particular ciphertext. Gritti et al. (IJIS’16) introduced a new primitive called Broadcast Encryption with Dealership (BED), where the dealer/wholesaler decides the privileged set. This rather recently introduced primitive allows a wholesaler to buy content from the broadcaster and sell it to users. Following their construction, to date, three more constructions of broadcast encryption with dealership have been proposed. Among them, the first showed the BED construction of Gritti et al. (IJIS’16) to be insecure.

All the state-of-the-arts works were unable to fully identify the requirements of a BED scheme. We first identify and propose a new security requirement that has not been considered before. After formally defining a BED scheme, we show simple pairing-based attacks on all previous constructions rendering all of them useless. We then give the first secure BED construction in the composite-order pairing groups. This construction achieves constant-size ciphertext and secret keys but achieves selectively secure message hiding only. We then give our second construction from Li and Gong’s (PKC’18) anonymous broadcast encryption. This construction achieves adaptively secure message hiding but has ciphertext size dependent on the size of the privileged set. Following that, we propose our third and final construction that achieves constant size ciphertext in the standard model and achieves adaptive message hiding security.