Adaptively Secure Broadcast

نویسندگان

  • Martin Hirt
  • Vassilis Zikas
چکیده

A broadcast protocol allows a sender to distribute a message through a point-to-point network to a set of parties, such that (i) all parties receive the same message, even if the sender is corrupted, and (ii) this is the sender’s message, if he is honest. Broadcast protocols satisfying these properties are known to exist if and only if t < n/3, where n denotes the total number of parties, and t denotes the maximal number of corruptions. When a setup allowing signatures is available to the parties, then such protocols exist even for t < n. Since its invention in [LSP82], broadcast has been used as a primitive in numerous multi-party protocols making it one of the fundamental primitives in the distributed-protocols literature. The security of these protocols is analyzed in a model where a broadcast primitive which behaves in an ideal way is assumed. Clearly, a definition of broadcast should allow for secure composition, namely, it should be secure to replace an assumed broadcast primitive by a protocol satisfying this definition. Following recent cryptographic reasoning, to allow secure composition the ideal behavior of broadcast can be described as an ideal functionality, and a simulation-based definition can be used. In this work, we show that the property-based definition of broadcast does not imply the simulation-based definition for the natural broadcast functionality. In fact, most broadcast protocols in the literature do not securely realize this functionality, which raises a composability issue for these broadcast protocols. In particular, we do not know of any broadcast protocol which could be securely invoked in a multi-party computation protocol in the secure-channels model. The problem is that existing protocols for broadcast do not preserve the secrecy of the message while being broadcasted, and in particular allow the adversary to corrupt the sender (and change the message), depending on the message being broadcasted. For example, when every party should broadcast a random bit, the adversary could corrupt those parties who intend to broadcast 0, and make them broadcast 1. More concretely, we show that simulatable broadcast in a model with secure channels is possible if and only if t < n/3, respectively t ≤ n/2 when a signature setup is available. The positive results are proven by constructing secure broadcast protocols.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Adaptively Secure Broadcast: Threat Analytics & Security Intelligence

This work presents an Adaptively Secure Broadcast Mechanism (ASBM) based on threats analytics. It defines the security intelligence of a broadcast system comprehensively with a novel concept of collective intelligence. The algorithmic mechanism is analyzed from the perspectives of security intelligence, communication complexity and computational intelligence. The security intelligence of ASBM i...

متن کامل

Adaptively Secure Recipient Revocable Broadcast Encryption with Constant size Ciphertext

In this paper, we put forward the first adaptively secure recipient revocable broadcast encryption (RR-BE) scheme in the standard model. The scheme is adaptively secure against chosen plaintext attack (CPA) under the q-weaker Decisional Augmented Bilinear Diffie-Hellman Exponent (qwDABDHE) assumption. Our scheme compares well with the only existing RR-BE scheme of Susilo et al. which is selecti...

متن کامل

Lattice-based Identity-Based Broadcast Encryption

Motivated by the lattice basis delegation technique due to [8], we propose an adaptively secure identity-based broadcast encryption(IBBE) scheme based on the hard worst-case lattice problems. Our construction can be generalized to a hierarchical IBBE (HIBBE) easily. Using the method in [1], we also modify our basic construction to obtain an IBBE in the standard model. To the best of the authors...

متن کامل

An Adaptively Secure Identity-Based Broadcast Encryption using CAST Algorithm

An adaptively secure identity-based broadcast encryption system featuring constant sized ciphertext is introduced. The size of public key and private keys of the system are both linear in the maximum number of receivers. The system is fully collusion-resistant and has stateless receivers. Here, in the system CAST algorithm is used for encryption of the broadcast message. The scheme is well opti...

متن کامل

Adaptive Security in Broadcast Encryption Systems

We present new techniques for achieving adaptive security in broadcast encryption systems. Previous work on fully collusion resistant broadcast encryption with short ciphertexts was limited to considering only static security. First, we present a new definition of security that we call semi-static security and show a generic “two-key” transformation from semi-statically secure systems to adapti...

متن کامل

Adaptive Security in Broadcast Encryption Systems (with Short Ciphertexts)

We present new techniques for achieving adaptive security in broadcast encryption systems. Previous work on fully collusion resistant broadcast encryption systems with very short ciphertexts was limited to considering only static security. First, we present a new definition of security that we call semi-static security and show a generic “two-key” transformation from semi-statically secure syst...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2009