Sequential Key Derivation Patterns for Broadcast Encryption and Key Predistribution Schemes

We study two closely related primitives: Broadcast Encryption and Key Predistribution Schemes (KPS). Broadcast Encryption allows a broadcaster to broadcast an encrypted message so that only a designated group of users can decrypt it. KPS allows a designated group of users to establish a common key non-interactively. We discover a generic method to construct efficient broadcast encryption schemes and KPSs naturally from Pseudo-Random Sequence Generators (PRSG) by observing that there are general “patterns” to do so. The two currently best PRSG-based broadcast encryption schemes such as the “Subset Difference” (SD) scheme by Naor Naor and Lotspiech and its refinement, the “Layered SD” (LSD) scheme by Halevy and Shamir, are indeed two special cases of our method. We demonstrate the power of this generic method by giving: (1) A solution to the most challenging variant of KPS: the one which supports arbitrary number of users to form a group yet secure against any collusion. We obtain a lower bound of the private key size at each user for any PRSG-based KPSs in this setting and construct a KPS that meets this bound. (2) An evidence that previous PRSG-based BE schemes, such as SD and LSD, can be further improved without any further assumption using this general method. We construct “Flexible SD” and “Flexible LSD” broadcast encryption schemes, which require less private key size while still maintain exactly the same broadcast size compared to their original SD/LSD schemes.