Fast Algorithms for the Free Riders Problem in Broadcast Encryption

We provide algorithms to solve the free riders problem in broadcast encryption. In this problem, the broadcast server is allowed to choose some small subset F of the revoked set R of users to allow to decrypt the broadcast, despite having been revoked. This may allow the server to significantly reduce network traffic while only allowing a small set of non-privileged users to decrypt the broadcast. Although there are worst-case instances of broadcast encryption schemes where the free riders problem is difficult to solve (or even approximate), we show that for many specific broadcast encryption schemes, there are efficient algorithms. In particular, for the complete subtree method [25] and some other schemes in the subset-cover framework, we show how to find the optimal assignment of free riders in O(|R||F |) time, which is independent of the total number of users. We also define an approximate version of this problem, and study specific distributions of R for which this relaxation yields even faster algorithms. Along the way we develop the first approximation algorithms for the following problem: given two integer sequences a1 ≥ a2 ≥ · · · ≥ an and b1 ≥ b2 ≥ · · · ≥ bn, output for all i, an integer j′ for which aj′ + bi−j′ ≤ (1 + ǫ)minj(aj + bi−j). We show that if the differences ai − ai+1, bi − bi+1 are bounded, then there is an O(n /ǫ)-time algorithm for this problem, improving upon the O(n) time of the naive algorithm.