Golden Sequence for the PPSS Broadcast Encryption Scheme with an Asymmetric Pairing

Broadcast encryption is conventionally formalized as broadcast encapsulation in which, instead of a ciphertext, a session key is produced, which is required to be indistinguishable from random. Such a scheme can provide public encryption functionality in combination with a symmetric encryption through the hybrid encryption paradigm. The Boneh-Gentry-Waters scheme of 2005 proposed a broadcast scheme with constant-size ciphertext. It is one of the most efficient broadcast encryption schemes regarding overhead size. In this work we consider the improved scheme of Phan-Pointcheval-Shahandashi-Stefler [PPSS12] which provides an adaptive CCA broadcast encryption scheme. These two schemes may be tweaked to use bilinear pairings[DGS12].This document details our choices for the implementation of the PPSS scheme. We provide a complete golden sequence of the protocol with efficient pairings (Tate, Ate and Optimal Ate). We target a 128-bit security level, hence we use a BN-curve [BN06]. The aim of this work is to contribute to the use and the standardization of PPSS scheme and pairings in concrete systems.