Cryptography Reference
In-Depth Information
is solved in our exposition through hybrid encryption and recall that this
approach requires the broadcast encryption scheme to implement a “Key En-
capsulation Mechanism” (KEM). KEM is introduced by Shoup [
108
] in the
context of public key encryption. We further require the underlying crypto-
graphic primitive to support the CCA1 type of encryption security, or what
is known as a security against lunch-time attacks [
91
].
Regarding combinatorial constructions the underlying key-space can be
structured as an exclusive set system. Some constructions of exclusive set sys-
tems for different parameters are known [
4
,
117
,
83
] along with some existence
results (see [
77
]) using the probabilistic method. Various tools have been used
for explicit constructions including polynomials over finite fields, [
49
], and
algebraic-geometric codes [
76
].
The subset cover framework introduced by Naor, Naor and Lotspiech in
[
87
] as a wide class of exclusive set systems with some specific properties.
[
87
] also proposed the two schemes of Complete Subtree (CS) and Subset
Difference (SD). The idea in both of these schemes was to locate the receivers
on the leaves of a binary tree. The CS is related to the logical key hierarchy
(LKH) that was proposed independently by Wallner et al. [
121
] and Wong et
al. [
125
], for the purpose of designing a key distribution algorithm for Internet
multicasting.
The applicability of this framework is also evidenced by the fact that a
subset cover scheme (a simple variant of the subset-difference method) is at
the heart of the AACS standard [
1
] that is employed by high definition DVDs
(Blu-Ray and HD-DVD). The Advanced Access Content System (AACS) is
a standard for content distribution and digital rights management, intended
to restrict access to and copying of the next generation of optical discs and
DVDs. The specification was publicly released in April 2005 and the standard
has been adopted as the access restriction scheme for Blu-ray (BD) discs. It is
developed by AACS Licensing Administrator, LLC (AACS LA), a consortium
that includes Disney, Intel, Microsoft, Matsushita (Panasonic), Warner Bros.,
IBM, Toshiba and Sony. In this particular application, the distribution channel
is an optical disc or DVD. The decoders required to playback the content are
either hardware DVD-players or software video-players. The decoders have
embedded the necessary secret-key information at the manufacturing stage.
In a broadcast encryption scheme, all unlicensed receivers must be ex-
cluded in the broadcast pattern. The transmission overhead of a broadcast
encryption can be further reduced in some settings when some of the unli-
censed receivers are allowed to continue receiving the transmission. Abdalla
et al. in [
3
] introduced the concept of free riders to capture this observation
and investigate the performance gains. Ramzan and Woodruff [
97
] proposed
an algorithm to optimally choose the set of free riders in the CS system,
and Ak, Kaya and Selcuk in [
5
] presented a polynomial time algorithm which
computes the optimal placement for a given number of free riders in an SD
scheme.
