This paper clarifies the relationships between security notions for broadcast encryption. In the past, each new scheme came with its own definition of security, which makes them hard to compare. We thus define a set of notions, as done for signature and encryption, for which we prove implications and separations, and relate the existing notions to the ones in our framework. We find some interes...

In this paper, we describe yet another broadcast encryption scheme for stateless receivers. The main difference between our scheme and the classical schemes derived from the complete subtree and its subsequent improvements is that in our scheme the group management is based upon a more adaptable data structure. In these classical schemes, users must be spread on a tree structure where each leve...

In a threshold broadcast encryption scheme, a sender chooses (ad-hoc) a set of n receivers and a threshold t, and then encrypts a message by using the public keys of all the receivers, in such a way that the original plaintext can be recovered only if at least t receivers cooperate. This kind of scheme has many applications in mobile ad-hoc networks, characterized by their lack of infrastructur...

We propose two schemes for efficient broadcast key establishment that enables a sender to communicate to any subset of the user-base by allowing a small ratio of free-riders. The schemes do not require stateful receivers and one scheme is unconditionally secure. The free-riders are unable to learn from the past whether they might become free-riders for a certain transmission again. We present a...

In a world that is increasingly relying on digital technologies, the ability to securely communicate and distribute information is of crucial importance. Cryptography plays a key role in this context and the research presented in this thesis focuses on developing cryptographic primitives whose properties address more closely the needs of users. We start by considering the notion of robustness i...

To allow a delegator not only to delegate the keyword-controlled decryption rights of a broadcast encryption to a set of specified recipients, but also to control when the decryption rights will be delegated, in this paper, for the first time, we introduce a new notion called TimedRelease Conditional Proxy Broadcast Re-Encryption (TR-CPBRE). We also propose a concrete construction for TR-CPBRE ...

This chapter yields a review of certain mathematical approaches for analysis and design of the basic cryptographic elements for establishing information security in information-communication systems. The following two topics are addressed: selected issues on stream ciphers for encryption and key management based on broadcast encryption. Certain coding related issues for security evaluation and ...

We initiate the study of broadcast steganography (BS), an extension of steganography tothe multi-recipient setting. BS enables a sender to communicate covertly with a dynamicallydesignated set of receivers, so that the recipients recover the original content, while unauthorizedusers and outsiders remain unaware of the covert communication. One of our main technicalcontributions ...

The Stinson-Wei traceability scheme (known as traceability scheme) was proposed for broadcast encryption as a generalization of the Chor-Fiat-Naor traceability scheme (known as traceability code). Cover-free family was introduced by Kautz and Singleton in the context of binary superimposed code. In this paper, we find a new relationship between a traceability scheme and a cover-free family, whi...

In a broadcast encryption (BE) scheme, a broadcaster can encrypt a message for a set S of users who are listening to a broadcast channel. Most identity-based broadcast encryption (IBBE) schemes are not anonymous, which means the attacker can obtain the identities of all receivers from the ciphertext. Currently, anonymous IBBE schemes are only provably secure in the random oracle model. In this ...