Method and system for performing broadcast encryption with revocation capability

Abstract

A broadcast encryption method that allows a broadcaster to send encrypted content to a set of users such that only a subset of authorized users can decrypt the content, and to perform both temporary and permanent revocation of users. Accordingly, during a Setup stage, a Key Service generates a public key and a Master Secret Key (MSK) and sends the Public Parameters PP used to generate the public key to a broadcaster and to all users. The broadcaster uses the Public Parameters PP to create a message M, with which the broadcaster encrypts the content, and further creates a Cipher Text (CT), which is sent to all users. During a Key Gen stage, whenever a user wishes to decrypt the message M for decrypting the content, the user sends a request with his ID1 to the Key Service. The Key Service generates a corresponding secret key SKand the secret key SKis sent to the user ID1 via a secure data channel. During a Decrypt stage, the user uses the secret key SK, to decrypt the Cipher Text (CT) and obtain the message M. During a Revoke stage of k users (k=1, 2, 3, . . . ) a State Update Message (SUM) which is sent to all users, is provided and each user updates his state with the SUM he received, such that the k users having identities ID, ID, . . . IDwill not be able to update their state and will be permanently revoked, while all the remaining users being admitted users will be able to update their state and will not be revoked. Temporary revocation is done by inserting a list of IDs (ID, ID, . . . ID) to be revoked into the CT.