Broadcast encryption technology enables a sender to send information securely to a group of receivers excluding specified receivers over a broadcast channel. In this paper, we propose a new key-tree structure based on Rabin cryptosystem, and an access control scheme using the structure. We show the security of the access control scheme and construct a new broadcast encryption scheme based on it. The proposed broadcast encryption scheme is a modification of the complete subtree method and it reduces the number of keys a receiver stores to one. There have been proposed some modifications of the complete subtree method which minimize the number of keys for a receiver to one, and the most efficient one among them with respect to the computational overhead at receivers is based on RSA cryptosystem. The computational overhead at receivers in our scheme is around log2e times smaller than the most efficient previously proposed one, where e is a public exponent of RSA, and the proposed scheme is the most efficient among tree based one-key schemes. This property is examined by experimental results. Our scheme achieves this reduction in the computational overhead in exchange for an increase in the size of nonsecret memory by [log n * few (e.g. eight)] bits, where n is the total number of receivers.

The complete subtree (CS) method is widely accepted for the broadcast encryption. A new method for assigning keys in the CS method is proposed in this paper. The essential idea behind the proposed method is to use two trapdoor permutations. Using the trapdoor information, the key management center computes and assigns a key to each terminal so that the terminal can derive all information necessary in the CS method. A terminal has to keep just one key, while log2 N + 1 keys were needed in the original CS method where N is the number of all terminals. The permutations to be used need to satisfy a certain property which is similar to but slightly different from the claw-free property. The needed property, named strongly semi-claw-free property, is formalized in terms of probabilistic polynomial time algorithm, and its relation to the claw-free property is discussed. It is also shown that if the used permutations fulfill the strongly semi-claw-free property, then the proposed method is secure against attacks of malicious users.

This paper deals with broadcast encryption schemes, in which a sender can send information securely to a group of receivers excluding some receivers over a broadcast channel. In this paper we propose modifications of the Complete Subtree (CS), the Subset Difference (SD) and the Layered Subset Difference (LSD) methods based on the Master Key Tree (MKT). Our modifications eliminate log N keys or labels from receivers' storage, in exchange for an increase in the computational overhead, where N is the total number of receivers. We also propose modifications of the SD and LSD methods by applying the Trapdoor One-way Permutation Tree (TOPT) which is originally proposed in order to modify the CS method. Our modifications based on TOPT also eliminate log N labels, and the computational cost is much smaller than MKT based methods.

The complete subtree (CS) method is one of the most well-known broadcast encryptions which do not enforce the receivers to keep "online." This paper is to reduce the size of secret information which must be stored in a terminal of the method. In the original CS method, the size of the secret information increases as the number of terminals increases. It is shown in this paper that, by making use of a one-way trapdoor permutation, we can make the size constant regardless of the number of terminals. The security of the proposed scheme is investigated, and detailed comparison with other similar schemes is presented. The proposed scheme is suitable for practical implementations of the CS method.