Publication Type
Journal Article
Version
publishedVersion
Publication Date
10-2015
Abstract
A public key trace and revoke scheme combines the functionality of broadcast encryption with the capability of traitor tracing. In Asiacrypt 2003, Kim, Hwang and Lee proposed a public key trace and revoke scheme (referred to as KHL scheme), and gave the security proof to support that their scheme is z-resilient against adaptive chosen-ciphertext attacks, in which the adversary is allowed to adaptively issue decryption queries as well as adaptively corrupt up to z users. In the passed ten years, KHL scheme has been believed as one of the most efficient public key trace and revoke schemes with z-resilience against adaptive chosen-ciphertext attacks under the well-studied DDH assumption. However, in this paper, by giving a concrete attack, we indicate that KHL scheme is actually not secure against adaptive chosen-ciphertexts, even without corruption of any user. We then identify the flaws in the security proof for KHL-scheme, and discuss the consequences of the attack. (C) 2015 Elsevier B.V. All rights reserved.
Keywords
Cryptography, Traitor-tracing, Broadcast encryption, Chosen-ciphertext attacks
Discipline
Computer Sciences | Information Security
Research Areas
Cybersecurity
Publication
Theoretical Computer Science
Volume
602
First Page
1
Last Page
6
ISSN
0304-3975
Identifier
10.1016/j.tcs.2015.07.051
Publisher
Elsevier
Citation
WENG, Jian; ZHAO, Yunlei; DENG, Robert H.; LIU, Shengli; YANG, Yanjiang; and SAKURAI, Kouichi.
A note on the security of KHL scheme. (2015). Theoretical Computer Science. 602, 1-6.
Available at: https://ink.library.smu.edu.sg/sis_research/2820
Copyright Owner and License
Publisher
Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.
Additional URL
https://doi.org/10.1016/j.tcs.2015.07.051