International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Nam-Su Jho

Affiliation: ETRI

Publications

Year
Venue
Title
2007
EPRINT
Multiparty Key Agreement Using Bilinear Map
A key agreement protocol is a cryptographical primitive which allows participants to share a common secret key via insecure channel. In particular, a multiparty key agreement protocol is a key agreement protocol that can manage arbitrary number of participants at once. In the security point of view, authentication and forward secrecy are the most important requirements in such protocols. One interesting problem in key agreement protocols is to construct a multiparty key agreement protocol satisfying the above security requirements with minimal number of communication rounds (i.e. one-round). In literature, there has been no one-round multiparty key agreement protocol that satisfies both of authentication and forward secrecy. In this paper, we present a new multiparty key agreement protocol using bilinear map and adopting the key generation center. The protocol demands only one round for arbitrary number of participants to share a group key and satisfies both authentication and (partial) forward secrecy.
2005
EUROCRYPT
2005
EPRINT
BROADCAST ENCRYPTION $\pi$
We propose a new broadcast encryption scheme $\pi$ based on the idea of `one key per each punctured interval'. Let $N$ and $r$ be the numbers of total users and revoked users, respectively. In our scheme with $p$-punctured $c$-intervals, the transmission overhead is asymptotically {\normalsize$\frac r{p+1}$} as $r$ grows. We also introduce two variants of our scheme to improve the efficiency for small $r$. Our scheme is very flexible with two parameters $p$ and $c$. We may take $p$ as large as possible if a user device allows a large key storage, and set $c$ as small as possible if the storage size and the computing power is limited. Our scheme also possesses another remarkable feature that any number of new users can join at any time without key refreshment, which is not possible in other known practical schemes.
2005
EPRINT
Skipping, Cascade, and Combined Chain Schemes for Broadcast Encryption
We develop a couple of new methods to reduce transmission overheads in broadcast encryption. The methods are based on the idea of assigning {\it one key per each partition using one-way key chains} after partitioning the users. One method adopts {\it skipping chains} on partitions containing up to $p$ revoked users and the other adopts {\it cascade chains} on partitions with layer structure. The scheme using the former reduces the transmission overhead down to $\frac r{p+1}$ asymptotically as $r$ grows, and the scheme using the latter keeps the transmission overhead very small when $r$ approaches 0, where $r$ is the number of revoked users. Combining the two schemes, we propose a new broadcast encryption scheme with least transmission overhead. Our schemes also possess a remarkable feature that any number of new users can join at any time without key update, which is not available for most of known practical schemes.