ABSTRACT
Broadcast encryption considers a scenario where a center must securely transmit a message to a large population of receivers. The center must encrypt the message to prevent its reception by an eavesdropper, as it is the case that the message is conveyed on an insecure broadcast channel. We assume that the receivers possess some kind of decoder that stores the decryption keys and deciphers the transmission. This decoder is not necessarily a hardware device. It can be software based and employ the PC or PDA of the content consumer. What makes the broadcast encryption different from other encryption protocols is the opportunity of selectively disabling a subset of the receiver population, preventing them from deciphering the transmission. For example, the receivers may be pay-TV users who have installed the necessary equipment and update their subscriptions regularly. Those users who neglect to pay their membership fees can have their receivers disabled, and they will not be able to decrypt further transmissions. In such application the number of receivers who are disabled from receiving the transmission is typically small in comparision to the entire population of receivers. We can also consider a different scenario where the number of enabled receivers is less than disabled receivers, in contrast to the previous setting. Such is the case when the transmission center is a pay-per-view provider — typically a large number of receivers will not request to view a particular pay-per-view film, which essentially means that the transmission is intended to be decrypted by a relatively small portion of the whole receiver population. In general, we use the term revocation for the notion of disabling a receiver from receiving transmissions. While the size of the revocation list is small in the former application, a large number of revocations are required in the later case to leave enabled only the few receivers that requested to view the film.
