A signature-like primitive for broadcast-eneryption-based systems

Abstract

The area of cryptography called broadcast encryption has been used very successfully in content protection systems, especially protecting physical media. Today, however, a basic symmetrickey broadcast encryption system would depend on message authentication codes, not digital signatures, to "sign" data items. Message authentication codes are very efficient, but have other significant limitations. As commercial content protection systems based on broadcast encryption have continued to be introduced, each with more complexity than the previous one, the limitations have become apparent. The systems' designers have had to consider adding a public-key infrastructure on top of their broadcast encryption mechanism, with redundent credentials and revocation, just to add a digital signature feature. This paper presents a new broadcast-encryptionbased attestation scheme that mimicks a digital signature scheme, without the computational overhead inherent in public-key calculations. Although the scheme has limitations compared to public-key signatures, they do not reduce its effectiveness, because they are the same limitations that are present in any broadcast encryption system. © 2007 IEEE.