New generalized group-oriented cryptosystem based on Diffie–Hellman scheme

doi:10.1016/S0140-3664(99)00039-0

Computer Communications

Volume 22, Issue 8, 25 May 1999, Pages 727-729

https://doi.org/10.1016/S0140-3664(99)00039-0 Get rights and content

Abstract

An efficient solution for solving the problem in generalized group-oriented cryptography is proposed. The sender can send a secret information to a group of users such that only the specified sets of members in this group can cooperate to decipher this information. The access structure of the receiving group can be dynamically determined by the sender knowing only the public keys of the receivers. The new scheme is demonstrated to be more efficient than a recently proposed generalized group-oriented cryptosystem.

Introduction

The problems of group-oriented cryptography were first introduced by Desmedt [1] in 1987. One of the most important problems in the group-oriented cryptography is for a sender to send an encrypted message to a group such that the received message can only be deciphered by the authorized subsets of the members in the receiving group. Both the threshold cryptosystems and the generalized group-oriented cryptosystems (GGOC) are widely discussed to solve this problem. In a threshold cryptosystem [2], [3], [4], the authorized subsets are all subsets of t or more members of this group. However, in the GGOC [5], [6], [7], [8], the authorized subsets are arbitrarily specified. This article will focus on devising a scheme for GGOC.

An authorized subset in the receiving group is usually called an access instance denoted by f_i. The collection of the access instances for a particular type of messages is called the access structure denoted by F. An access structure can be denoted in disjunctive normal form (DNF), i.e. F=f₁+f₂+⋯+f_k. Let U₁,U₂,…,U_n be all of the users in the group. Taking the urgent messages, which can be deciphered by any user in the group, as an example, the access structure of the urgent messages can be represented as F=U₁+U₂+⋯+U_n. Similarly, the access structure for threshold cryptosystems with the threshold value t can be represented as F=U₁U₂…U_t+U₁U₂…U_t−1U_t+1+⋯+U_n−t+1U_n−t+2…U_n. F=U₁U₃U₅+U₄U₆+U₁₀, an access structure in a GGOC, denotes that the message can only be deciphered by the cooperation of either U₁, U₃ and U₅; or U₄ and U₆; or U₁₀ alone.

In [8], Lin and Chang proposed a GGOC (the Lin–Chang scheme) based on the Diffie–Hellman key distribution scheme. In this article, a new GGOC, which is also based on the Diffie–Hellman key exchange scheme, will be proposed. The new scheme will be shown to be more efficient than the Lin–Chang scheme.

The rest of this article is organized as follows. We will briefly review the Diffie–Hellman scheme and Lin–Chang scheme in Section 2. In Section 3, a new scheme for the GGOC will be proposed and the security of this scheme will be discussed. The performance of the new scheme will be demonstrated to be more efficient than the Lin–Chang scheme in Section 4. Finally, concluding remarks will be made in Section 5.

Section snippets

Diffie–Hellman key distribution scheme

The Diffie–Hellman key distribution scheme [9] is reviewed briefly here. Let p be a large prime and g be a primitive element of the Galois field GF(p). Both g and p are public. Each user U_k in the system selects his own secret key x_k in GF(p), and calculates the public key $Y_{k} ≡g^{x_{k}} mod p.$ Two users, U_i and U_j in the system can compute their common secret key K_ij by $K_{ij} ≡(Y_{i})^{x_{j}} mod p≡g^{x_{i}x_{j}} mod p≡(Y_{j})^{x_{i}} mod p.$

The difficulty of breaking the Diffie–Hellman scheme has not yet been proved to be equivalent to

The new generalized group-oriented cryptosystem

As in the Diffie–Hellman scheme, each user U_i in the group randomly selects a secret key x_i from GF(p) and publishes the corresponding public key $Y_{i} ≡g^{x_{i}} mod p.$ To send the message M to the group A, the sender U₀ firstly determines the access structure, e.g. F=f₁+f₂+⋯+f_k for M. Assume here that U₁,U₂,…,U_n are all users in the access structure. Then U₀ executes the following steps:

1.
Randomly chooses a r in GF(p) and computes $Y≡g^{r} mod p.$
2.
Computes $t_{i} ≡(Y_{i})^{r} mod p$ , for i=1,2,…,n.
3.
Chooses a random encryption

Security analysis

[The outsider]

To compute K from r_j by $K≡r_{j} ⊕(∏_{U_{i}∈f_{j}} t_{i}) mod p,$ one has to break the Diffie–Hellman scheme and find all the terms t_i, i∈f_j.

[The illegal subsets]

As the encryption key K can be computed from the following congruence $K≡r_{j} ⊕ ∏ U_{i} ∈f_{j} t_{i} mod p,$ it is obvious that K can be derived only when all users in the access instance f_j are present.

Performance analysis

The new scheme is compared to the Lin–Chang scheme in terms of both the encryption/decryption overheads and communication cost as follows.

Assuming that m=∑_i=1ⁿ(#(U_i

Conclusions

Several GGOCs have been proposed previously [5], [6], [8]. Among these schemes, the Lin–Chang scheme [8] reviewed in this article and the Chang–Lee scheme proposed in 1993 [6] are the most efficient ones. This article presents a new GGOC, which has been shown to be more efficient than the Lin–Chang scheme. The computation overhead of our scheme is less than the Chang–Lee scheme and the communication costs of our scheme is less than the Chang–Lee scheme if the number of access instances in the

References (9)

C.H Lin et al.
Method for constructing a group-oriented cipher system
Computer Communications
(1994)
Y. Desmedt, Society and group oriented cryptography: a new concept, in: Advances in Cryptography: Proceedings of Crypto...
Y. Desmedt, Y. Frankel, Threshold cryptosystem, in: Advances in Cryptography: Proceedings of Crypto ’89, 1989, pp....
Y. Frankel, A practical protocol for large group oriented networks, in: Advances in Cryptography: Proceedings of Crypto...

There are more references available in the full text version of this article.

Cited by (9)

An ID-based group-oriented decryption scheme secure against adaptive chosen-ciphertext attacks
2009, Computer Communications
ID-based decryption allows a sender to encrypt a message to an identity without access to a public key certificate. This paper proposes an ID-based group-oriented decryption scheme, secure against adaptive chosen-ciphertext attacks, which allows the sender to determine an access structure and generate a valid ciphertext on the chosen message. The correctness of decryption shares can be checked to detect when dishonest users in the access structure provide fake decryption shares. As a result, the message can be cooperatively recovered by users in the determined access structure. The formal proof of security of our scheme is based on the bilinear Diffie–Hellman problem in the random oracle model. Our proposed scheme is more efficient and provides higher security confidence than those in Li et al.’s certificate-based group-oriented decryption scheme.
Dynamic and efficient joint encryption scheme in the plain public key model
2009, Computers and Electrical Engineering
In this paper, we propose a joint encryption scheme (JES) based on discrete logarithms in the plain public key model, in which a sender can easily encrypt messages under the public keys of a group of recipients, so that only by collaborating together can all the recipients recover messages. Neither the size of the ciphertext nor the encryption computation depends on the number of the recipients. We show that the JES scheme is semantically secure against adaptive chosen ciphertext attacks in the random oracle model under the assumption of Computational Diffie–Hellman problems.
All-in-one group-oriented cryptosystem based on bilinear pairing
2007, Information Sciences
This paper presents a novel all-in-one group-oriented cryptosystem (AGOC) in which the ciphertext can have one of four levels of confidentiality. These levels depend on whether decryption is allowed by (1) only one specified recipient, (2) every member of the group, (3) members of a specified subset acting cooperatively, and (4) members of any predetermined authorized subset, or any t out of n members, acting cooperatively. The newly proposed AGOC has the following merits: (1) every member of the receiving group needs to keep only one private key, (2) both ciphertexts and system parameters are of constant size, and (3) the scheme is secure against a chosen ciphertext attack in the random oracle model.
Group-oriented encryption for dynamic groups with constant rekeying cost
2016, Security and Communication Networks
An computation-efficient generalized group-oriented cryptosystem
2010, Informatica
Security flaw in simple generalized group-oriented cryptosystem using ElGamal cryptosystem
2007, Informatica

View all citing articles on Scopus

View full text

Research noteNew generalized group-oriented cryptosystem based on Diffie–Hellman scheme