3

Let's assume I want to send a secret message to $N$ recipients in an asymmetric way.

My message could be encrypted with $N$ different public keys $p_i$ one after another and send to each user individually. In practice only a symmetric key $k$ is sent in an asymmetric way I guess, but that's not the point.

Even direct symmetric encryption comes into mind where the key $k$ is encrypted with each $p_i$ once and attached to message body afterwards. Of course the message length grows with rising $N$.

So I wonder if there is an encryption function having $N$ public keys as input. This fixed length encrypted message should be decrypted by corresponding private keys only. Is this possible?

By the way: Is this concept similar to TV channel encryption?

Gilles 'SO- stop being evil'
  • 20,442
  • 4
  • 54
  • 97
RomeoAndJuliet
  • 175
  • 1
  • 6

1 Answers1

3

The problem you described is addressed and solved in different way by the Broadcast Encryption: roughly the problem is how to encrypt a message intended to more than one recipient. You described a naive approach to the problem, your solution is, indeed, probably the simplest one.

The Broadcast Encryption concept was formalized and defined by Fiat and Naor in their seminal paper Broadcast Encryption. Their solution is based on a binary tree where recipient are leafs of this tree and owns a key for every node from them to the root ($2^n$ leafs, $n-1$ keys per user): a ciphertext is encrypted using the minimal set of nodes covering the set of intended recipient.

Other solutions have been published, using both public and symmetric key cryptography. These attack different deficiencies of solutions to the problem: size of the ciphertext, size of the user keyring, revocation without re-keying, privacy preserving schemes, ...

Two kinds of broadcast encryption exist: one where you name the intended recipients and the other one where you ban a subset of all potential recipients. This first is similar to pay TV (you pay so you can decrypt the broadcast), the second to DVD encryption (all players can play a DVD unless they are banned). The Fiat and Naor solution is of the first kind.

Note that usually public-key encryption is used with the KEM/DEM paradigm, so the plaintext to be encrypted to multiple recipients is a random key for a symmetric algorithm.

Herb Caudill
  • 135
  • 6
ddddavidee
  • 3,364
  • 2
  • 24
  • 34