Efficient broadcast key distribution with dynamic revocation

Many commercial applications of broadcast require that only those users who have paid for the service can retrieve broadcast information. This is usually implemented by distributing a broadcast key to the set of privileged users and then encrypting broadcast information with the key. The set of privileged users is dynamic because users may join or quit the service at various times. Current solutions for efficient broadcast key distribution are usually built on the Shamir secret sharing scheme and implemented with smart cards. All such solutions revoke a pre-specified number of users only. In this paper, we propose for the first time a broadcast key distribution scheme with the capability of revoking any number of users. The scheme is efficient and can be implemented on Smart Cards with low power setting. Furthermore, it provides authentication of the broadcaster to the receiver, authentication of the receiver to the broadcaster, and authentication of the information sent, and allows traitor tracing. Security analysis shows that our scheme is secure against both passive and active attacks. Performance analysis demonstrates that it is more efficient than other schemes designed for similar purposes.