Provably secure group key management scheme based on proxy re-encryption with constant public bulletin size and key derivation time

Abstract

Users share a group key to decrypt encryptions for the group using a group key management scheme. In this paper, we propose a re-encryption-based group key management scheme, which uses a unidirectional proxy re-encryption scheme with special properties to enable group members share the updated group key with minimum storage and computation overhead. In particular, we propose a proxy re-encryption scheme that supports direct re-encryption key derivation using intermediate re-encryption keys. Unlike multi-hop re-encryption, the proposed proxy re-encryption scheme does not involve repeated re-encryption of the message. All the computations are done on the re-encryption key level and only one re-encryption is sufficient for making the group key available to the users. The proposed scheme is the first for group key management based on proxy re-encryption that is secure against collusion. The individual users store just one individual secret key with group key derivation requiring O\((\log N)\) computation steps for a group of N users. Size of the public bulletin maintained to facilitate access to the most recent group key for off-line members is O(N) and remains constant with respect to the number of group updates. The proposed group key management scheme confronts attacks by a non-member and even a collusion attack under standard cryptographic assumptions.