In recent years, due to the widespread use and development of not only personal computers (PCs) but also portable telephones, digital home electric appliances, and the like, content delivery businesses for music, images, and the like have been becoming increasingly important. As a content delivery business, for example, paid broadcasting using cable television, satellite broadcasting, or the Internet, selling of content using physical media such as CDs or DVDs, and the like exist. In any of these cases, it is necessary to configure a mechanism in which only a customer can acquire content.
Normally, in such a content delivery system, an administrator (hereinafter, referred to as a center) of the system supplies a key only to a customer in advance, and at the time of delivery of content, delivers ciphertext C, which has been generated by encrypting content M by using a session key s, and a header h for allowing only the customer to acquire the session key s. Accordingly, only the customer can acquire the content M.
As a content delivery method for realizing the above-described situation, for example, a method using a public key is available (see, for example, non-patent document 1).
Non-Patent Document 1: D. Boneh, C. Gentry, B. Waters, “Collusion Resistant Broadcast Encryption With Short Ciphertexts and Private Keys”, CRYPTO'05, Proceedings of 25th Annual International Cryptology Conference on Advances in Cryptology, London, UK, Springer Verlag, 2005, pp. 58-75.