In a broadcast encryption scheme, a content distributor encrypts its privileged content for users or clients who are listening on a broadcast channel or a distribution network. Any user or client can use his private key to decrypt the encrypted content received, but only the chosen subset of users or clients can decrypt the encrypted content into the original content. The content distributor can control and select for this subset. Broadcast encryption has several applications including access control in encrypted file systems, television subscription services, and media content protection.
Traditional broadcast encryption schemes, such as those using Public Key Infrastructure (PKI) or bilinear pairings, create cryptographic headers that in part based on the subscriber set, which is the subset of content receiving clients that can decrypt the encrypted content and hence view original content. One of these traditional broadcast encryption schemes is the Boneh-Gentry-Waters broadcast encryption scheme. The Boneh-Gentry-Waters broadcast encryption scheme is described in the report: Dan Boneh, Craig Gentry, and Brent Waters, Collusion Resistant Broadcast Encryption With Short Ciphertexts and Private Keys, Crypto, 2005; the disclosure of which is incorporated herein by reference in its entirety. Under this broadcast encryption scheme, whenever the subscriber set changes as new subscribers are added or expired subscribers are removed, a new cryptographic header needs to be created and to be distributed. The computation of the new cryptographic header is performed without reusing any previous computation result. Furthermore, the decryption of the encrypted content is performed also without reusing any previous computation result. As such, the computation for both cryptographic header generation and encrypted content decryption whenever the subscriber set is updated is intense, time consuming, and causes degradation to the overall content distribution performance.
Another shortcoming of the traditional broadcast encryption schemes is that the encryption schemes require the total number of content receiving clients in the distribution network to be fixed at the time of initial setup of the system and cannot be increased thereafter.
Therefore, there is a need for a new broadcast encryption scheme that can better utilize previous computation results during the cryptography header generation and encrypted content decryption when the subscriber set changes; and that the new broadcast encryption scheme is robust enough to handle an unlimited total content receiving client population.