Method and system for performing broadcast encryption with revocation capability

Shlomi Dolev (Inventor), Niv Gilboa (Inventor), Dan Brownstein (Inventor)

Research output: Patent


A broadcast encryption method that allows a broadcaster to send encrypted content to a set of users such that only a subset of authorized users can decrypt the content, and to perform both temporary and permanent revocation of users. Accordingly, during a Setup stage, a Key Service generates a public key and a Master Secret Key (MSK) and sends the Public Parameters PP used to generate the public key to a broadcaster and to all users. The broadcaster uses the Public Parameters PP to create a message M, with which the broadcaster encrypts the content, and further creates a Cipher Text (CT), which is sent to all users. During a Key Gen stage, whenever a user wishes to decrypt the message M for decrypting the content, the user sends a request with his ID1 to the Key Service. The Key Service generates a corresponding secret key SKID1 and the secret key SKID1 is sent to the user ID1 via a secure data channel. During a Decrypt stage, the user uses the secret key SKID1, to decrypt the Cipher Text (CT) and obtain the message M. During a Revoke stage of k users (k=1, 2, 3, . . . ) a State Update Message (SUM) which is sent to all users, is provided and each user updates his state with the SUM he received, such that the k users having identities ID1, ID2, . . . IDk will not be able to update their state and will be permanently revoked, while all the remaining users being admitted users will be able to update their state and will not be revoked. Temporary revocation is done by inserting a list of IDs (ID1, ID2, . . . IDk) to be revoked into the CT.

Original languageEnglish
Patent numberUS2020186347
IPCH04N 21/ 2347 A I
Priority date10/05/18
StatePublished - 11 Jun 2020


Dive into the research topics of 'Method and system for performing broadcast encryption with revocation capability'. Together they form a unique fingerprint.

Cite this