Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

Let\'s assume I want to send a secret message to N recipients in an asymmetric w

ID: 648284 • Letter: L

Question

Let's assume I want to send a secret message to N recipients in an asymmetric way.

My message could be encrypted with N different public keys pi one after another and send to each user individually. In practice only a symmetric key k is sent in an asymmetric way I guess, but that's not the point.

Even direct symmetric encryption comes into mind where the key k is encrypted with each pi once and attached to message body afterwards. Of course the message length grows with rising N.

So I wonder if there is an encryption function having N public keys as input. This fixed length encrypted message should be decrypted by corresponding private keys only. Is this possible?

By the way: Is this concept similar to TV channel encryption?

Explanation / Answer

The problem you described is addressed and solved in different way by the Broadcast Encryption: roughly the problem is how to encrypt a message intended to more than one recipient. You described a naive approach to the problem, your solution is, indeed, probably the simplest one.

The Broadcast Encryption concept was formalized and defined by Fiat and Naor in their seminal paper Broadcast Encryption. Their solution is based on a binary tree where recipient are leafs of this tree and owns a key for every node from them to the root (2n leafs, n?1 keys per user): a ciphertext is encrypted using the minimal set of nodes covering the set of intended recipient.

Others solutions have been published, using both public and symmetric key cryptography. These attacks different deficiencies of solutions to the problem: size of the ciphertext, size of the user keyring, revocation without re-keying, privacy preserving schemes, ...

Two kinds of broadcast encryption exist: one where you name the intended recipients and the other one where you ban a subset of all potential recipients. This first is similar to the pay-tv: you pay so you can decrypt the broadcast, the latter to the DVD encryption: all producer can play a DVD until the producer is banned. The Fiat and Naor solution is of the first kind.

Related Questions

Let y = wear life of a bearing, x1 = oil viscosity, and X2 = load. Suppose that
Question #3063517
Let y be a Bernoulli random variable with success probability Pr( Y = 1) = P and
Question #3380748
Let y be a Bernoulli random variable with success probability Pr( Y = 1) = P, an
Question #3380745
Let y denote the number of broken eggs in a randomly selected carton of one doze
Question #3200003
Let y denote the number of broken eggs in a randomly selected carton of one doze
Question #3247165
Let y denote the number of broken eggs in a randomly selected carton of one doze
Question #3261873
Let y(x) be the position of a particle at time x. Suppose that we know that the
Question #2846213
Let y(x) be the position of a particle at time x. Suppose that we know that the
Question #3286255

Navigate

Previous
Let\'s assume I want (for fun at start) to play with some new DSL (domain specif
Next
Let\'s assume a dishonest Alice who sends, encrypts & digital signs a message to

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.