A note on the security of KHL scheme

Jian Weng, Yunlei Zhao, Robert H. Deng, Shengli Liu, Yanjiang Yang, Kouichi Sakurai

研究成果: ジャーナルへの寄稿学術誌査読

1 被引用数 (Scopus)


A public key trace and revoke scheme combines the functionality of broadcast encryption with the capability of traitor tracing. In Asiacrypt 2003, Kim, Hwang and Lee proposed a public key trace and revoke scheme (referred to as KHL scheme), and gave the security proof to support that their scheme is z-resilient against adaptive chosen-ciphertext attacks, in which the adversary is allowed to adaptively issue decryption queries as well as adaptively corrupt up to z users. In the passed ten years, KHL scheme has been believed as one of the most efficient public key trace and revoke schemes with z-resilience against adaptive chosen-ciphertext attacks under the well-studied DDH assumption. However, in this paper, by giving a concrete attack, we indicate that KHL scheme is actually not secure against adaptive chosen-ciphertexts, even without corruption of any user. We then identify the flaws in the security proof for KHL-scheme, and discuss the consequences of the attack.

ジャーナルTheoretical Computer Science
出版ステータス出版済み - 10月 18 2015

!!!All Science Journal Classification (ASJC) codes

  • 理論的コンピュータサイエンス
  • コンピュータ サイエンス(全般)


「A note on the security of KHL scheme」の研究トピックを掘り下げます。これらがまとまってユニークなフィンガープリントを構成します。