Combinatorial Subset Difference—IoT-Friendly Subset Representation and Broadcast Encryption

In the Internet of Things (IoT) systems, it is often required to deliver a secure message to a group of devices. The public key broadcast encryption is an efficient primitive to handle IoT broadcasts, by allowing a user (or a device) to broadcast encrypted messages to a group of legitimate devices. This paper proposes an IoT-friendly subset representation called Combinatorial Subset Difference (CSD), which generalizes the existing subset difference (SD) method by allowing wildcards (*) in any position of the bitstring. Based on the CSD representation, we first propose an algorithm to construct the CSD subset, and a CSD-based public key broadcast encryption scheme. By providing the most general subset representation, the proposed CSD-based construction achieves a minimal header size among the existing broadcast encryption. The experimental result shows that our CSD saves the header size by 17% on average and more than 1000 times when assuming a specific IoT example of IP address with 20 wildcards and <inline-formula> <math display="inline"> <semantics> <msup> <mn>2</mn> <mn>20</mn> </msup> </semantics> </math> </inline-formula> total users, compared to the SD-based broadcast encryption. We prove the semantic security of CSD-based broadcast encryption under the standard <i>l</i>-BDHE assumption, and extend the construction to a chosen-ciphertext-attack (CCA)-secure version.