General Weakness in Certain Broadcast Encryption Protocols Employing the Remainder Approach

We address the problem of distributing a group-oriented secret from a centralized key server to a number of privileged recipients, known as broadcast encryption. In a set of existent schemes, this common shared secret is distributed as an arithmetic remainder embedded in a broadcast keying message, such that upon receiving the message, a legitimate recipient only needs to perform one modular operation upon the keying information to derive the secret. In this article, however, we point out a generic weakness in these protocols and demonstrate efficient methods for cryptanalysis. The presented approaches follow a collision attack paradigm and can work in a manner that even a completely passive outsider may somehow acquire the secret. Numerical analysis shows that in practical scenarios, our technique can compromise the common shared secret with a significant probability, implying that these broadcast encryption schemes are highly vulnerable.