Fully Collusion-Resistant Broadcast Encryption and Traitor Tracing Systems ------------------------------------------------ A Broadcast Encryption cryptosystem allows a sender to encrypt a message to some target set of users. In a secure system users in the target set can decrypt the ciphertext and no collusion of users outside of the target set can learn anything about the message. Broadcast encryption systems have a variety of applications. For example, we could build a shared encrypted filesystem from broadcast encryption where a user broadcast encrypts a file to the set of users he wants to share it with. Broadcast encryption is also useful for large-scale content distribution; a content distributor such as DirectTV or XMRadio will encrypt its digital media content to the devices of all paying subscribers. The primary challenge with broadcast encryption is to design secure systems with small ciphertext size. For example, we could achieve a broadcast encryption scheme with ciphertexts linear in the number of receivers by simply encrypting a message (or symmetric encryption key) separately to each user the target set. However, this approach is inefficient and becomes infeasible in large systems where there could be many users in a target set. In this talk I will present two recent developments in broadcast encryption. First, I will discuss my work with Dan Boneh and Craig Gentry on a broadcast encryption scheme that has constant ciphertext size and constant size private keys. Our scheme can be used to encrypt to arbitrary sets of users and is secure against an arbitrary number of colluding attackers. Somewhat surprisingly, the only previous fully-collusion resistant scheme is the trivial where we encrypt to each user separately. Additionally, I will present some very recent work with Dan Boneh and Amit Sahai on a related problem known as "Tracing Traitors". Our tracing traitors construction allows us to trace a creator of a "pirate box". Our solution achieves O(\sqrt(n)) size ciphertexts and is secure against an arbitrary number of colluders. Links: http://eprint.iacr.org/2006/045.pdf http://eprint.iacr.org/2005/018.pdf