How to (Selectively) Broadcast A Secret

At the 1982 Symposium on Security and Privacy, a software protection scheme [1] devised by George Purdy, James Studier and the present author was presented. Unfortunately, the cryptographic protocol in that scheme was fatally flawed making it possible for a "pirate" who observed the communica-tions between a software vendor and a legitimate licensee to forge a license that would permit him to also use the protected software. In the course of analyzing the reasons for this weakness in the protocol and of finding an improved one, the cryptographic protocol reported here was found that permits the originator of a cipher message to specify precisely the subset of receivers out of a much larger potential audience who will be able to decrypt the cipher but who will be unable to pass along this ability to any other receiver not designated by the originator of the message. We shall first describe the flaw in the original software protection scheme that prompted this work, and then systematically develop the selective broadcast protocol . Finally, almost as a footnote to the discussion of the secure broadcast protocol, we show how the original software protection problem has also been solved.