A Performance Evaluation of Pairing-Based Broadcast Encryption Systems

In a broadcast encryption system, a sender can encrypt a message for any subset of users who are listening on a broadcast channel. The goal is to leverage the broadcasting structure to achieve better efficiency than individually encrypting to each user; in particular, reducing the ciphertext size required to transmit securely, although other factors such as public and private key size and the time to execute setup, encryption and decryption are also important. In this work, we conduct a detailed performance evaluation of eleven public-key, pairing-based broadcast encryption schemes offering different features and security guarantees, including public-key, identity-based, traitor-tracing, private linear and augmented systems. We implemented each system using the MCL Java pairings library, reworking some of the constructions to achieve better efficiency. We tested their performance on a variety of parameter choices, resulting in hundreds of data points to compare, with some interesting results from the classic Boneh-Gentry-Waters scheme (CRYPTO 2005) to Zhandry's recent generalized scheme (CRYPTO 2020), and more. We combine this performance data with data we collected on practical usage scenarios to determine which schemes are likely to perform best for certain applications, such as video streaming services, online gaming, live sports betting and distributor-limited applications. This work can inform both practitioners and future cryptographic designers in this area.