Research on Encrypted Broadcast Protocols in Device-Collaborative Relay Environments

School of Software and Internet of Things Engineering, Jiangxi University of Finance and Economics, Nanchang, Jiangxi

Abstract

In many real-world IoT deployments, a considerable portion of sensing devices cannot maintain direct Internet connectivity because of battery constraints, hardware cost, or harsh installation environments. These “offline” nodes have to rely on nearby connected devices to reach remote servers, which raises serious concerns about confidentiality and message integrity along the relay path. Focusing on this practical setting, this paper designs a decentralized encrypted broadcast protocol with device-collaborative relays that allows offline devices to communicate securely without adding extra hardware modules. The protocol combines broadcast encryption based on interpolation polynomials with a hierarchical TESLA authentication mechanism, and specifies a complete workflow including system initialization, key distribution, data broadcasting, and relay forwarding. To cope with user churn, we further introduce dynamic polynomial updates and grouped key chains so that key management remains lightweight on resource-constrained nodes. Theoretical analysis shows that the scheme achieves confidentiality, collusion resistance, and forward/backward security under low communication overhead; user-side key storage is reduced to a constant level and the buffer requirement of relay nodes is effectively bounded. We also examine how the density of connected devices affects latency and delivery ratio, and identify extremely sparse networks as the main limitation where complementary routing and incentive mechanisms are needed. These results suggest that the proposed protocol is a practical candidate for secure communication in emergency response systems and large-scale IoT deployments in remote areas.

Keywords: Broadcast encryption; Device-collaborative relay; Relay transmission; IoT security; Key management

With the deep integration of 5G/6G and Internet of Things (IoT) technologies, sensing terminals have been extensively deployed in scenarios such as industrial control, urban infrastructure, and environmental monitoring. Unlike traditional Internet terminals, these devices are often installed in underground mines, inside mountains, or within enclosed factories. They rely on batteries or energy harvesting for long-term power supply and are extremely sensitive to the power consumption of communication modules. Practical deployments indicate that a significant portion of nodes, in order to save costs and energy, are not configured with cellular or Ethernet interfaces. Instead, they interact with surrounding devices via short-range wireless methods such as Bluetooth or ZigBee, leaving them in a logically "networkless" state.

In emergency communications and remote area monitoring tasks, these networkless nodes form "information islands" that are difficult to reach in a timely manner. On the one hand, traditional satellite links or dedicated relay equipment are expensive and complex to maintain; on the other hand, centralized architectures are prone to single points of failure, which often lead to data reporting interruptions across the entire region. Apple's "Find My" network utilizes a massive number of user devices to construct a decentralized Bluetooth relay system, validating the feasibility of using existing terminals for collaborative forwarding. However, its protocol details are not public, and its security analysis remains relatively limited.

Inspired by the aforementioned systems, this paper attempts to theoretically construct a provably secure device-collaborative relay protocol framework. This framework enables networkless devices to perform encrypted broadcasting and authenticated relaying with the help of surrounding networked devices in untrusted environments. The distinction from existing work lies in our combination of interpolating polynomial broadcast encryption with a hybrid multi-level TESLA mechanism. This approach achieves fine-grained access control and message authentication for relay nodes while maintaining low key management overhead. The primary contributions of this paper can be summarized as follows:

1. We propose a broadcast encryption model tailored for networkless device scenarios, providing an improved scheme based on interpolating polynomials and reducing re-keying overhead caused by user revocation through a dynamic polynomial update mechanism.
2. We design a hybrid multi-level TESLA authentication mechanism to achieve hierarchical authentication for messages of different security levels and grouped management of key chains.
3. We construct a device-collaborative relay and incentive mechanism, allowing networked devices to complete ciphertext forwarding and caching without accessing the plaintext.
4. Finally, we analyze the protocol from the perspectives of both security and performance, providing comparison results with typical schemes and a discussion of applicable scenarios.

As a mechanism for securely distributing data to authorized users, broadcast encryption must simultaneously satisfy objectives such as confidentiality, collusion resistance, and dynamic user management. Typical schemes can be divided into stateful and stateless categories: the former, such as multicast schemes, feature short ciphertexts but incur significant re-keying overhead during user join and revocation; the latter attempt to reduce central management pressure through pre-distributed keys or polynomial methods. The interpolating polynomial-based scheme proposed by Wang Shangping et al. alleviates the storage burden on the center, but its computational complexity remains high in large-scale scenarios. Regarding relay communication, Lei Weijia et al. studied anti-eavesdropping collaborative relay transmission schemes under partial channel state information, enhancing security through physical layer design. The TESLA protocol achieves lightweight broadcast authentication through delayed key disclosure and has been widely applied in sensor networks. The hybrid multi-level TESLA protocol by Qi Junfeng et al. supports hierarchical broadcasting for different types of nodes on this basis, while the review by Yang Ting et al. systematically summarizes the security assumptions and time synchronization requirements of IoT authentication protocols. Taken together, while existing works have respective advantages in broadcast encryption and authentication, there remains a lack of systematic solutions specifically targeting the "networkless device—networked device" collaborative relay scenario.

The protocol involves networkless devices (source/destination nodes) and networked devices, focusing on key storage overhead and computational complexity. A device initiates a request, and after the networked device completes legitimacy verification locally, it relays the ciphertext to the server; the response message then returns via the reverse path. When the network link is temporarily interrupted, the relay node employs a store-and-forward mechanism to cache data packets, continuing the transmission once the link is restored. Let the user set be $U$. The core idea is to utilize interpolating polynomials for session key generation, enabling legitimate users to complete the process with constant-level storage overhead. The Trust Center (TC) selects a large prime $p$ and other parameters as system public parameters.

User $U_i$ obtains the secret parameter $H_i$ through the following process:

$$H_i = h(ID_i \parallel x)$$

where $ID_i$ represents the unique identity of the user, $x$ is the system master secret key, and $h(\cdot)$ denotes a secure cryptographic hash function. This parameter serves as the foundation for subsequent authentication and key agreement phases within the network architecture.

The system utilizes parameters $(H_{ix}, H_{iy})$ and prime numbers $P_i$, satisfying the condition $P_0 P_1 \cdots P_N > p$. These parameters are utilized for the local reconstruction of polynomial points and session keys. The sender initiates a request to the Trust Center (TC) to either update the polynomial or confirm the current version. Upon receiving this request, the center calculates and publishes the auxiliary parameters.

Based on the number $(C_x, C_y)$, the sender calculates the session key $Key$ using symmetric algorithms, along with the necessary public parameters. Legitimate users utilize their private points and the public parameters to recover the polynomial values, thereby obtaining the session key for decryption. By introducing a dynamic polynomial update mechanism, only a subset of parameters needs to be updated when a user joins or is revoked, which significantly reduces the overhead associated with global reconfiguration.

To ensure data integrity and source authentication along the relay path, the protocol employs a dual-layer key chain architecture. In this framework, a high-level chain manages multiple low-level chains, where different message types are bound to specific low-level chains to achieve hierarchical authentication. The primary operational steps include key chain initialization, time synchronization, message authentication based on MACs, and delayed key disclosure verification. By implementing grouping and rolling updates for the key chains, the system supports multiple service classes and limits the impact of a single key compromise without imposing excessive communication overhead.

[FIGURE:1]

The collaborative relay process generally comprises request verification, secure connection establishment, ciphertext forwarding, temporary caching, and response transmission. Relay nodes process only the ciphertext and authentication metadata, ensuring they do not require access to the plaintext content. For destination servers that are temporarily unreachable, relay nodes employ a store-and-forward strategy. Furthermore, a simple incentive mechanism—such as forwarding credits or local statistical tracking—is integrated to encourage network-connected devices to participate in the relay process.

Security Analysis

Based on the structure of the interpolation polynomial, if an unauthorized user possesses fewer valid point pairs than the threshold $t$, they cannot reconstruct the polynomial $f(x)$ and are thus unable to calculate the session key. By combining the session key with a symmetric encryption algorithm, the indistinguishability of ciphertexts can be guaranteed under the IND-CCA2 security model.

Even if $n-1$ unauthorized users collude, they cannot uniquely determine the coefficients of the polynomial, and consequently, they remain unable to recover the legitimate session key. This property ensures that the protocol is resistant to multi-user collusion attacks, provided that reasonable parameters are selected.

Furthermore, through the use of polynomial version updates and the one-way nature of the key chain, revoked users are prevented from decrypting subsequent session keys. Simultaneously, newly joined users cannot infer historical keys from current information. This mechanism effectively achieves both forward secrecy and backward secrecy.

Resistance to Attack Types

1. Interpolation Polynomial Encryption
The security of the system is fundamentally rooted in the complexity of the interpolation polynomial encryption scheme. By utilizing high-degree polynomials to distribute and encrypt key information, the system ensures that unauthorized entities cannot reconstruct the secret keys without possessing the required threshold of shares.

2. TESLA Protocol Security
The integration of the TESLA (Timed Efficient Stream Loss-tolerant Authentication) protocol ensures source authentication and data integrity. By employing delayed key disclosure, the system prevents attackers from forging packets in real-time. The security of this mechanism relies on loose time synchronization between the sender and receivers.

3. User Revocation Attacks
The system is designed to be resilient against attacks initiated by revoked users. Once a user's access is revoked, the re-keying process ensures that subsequent session keys are computationally independent of previous ones.

4. Key Chain Unidirectionality
A critical security feature is the one-way nature of the key chain. Based on one-way hash functions, the key chain ensures that knowledge of a current or future key provides no computational advantage in deriving past keys.

5. New User History Attacks
The system effectively prevents new users from accessing historical data transmitted before they joined the network. Through the one-way property of the key chain and the specific parameters of the interpolation polynomial at the time of joining, a new user is restricted to current and future keys.

6. Multi-User Collusion Attacks
The architecture is specifically hardened against collusion attacks where multiple unauthorized or revoked users combine their private information to attempt to break the system.

Performance Analysis

Communication overhead primarily consists of encryption parameters, MACs, and relay control information. Benefiting from the polynomial-based approach and the hierarchical key chain design, the target server can efficiently process these components.

User-side key storage is compressed to a constant level, while the relay node cache remains linearly correlated only with local traffic volume. In terms of computational complexity, the costs associated with polynomial interpolation and evaluation are lower than those of typical public-key schemes, making this approach suitable for resource-constrained environments. Addressing the issue of secure access for offline devices, this paper proposes an encrypted broadcast protocol for device-collaborative relay environments. By utilizing interpolation polynomial broadcast encryption and a hybrid multi-level TESLA authentication mechanism, the protocol achieves confidentiality, collusion resistance, and forward/backward security while maintaining low communication and storage overhead.

Theoretical analysis and comparative results demonstrate that this scheme possesses significant application potential for emergency communications and Internet of Things (IoT) deployments in remote areas. Future work will proceed in two directions: first, designing more refined relay selection and routing algorithms tailored to practical scenarios to reduce latency in extremely sparse networks; and second, exploring integration with post-quantum cryptographic techniques, such as lattice-based cryptography, to enhance the long-term security of the protocol against quantum computing threats.

References

1. Wang Shangping, et al. Research on an interpolation polynomial-based broadcast encryption scheme. Journal of Electronics & Information Technology, 2008, 30(12): 2996–2998.
2. Qi Junfeng, et al. TESLA for multi-type nodes. Journal of University of Electronic Science and Technology of China, 2025, 54(2): 233–241.
3. Lei Weijia, et al. Anti-eavesdropping collaborative relay transmission schemes under partial channel state information. Journal of Jilin University (Engineering and Technology Edition), 2015, 45(5): 1658–1664.
4. Yang Ting, et al. IoT authentication protocols, 2020, 7(1): 87–101.