Fully CCA2 secure identity based broadcast encryption without random oracles

doi:10.1016/j.ipl.2009.01.017

Information Processing Letters

Volume 109, Issue 11, 16 May 2009, Pages 527-533

https://doi.org/10.1016/j.ipl.2009.01.017 Get rights and content

Abstract

In broadcast encryption schemes, a broadcaster encrypts messages and transmits them to some subset S of users who are listening to a broadcast channel. Any user in S can use his private key to decrypt the broadcast. An identity based cryptosystem is a public key cryptosystem where the public key can be represented as an arbitrary string. In this paper, we propose the first identity based broadcast encryption (IBBE) scheme that is IND-ID-CCA2 secure without random oracles. The public key and ciphertext are constant size, and the private key size is linear in the total number of receivers. To the best of our knowledge, it is the first IBBE scheme that is fully CCA2 secure without random oracles. Moreover, our IBBE scheme is collusion resistant for arbitrarily large collusion of users.

References (17)

A. Fiat et al.
Broadcast encryption
A. Shamir
Identity-based cryptosystems and signature schemes
B. Waters
Efficient identity-based encryption without random oracles
C. Cocks
An identity based encryption scheme based on quadratic residues
C. Delerablee
Identity-based broadcast encryption with constant size ciphertext and private keys
C. Delerablee et al.
Fully collusion secure dynamic broadcast encryption with constant-size ciphertexts or decryption keys
C. Gentry
Practical identity-based encryption without random oracles
D. Boneh et al.
Collusion resistant broadcast encryption with short ciphertexts and private keys

There are more references available in the full text version of this article.

Cited by (51)

Adaptively secure certificate-based broadcast encryption and its application to cloud storage service
2020, Information Sciences
Citation Excerpt :
Subsequently, in challenge phase, the adversary selects any proper subset of the target receiver set as challenging receiver set. Most of the existing PKBE schemes [3,6,8,9,14,15,17,35–37,47–49] are constructed with the form of identity-based broadcast encryption (IBBE) [32], which is a natural extension for the notion of identity-based encryption (IBE). IBBE could be viewed as a specific type for PKBE which combines BE and IBE.
The existing public key broadcast encryption schemes are mainly constructed in identity-based cryptosystem, which bears the inherent problems of key escrow and key distribution. The certificate-based encryption mechanism can effectively address the problems in identity-based cryptosystem. Meanwhile, it simplifies the certificate revocation issue for traditional public key cryptosystem. Inspired by the idea of certificate-based encryption, we put forward the new primitive certificate-based broadcast encryption as well as its formal definition and security model. In virtue of prime order bilinear groups, we present an instantiation scheme of certificate-based broadcast encryption. To our best knowledge, the proposed scheme is the first adaptively secure scheme for certificate-based broadcast encryption in the standard model against chosen-ciphertext attack. Compared with the previous work, our scheme has advantages in the respects of computation cost as well as security properties. Furthermore, we present an application scenario of the proposed scheme for data access control in cloud storage service.
Long-term secure management of large scale Internet of Things applications
2019, Journal of Network and Computer Applications
Citation Excerpt :
Boneh et al. and Delerablée et al.‘s efforts (Boneh et al., 2005b; Delerablée et al., 2007) paved the way for more advanced short ciphertext schemes with trade off capability among encryption, decryption, ciphertext size, and public/private key sizes. Thus, our proposed scheme is based on prior parameter trade off capabilities and IBBE schemes (Boneh et al., 2005b; Delerablée et al., 2007; Delerablée, 2007; Ren and Gu, 2009). A computationally efficient bilinear map e from G1 × G2 to GT is e: G1 × G2 → GT.
The Internet of Things (IoT) is an emerging paradigm, where the ubiquitous devices can form the networks and connect to Internet. Security and management of devices remain open challenges for the IoT. We adopt the management framework of industry consortium THREAD, where a group of devices cooperating to accomplish the same task (called policy) are administrated by a designated device called commissioner and together they form a policy group. All these policy groups are further managed by a centralized server. In this hierarchical network structure, the secure distribution of the policy information, access control, and group key from the centralized server to commissioner and its peers become challenging given the pervasive, complex and heterogeneous properties of devices. To solve this, we propose protocols/mechanisms along with a variant of Broadcast Encryption called Secure Identity-Based Broadcast Encryption (SIBBE) and demonstrate the feasibility for secure distribution of information to the IoT devices from centralized server. Most of the related work is based on the Attribute-based Encryption (ABE) for IoT devices, which has scalability issues with the number of attributes. Our experimental and simulation evaluations show that our scheme outperforms the existing schemes in terms of scalability, latency, and communication overhead.
Anonymous certificate-based broadcast encryption with constant decryption cost
2018, Information Sciences
Citation Excerpt :
Ren and Gu [38] alleged that they constructed the first adaptively CCA-secure IBBE scheme in the standard model. Nevertheless, Wang et al. [42] showed that the scheme [38] was not secure against CPA security. The IBBE schemes proposed in [49] were proved to achieve adaptive CCA and CPA security under q-type assumptions, respectively.
Most of the existing broadcast encryption schemes are constructed in either public key cryptosystem or identity-based cryptosystem. However, the overload of certificate management is heavy for public key cryptosystem while the key escrow problem is inherent in identity-based cryptosystem. Certificate-based cryptosystem provides a promising solution of designing more efficient and secure broadcast encryption schemes. Meanwhile, it is an important security property to protect the privacy of receivers, anonymity in many broadcast encryption application scenarios. Furthermore, in the broadcast encryption applications with a large number of computationally constrained users, it is critical to lower the computation cost, especially the decryption cost of the users. In this paper, we first introduce the notion of anonymous certificate-based broadcast encryption. Specifically, we formalize the definition and security model for anonymous certificate-based broadcast encryption. Then we construct an anonymous certificate-based broadcast encryption scheme with constant decryption cost. Compared with the existing anonymous multi-receiver certificate-based encryption scheme, the proposed scheme has advantage in the computation efficiency. Therefore, our scheme is more feasible for those broadcast encryption application scenarios where there are many receivers with limited computation ability. In the respect of security, the proposed scheme achieves anonymity and confidentiality against adaptive chosen-ciphertext attacks simultaneously under standard assumption.
Blockchain-secure patient Digital Twin in healthcare using smart contracts
2024, PLoS ONE
Anonymous Identity Based Broadcast Encryption against Continual Side Channel Attacks in the State Partition Model
2022, Applied Sciences (Switzerland)
Toward Data Transmission Security Based on Proxy Broadcast Re-encryption in Edge Collaboration
2022, ACM Transactions on Sensor Networks

View all citing articles on Scopus

View full text

Fully CCA2 secure identity based broadcast encryption without random oracles

Abstract

Broadcast encryption

Identity-based cryptosystems and signature schemes

Efficient identity-based encryption without random oracles

An identity based encryption scheme based on quadratic residues

Identity-based broadcast encryption with constant size ciphertext and private keys

Fully collusion secure dynamic broadcast encryption with constant-size ciphertexts or decryption keys

Practical identity-based encryption without random oracles

Collusion resistant broadcast encryption with short ciphertexts and private keys