Abstract. We investigate anonymous broadcast encryptions (ANOBE) in which a ciphertext hides not only the message but also the target recipients associated with it. Following Libert et al.'s generic construction [PKC, 2012], we propose two concrete ANOBE schemes with tight reduction and better space efficiency.-The IND-CCA security and anonymity of our two ANOBE schemes can be tightly reduced to standard k-Linear assumption (and the existence of other primitives). For a broadcast system with n users, Libert et al.'s security analysis suffers from O(n 3 ) loss while our security loss is constant. -Our first ANOBE supports fast decryption and has a shorter ciphertext than the fast-decryption version of Libert et al.'s concrete ANOBE. Our second ANOBE is adapted from the first one. We sacrifice the fast decryption feature and achieve shorter ciphertexts than Libert et al.'s concrete ANOBE with the help of bilinear groups. Technically, we start from an instantiation of Libert et al.'s generic ANOBE [PKC, 2012], but we work out all our proofs from scratch instead of relying on their generic security result. This intuitively allows our optimizations in the concrete setting.
The notion of extended nested dual system groups (ENDSG) was recently proposed by Hofheinz et al. [PKC 2015] for constructing almost-tight identity based encryptions (IBE) in the multi-instance, multi-ciphertext (MIMC) setting. However only a composite-order instantiation was proposed and more efficient prime-order instantiations are absent. The paper fills the blank by presenting two constructions.We revise the definition of ENDSG and realize it using prime-order bilinear groups based on Chen and Wee's prime-order instantiation of nested dual system groups [CRYPTO 2013]. This yields the first almosttight IBE in the prime-order setting achieving weak adaptive security in MIMC scenario under the d-linear (d-Lin) assumption. We further enhanced the revised ENDSG to capture stronger security notions for IBE, including B-weak adaptive security and full adaptive security. We show that our prime-order instantiation is readily B-weak adaptive secure and full adaptive secure without introducing extra assumption.We then try to find better solution by fine-tuning ENDSG again and realizing it using the technique of Chen, Gay, and Wee [EUROCRYPT 2015]. This leads to an almost-tight secure IBE in the same setting with better performance than our first result, but the security relies on a non-standard assumption, d-linear assumption with auxiliary input (d-LinAI) for an even positive integer d. However we note that, the 2-LinAI assumption is implied by the external decisional linear (XDLIN) assumption. This concrete instantiation could also be realized using symmetric bilinear groups under standard decisional linear assumption.
This paper continued the research line of dual system groups (DSG) opened by Chen and Wee (CRYPTO, 2013 and IACR Cryptology ePrint Archive, 2014). Motivated by Lewko's unbounded hierarchical identity based encryptions (HIBE) (EUROCRYPT, 2012), we extended Chen and Wee's DSG and showed how to construct an unbounded HIBE from our extended DSG. Furthermore, an instantiation of our extended DSG was given using primeorder bilinear groups under the d-Lin assumption. These two results imply an adaptively secure unbounded HIBE in the standard model with not only shorter ciphertexts and user's secret keys but also faster algorithms than Lewko's construction.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.