CCA2-Secure Threshold Broadcast Encryption with Shorter Ciphertexts

Vanesa Daza; Javier Herranz; Paz Morillo; Carla Ràfols

Paper 2007/127

CCA2-Secure Threshold Broadcast Encryption with Shorter Ciphertexts

Vanesa Daza, Javier Herranz, Paz Morillo, and Carla Ràfols

Abstract

In a threshold broadcast encryption scheme, a sender chooses (ad-hoc) a set of $n$ receivers and a threshold $t$ , and then encrypts a message by using the public keys of all the receivers, in such a way that the original plaintext can be recovered only if at least $t$ receivers cooperate. Previously proposed threshold broadcast encryption schemes have ciphertexts whose length is $\O (n)$ . In this paper, we propose new schemes, for both PKI and identity-based scenarios, where the ciphertexts' length is $\O (n - t)$ . The construction uses secret sharing techniques and the Canetti-Halevi-Katz transformation to achieve chosen-ciphertext security. The security of our schemes is formally proved under the Decisional Bilinear Diffie-Hellman (DBDH) Assumption.

Metadata

Available format(s): PDF PS
Category: Cryptographic protocols
Publication info: Published elsewhere. Unknown where it was published
Keywords: threshold broadcast encryption ad-hoc groups secret sharing
Contact author(s): jherranz @ iiia csic es
History: 2007-04-04: received
Short URL: https://ia.cr/2007/127
License: CC BY

BibTeX

@misc{cryptoeprint:2007/127,
      author = {Vanesa Daza and Javier Herranz and Paz Morillo and Carla Ràfols},
      title = {{CCA2}-Secure Threshold Broadcast Encryption with Shorter Ciphertexts},
      howpublished = {Cryptology {ePrint} Archive, Paper 2007/127},
      year = {2007},
      url = {https://eprint.iacr.org/2007/127}
}