Cryptology ePrint Archive: Report 2011/476
Anonymous Broadcast Encryption: Adaptive Security and Efficient Constructions in the Standard Model
Benoit Libert and Kenneth G. Paterson and Elizabeth A. Quaglia
Abstract: In this paper we consider anonymity in the context of Broadcast Encryption (BE). This issue has received very little attention so far and all but one of the currently available BE schemes fail to provide anonymity. Yet, we argue that it is intrinsically desirable to provide anonymity in standard applications of BE and that it can be achieved at a moderate cost. We provide a security definition for Anonymous Broadcast Encryption (ANOBE) and show that it is achievable assuming only the existence of IND-CCA secure public key encryption (PKE). Focusing on reducing the size of ciphertexts, we then give two generic constructions for ANOBE. The first is from any anonymous (key-private) IND-CCA secure PKE scheme, and the second is from any IBE scheme that satisfies a weak security notion in the multi-TA setting. Furthermore, we show how randomness re-use techniques can be deployed in the ANOBE context to reduce computational and communication costs, and how a new cryptographic primitive -- anonymous hint systems -- can be used to speed up the decryption process in our ANOBE constructions. Finally, we present a slightly modified version of the Kurosawa-Desmedt (KD) PKE scheme (establishing several results about this scheme that may be of independent interest) and use it to instantiate our first main construction, yielding the currently most efficient ANOBE scheme. All of our results are in the standard model, achieving fully collusion-resistant ANOBE schemes secure against adaptive IND-CCA adversaries.
Category / Keywords:
Publication Info: PKC 2012 -- This is the full version
Date: received 31 Aug 2011, last revised 4 Apr 2012
Contact author: lizquaglia at gmail com
Available formats: PDF | BibTeX Citation
Note: Fixed typos in Section 4. Added a previously omitted proof in Appendix F.
Version: 20120404:153508 (All versions of this report)
Discussion forum: Show discussion | Start new discussion
[ Cryptology ePrint archive ]