Paper 2004/212

ID-Based Encryption for Complex Hierarchies with Applications to Forward Security and Broadcast Encryption

Danfeng Yao, Nelly Fazio, Yevgeniy Dodis, and Anna Lysyanskaya


A forward-secure encryption scheme protects secret keys from exposure by evolving the keys with time. Forward security has several unique requirements in Hierarchical Identity-Based Encryption (HIBE) scheme: (1) users join dynamically; (2) encryption is joining-time-oblivious; (3) users evolve secret keys autonomously. We present a scalable forward-secure HIBE scheme satisfying the above properties. Note that a naive combination of Gentry-Silverberg HIBE scheme with the forward-secure Public-Key Encryption scheme by Canetti, Halevi and Katz would not meet the requirements. We also show how our fs-HIBE scheme can be used to construct a forward-secure public-key Broadcast Encryption scheme, which protects the secrecy of prior transmissions in the Broadcast Encryption setting. We further generalize fs-HIBE into a collusion-resistant Multiple Hierarchical ID-Based Encryption scheme, which can be used for secure communications with entities having multiple roles in Role-Based Access Control. The security of our schemes is based on the Bilinear Diffie-Hellman assumption in the random oracle model.

Available format(s)
Public-key cryptography
Publication info
Published elsewhere. CCS 2004
Forward securityID-Based EncryptionBroadcast Encryption
Contact author(s)
dyao @ cs brown edu
2004-08-30: revised
2004-08-26: received
See all versions
Short URL
Creative Commons Attribution


      author = {Danfeng Yao and Nelly Fazio and Yevgeniy Dodis and Anna Lysyanskaya},
      title = {ID-Based Encryption for Complex Hierarchies with Applications to Forward Security and Broadcast Encryption},
      howpublished = {Cryptology ePrint Archive, Paper 2004/212},
      year = {2004},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.