Paper 2007/015

Group Encryption

Aggelos Kiayias, Yiannis Tsiounis, and Moti Yung


We present group encryption, a new cryptographic primitive which is the encryption analogue of a group signature. It possesses similar verifiability, security and privacy properties, but whereas a group signature is useful whenever we need to conceal the source (signer) within a group of legitimate users, a group encryption is useful whenever we need to conceal a recipient (decryptor) within a group of legitimate receivers. We introduce and model the new primitive and present sufficient as well as necessary conditions for its generic implementation. We then develop an efficient novel number theoretic construction for group encryption of discrete logarithms whose complexity is independent of the group size. To achieve this we construct a new public-key encryption for discrete logarithms that satisfies CCA2-key-privacy and CCA2-security in the standard model. Applications of group encryption include settings where a user wishes to hide her preferred trusted third party or even impose a hidden hierarchy of trusted parties, or settings where verifiable well-formed ciphertexts are kept in a untrusted storage server that must be prevented from both learning the content of records as well as analyzing the identities of their retrievers.

Available format(s)
Public-key cryptography
Publication info
Published elsewhere. Unknown where it was published
Contact author(s)
aggelos @ cse uconn edu
2007-01-19: revised
2007-01-19: received
See all versions
Short URL
Creative Commons Attribution


      author = {Aggelos Kiayias and Yiannis Tsiounis and Moti Yung},
      title = {Group  Encryption},
      howpublished = {Cryptology ePrint Archive, Paper 2007/015},
      year = {2007},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.