Paper 2016/953

Collusion-Resistant Broadcast Encryption with Tight Reductions and Beyond

Linfeng Zhou

Abstract

The issue of tight security for identity-based encryption schemes (\(\mathsf{IBE}\)) in bilinear groups has been widely investigated and a lot of optimal properties have been achieved. Recently, a tightly secure IBE scheme in bilinear groups under the multi-challenge setting has been achieved by Chen et al. (to appear in PKC 2017), and their scheme even achieves constant-size public parameters and is adaptively secure. However, we note that the issue of tight security for broadcast encryption schemes (\(\mathsf{BE}\)) in bilinear groups has received less attention so far. Actually current broadcast encryption systems of bilinear groups are either not tightly secure or based on non-static assumptions. In this work we mainly focus on the issue of tight security for standard broadcast encryption schemes \footnote{We utilize the syntax of broadcast encryption schemes under the key-encapsulation setting in this work and it is easy to be transformed into one under the standard setting.}. We construct the \textit{first} tightly secure broadcast encryption scheme from static assumptions (i.e., decisional subgroup assumptions) in the selective security model by utilizing improved techniques derived from the Déjà Q framework (Eurocrypt 2014, TCC-A 2016). The proof of our construction will lead to only \(O(\log n)\) or \(O(\log \lambda)\) security loss, where \(n\) is the number of users in the system and \(\lambda\) is the security parameter. Following this result, we present a tightly secure non-zero inner product encryption scheme (\(\mathsf{NIPE}\)) from decisional subgroup assumptions in the selective security model. This NIPE scheme has the same parameter sizes as our BE scheme and there is only \(O(\log n)\) or \(O(\log \lambda)\) security loss as well, where \(n\) is the dimension of the inner product space and \(\lambda\) is the security parameter. Finally, we further present a tightly secure functional commitment scheme (\(\mathsf{FC}\)) for linear functions, which was introduced by Libert et al. (ICALP 16). In contrast with their scheme, which also suffers \(O(n)\) security loss during the reduction, there is only \(O(\log n)\) or \(O(\log \lambda)\) security loss in our FC scheme.

Note: Fix typos

Metadata
Available format(s)
PDF
Publication info
Preprint. MINOR revision.
Keywords
Broadcast EncryptionNon-zero Inner Product EncryptionFunctional Commitment for Linear FunctionsTight Security
Contact author(s)
daniel linfeng zhou @ gmail com
History
2017-02-15: last of 3 revisions
2016-10-04: received
See all versions
Short URL
https://ia.cr/2016/953
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2016/953,
      author = {Linfeng Zhou},
      title = {Collusion-Resistant Broadcast Encryption with Tight Reductions and Beyond},
      howpublished = {Cryptology ePrint Archive, Paper 2016/953},
      year = {2016},
      note = {\url{https://eprint.iacr.org/2016/953}},
      url = {https://eprint.iacr.org/2016/953}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.