Cryptology ePrint Archive: Report 2016/953

Collusion-Resistant Broadcast Encryption with Tight Reductions and Beyond

Linfeng Zhou

Abstract: The issue of tight security for identity-based encryption schemes (\(\mathsf{IBE}\)) in bilinear groups has been widely investigated and a lot of optimal properties have been achieved. Recently, a tightly secure IBE scheme in bilinear groups under the multi-challenge setting has been achieved by Chen et al. (to appear in PKC 2017), and their scheme even achieves constant-size public parameters and is adaptively secure. However, we note that the issue of tight security for broadcast encryption schemes (\(\mathsf{BE}\)) in bilinear groups has received less attention so far. Actually current broadcast encryption systems of bilinear groups are either not tightly secure or based on non-static assumptions.

In this work we mainly focus on the issue of tight security for standard broadcast encryption schemes \footnote{We utilize the syntax of broadcast encryption schemes under the key-encapsulation setting in this work and it is easy to be transformed into one under the standard setting.}. We construct the \textit{first} tightly secure broadcast encryption scheme from static assumptions (i.e., decisional subgroup assumptions) in the selective security model by utilizing improved techniques derived from the Déjà Q framework (Eurocrypt 2014, TCC-A 2016). The proof of our construction will lead to only \(O(\log n)\) or \(O(\log \lambda)\) security loss, where \(n\) is the number of users in the system and \(\lambda\) is the security parameter.

Following this result, we present a tightly secure non-zero inner product encryption scheme (\(\mathsf{NIPE}\)) from decisional subgroup assumptions in the selective security model. This NIPE scheme has the same parameter sizes as our BE scheme and there is only \(O(\log n)\) or \(O(\log \lambda)\) security loss as well, where \(n\) is the dimension of the inner product space and \(\lambda\) is the security parameter.

Finally, we further present a tightly secure functional commitment scheme (\(\mathsf{FC}\)) for linear functions, which was introduced by Libert et al. (ICALP 16). In contrast with their scheme, which also suffers \(O(n)\) security loss during the reduction, there is only \(O(\log n)\) or \(O(\log \lambda)\) security loss in our FC scheme.

Category / Keywords: Broadcast Encryption, Non-zero Inner Product Encryption, Functional Commitment for Linear Functions, Tight Security

Date: received 3 Oct 2016, last revised 15 Feb 2017

Contact author: daniel linfeng zhou at gmail com

Available format(s): PDF | BibTeX Citation

Note: Fix typos

Version: 20170215:094209 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]