Paper 2025/323

A Generic Approach to Adaptively-Secure Broadcast Encryption in the Plain Model

Yao-Ching Hsieh, University of Washington
Brent Waters, The University of Texas at Austin, NTT Research
David J. Wu, The University of Texas at Austin
Abstract

Broadcast encryption allows a user to encrypt a message to N recipients with a ciphertext whose size scales sublinearly with N. The natural security notion for broadcast encryption is adaptive security which allows an adversary to choose the set of recipients after seeing the public parameters. Achieving adaptive security in broadcast encryption is challenging, and in the plain model, the primary technique is the celebrated dual-systems approach, which can be implemented over groups with bilinear maps. Unfortunately, it has been challenging to replicate the dual-systems approach in other settings (e.g., with lattices or witness encryption). Moreover, even if we focus on pairing-based constructions, the dual-systems framework critically relies on decisional (and source-group) assumptions. We do not have constructions of adaptively-secure broadcast encryption from search (or target-group) assumptions in the plain model. Gentry and Waters (EUROCRYPT 2009) described a compiler that takes any semi-statically-secure broadcast encryption scheme and transforms it into an adaptively-secure scheme in the random oracle model. While semi-static security is easier to achieve and constructions are known from witness encryption as well as search (and target-group) assumptions on pairing groups, the transformed scheme relies on random oracles. In this work, we show that using publicly-sampleable projective PRGs, we can achieve adaptive security in the plain model. We then show how to build publicly-sampleable projective PRGs from many standard number-theoretic assumptions (e.g., CDH, LWE, RSA). Our compiler yields the first adaptively-secure broadcast encryption scheme from search assumptions as well as the first such scheme from witness encryption in the plain model. We also obtain the first adaptively-secure pairing-based scheme in the plain model with -size public keys and -size ciphertexts (where suppresses polynomial factors in the security parameter ). Previous adaptively-secure pairing-based schemes in the plain model with -size ciphertexts required -size public keys.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
A major revision of an IACR publication in EUROCRYPT 2025
Keywords
broadcast encryptionadaptive securityprojective PRGs
Contact author(s)
ychsieh @ cs washington edu
bwaters @ cs utexas edu
dwu4 @ cs utexas edu
History
2025-02-24: approved
2025-02-22: received
See all versions
Short URL
https://ia.cr/2025/323
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2025/323,
      author = {Yao-Ching Hsieh and Brent Waters and David J. Wu},
      title = {A Generic Approach to Adaptively-Secure Broadcast Encryption in the Plain Model},
      howpublished = {Cryptology {ePrint} Archive, Paper 2025/323},
      year = {2025},
      url = {https://eprint.iacr.org/2025/323}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.