Anonymous certificate-based broadcast encryption with constant decryption cost

Abstract

Most of the existing broadcast encryption schemes are constructed in either public key cryptosystem or identity-based cryptosystem. However, the overload of certificate management is heavy for public key cryptosystem while the key escrow problem is inherent in identity-based cryptosystem. Certificate-based cryptosystem provides a promising solution of designing more efficient and secure broadcast encryption schemes. Meanwhile, it is an important security property to protect the privacy of receivers, anonymity in many broadcast encryption application scenarios. Furthermore, in the broadcast encryption applications with a large number of computationally constrained users, it is critical to lower the computation cost, especially the decryption cost of the users. In this paper, we first introduce the notion of anonymous certificate-based broadcast encryption. Specifically, we formalize the definition and security model for anonymous certificate-based broadcast encryption. Then we construct an anonymous certificate-based broadcast encryption scheme with constant decryption cost. Compared with the existing anonymous multi-receiver certificate-based encryption scheme, the proposed scheme has advantage in the computation efficiency. Therefore, our scheme is more feasible for those broadcast encryption application scenarios where there are many receivers with limited computation ability. In the respect of security, the proposed scheme achieves anonymity and confidentiality against adaptive chosen-ciphertext attacks simultaneously under standard assumption.