Authenticated public key broadcast encryption with short ciphertexts

Abstract

Broadcast encryption allows a broadcaster, who wants to distribute messages to a chosen subset of receivers, to produce an encrypted content and transmit it via a broadcast channel. Normally we think that it is preferable if the broadcast encryption system is a public-key cryptosystem, which permits anybody could encrypt and distribute messages with public parameters. Nevertheless, such a broadcast strategy brings along a slew of diffusions of the spam that are uncontrollable. Authenticated public key broadcast encryption ensures that no such strategy can succeed - the encryption algorithm creates ciphertext with public key and the broadcaster’s secret key. It means that each broadcasted message is associated to the content distributor in order to ensure accountability. Technically, it embeds a signature in the ciphertext and each authorized users could verify it during decrypting. In this paper, we construct a solution for authenticated public key broadcast encryption using bilinear maps where the ciphertext is of O(1) (only constant number of group elements). The public key size and user private key are of size O(N) (N is the total number of users). The simulation experiment results indicated that the size of public key (private key) is about 4MB where we arbitrarily set N = 100000. Finally, we define the security for authenticated public key broadcast encryption and show that our construction captures static security in the standard model.