Yanli Ren,Shuozhong Wang,Xinpeng Zhang

DOI: https://doi.org/10.1007/978-3-642-34129-8_47

2012-01-01

Abstract:A dynamic broadcast encryption (DBE) is a broadcast encryption (BE) scheme where a new user can join the system anytime without modifying preexisting user decryption keys. In this paper, we propose a non-interactive dynamic identity-based broadcast encryption (DIBBE) scheme that is fully secure without random oracles. The PKG does not need to execute any interactive operation with the user during the lifetime of the system. The ciphertext is of constant size, and the public key size is linear in the maximal number of receivers for one encryption. This is the first non-interactive DIBBE scheme which is fully secure without random oracles, and it is collusion resistant for arbitrarily large collusion of users.

Zhaoman Liu,Yanbo Chen,Jianting Ning,Yunlei Zhao

DOI: https://doi.org/10.1016/j.tcs.2024.114464

IF: 1.002

2024-01-01

Theoretical Computer Science

Abstract:In the multicast communication scenario, compared with broadcast encryption, broadcast signcryption or multi-receiver signcryption has additional ability to authenticate the source of the message. With the enhanced awareness of privacy preservation, ordinary users pay more attention to the identity leakage in the communication process. The primitive of anonymous broadcast signcryption has been proposed to solve this problem, which provides additional anonymity compared with the existing broadcast signcryption. However, most anonymous broadcast signcryption schemes only ensure the sender's identity concealment but ignore the anonymity of the receiver set. In this paper, we present a fully anonymous identity-based broadcast signcryption scheme, which meets insider unforgeability, outsider confidentiality, identity concealment of sender and full anonymity of the receiver set. In addition, our scheme has two further desirable characteristics. One is public verifiability which means any third party can verify the validity of the message source without knowing the private key provided by the receiver. The other is statelessness which means the user does not need to update the private key due to the join or revocation of other users. Moreover, our scheme has constant-size public parameters and private key as well as constant decryption complexity, which makes the scheme more suitable for deployment in devices with limited storage or low computing power such as IoT devices.

Jianchang Lai,Yi Mu,Fuchun Guo,Rongmao Chen

DOI: https://doi.org/10.1093/comjnl/bxx060

2017-06-07

The Computer Journal

Abstract:A revocable ID-based broadcast encryption scheme allows an authorized third party to revoke any receiver (decryptor) from the initial receiver set S of the original broadcast ciphertext without the need of decryption. However, the existing revocable ID-based broadcast encryption schemes in the literature cannot fully preserve the receiver privacy and have a large size of ciphertext when the revoked user sets are large. To solve these problems, in this paper, we propose a novel scheme: fully privacy-preserving ID-based broadcast encryption with authorization. Our scheme allows an authorized party to dynamically handle the decryption rights of receivers via an authorized user set L without knowing the message and the identities of the initial receivers. Only those users who are both in S and L can decrypt the ciphertext successfully. The final ciphertext reveals nothing about the identity information of receivers and the authorized users. Our scheme achieves full collusion resistance and is applicable to anonymous data sharing where the receivers are decided by the authorized third party (or multiple authorized third parties) excluding the data owner. We show that our proposed scheme is provably secure under the defined security models in the random oracle model.

REN Yanli,GU Dawu,WANG Shuozhong,ZHANG Xinpeng

DOI: https://doi.org/10.3969/j.issn.0253-2778.2012.04.006

2012-01-01

Abstract:The anonymous identity-based encryption(IBE) schemes are currently only selective-ID secure without random oracles or provably secure under a complex assumption.An anonymous IBE scheme based on decisional bilinear Diffie-Hellman(BDH) assumption in a group of composite order was proposed,which is ANON-IND-ID-CPA secure without random oracles and only needs two bilinear pairing computations.This scheme is more secure and efficient than the existing ones.

Yanli Ren,Shuozhong Wang,Xinpeng Zhang,Zhenxing Qian

DOI: https://doi.org/10.1109/mines.2010.96

2010-01-01

Abstract:Anonymous identity-based encryption systems can be used to protect users’ privacy and construct Public key Encryption with Keyword Search (PEKS) schemes where the ciphertext does not leak the identity of the recipient. Currently, there is no anonymous IBE scheme that is fully secure under simple assumptions without random oracles. In this paper, we propose an anonymous IBE scheme using the approach of Dual System Encryption. The scheme is fully secure without random oracles based on decisional bilinear Diffie-Hellman (BDH) and linear assumptions, and the security reduction is tight. These two assumptions are simple and our scheme is more secure than the previous anonymous IBE schemes.

Chun Yuan,Hongyang Gao,Wenshuo Zhou

DOI: https://doi.org/10.1109/wicom.2011.6040166

2011-01-01

Abstract:Due to wireless ad hoc networks' properties of low bandwidth, high delay, high loss rate, and mobility, the implementation of broadcast encryption over wireless ad hoc networks has been a tough problem. This paper describes a lightweight identity-based broadcast encryption scheme including traitor tracing function, which achieves constant size ciphertexts, constant size private keys, and constant size public key. When adding new users, system doesn't have to change previous setups. In addition, by adjusting symmetric key life cycle, system can make tradeoff between security level and efficiency.

Tran Viet Xuan Phuong,Phuong, Tran Viet Xuan

DOI: https://doi.org/10.1007/s10623-024-01373-2

IF: 1.4

2024-04-07

Designs Codes and Cryptography

Abstract:Due to the high demands of data communication, the broadcasting system streams the data daily. This service not only sends out the message to the correct participant but also respects the security of the identity user. In addition, when delivered, all the information must be protected for the party who employs the broadcasting service. Currently, Attribute-Based Broadcast Encryption (ABBE) is useful to apply for the broadcasting service. (ABBE) is a combination of Attribute-Based Encryption (ABE) and Broadcast Encryption (BE), which allows a broadcaster (or encrypter) to broadcast an encrypted message, including a predefined user set and specified access policy to install the authorization mechanism. It is desirable to hide all the information when producing in the ciphertext, which has not been considered in the previous works of ABBE. Motivated by the above issue, we devise a solution to achieve anonymity for the ABBE scheme, which not only hides the access structures but also anonymizes the user's identity. In this work, we propose two schemes as Anonymous Key Policy (AKP)-ABBE and Anonymous Ciphertext Policy (ACP)-ABBE with supporting multiple access structures by using gates. Specifically, we present the generic constructions of AKP/ACP-ABBE on the building block of the Inner Product Encryption ( ), which enables the hidden user's identity and complex -Gate access structure. We show that our proposed schemes are secured under the standard models.

mathematics, applied,computer science, theory & methods

WANG Ji-lin,CHEN Xiao-feng,CHEN De-ren

DOI: https://doi.org/10.3785/j.issn.1008-973x.2006.04.010

2006-01-01

Abstract:Exchange of digitally signed certificates was often used to establish mutual trust between strangers that wish to share resources or to conduct business transactions.Automated trust negotiation(ATN) was an approach to regulate the flow of sensitive information during such an exchange.But ATN cannot handle cyclic policy interdependency satisfactorily.Oblivious signature-based envelope(OSBE) is a scheme to solve this problem.However,the existed scheme could only be implemented on a secure channel.An efficient OSBE scheme without the secure channel is proposed using the ideas of identity-based systems and certificate-based encryption,which satisfies all the properties required by OSBE such as soundness and oblivious et al.Also,the scheme can achieve the desired security notations in the random oracle model.

Keita EMURA,Kaisei KAJITA,Go OHTAKE

DOI: https://doi.org/10.1587/transfun.2023dmp0003

2024-01-01

Abstract:As a multi-receiver variant of public key encryption with keyword search (PEKS), broadcast encryption with keyword search (BEKS) has been proposed (Attrapadung et al. at ASIACRYPT 2006/Chatterjee-Mukherjee at INDOCRYPT 2018). Unlike broadcast encryption, no receiver anonymity is considered because the test algorithm takes a set of receivers as input and thus a set of receivers needs to be contained in a ciphertext. In this paper, we propose a generic construction of BEKS from anonymous andweakly robust 3-level hierarchical identity-based encryption (HIBE). The proposed generic construction provides outsider anonymity, where an adversary is allowed to obtain secret keys of outsiders who do not belong to the challenge sets, and provides sublinear-size ciphertext in terms of the number of receivers. Moreover, the proposed construction considers security against chosen-ciphertext attack (CCA) where an adversary is allowed to access a test oracle in the searchable encryption context. The proposed generic construction can be seen as an extension to the Fazio-Perera generic construction of anonymous broadcast encryption (PKC 2012) from anonymous and weakly robust identity-based encryption (IBE) and the Boneh et al. generic construction of PEKS (EUROCRYPT 2004) from anonymous IBE.We run the Fazio-Perera construction employs on the first-level identity and run the Boneh et al. generic construction on the second-level identity, i.e., a keyword is regarded as a second-level identity. The third-level identity is used for providing CCA security by employing one-time signatures. We also introduce weak robustness in the HIBE setting, and demonstrate that the Abdalla et al. generic transformation (TCC 2010/JoC 2018) for providing weak robustness to IBE works for HIBE with an appropriate parameter setting. We also explicitly introduce attractive concrete instantiations of the proposed generic construction from pairings and lattices, respectively.

computer science, information systems,engineering, electrical & electronic, hardware & architecture

Zhengjun Cao,Lihua Liu

DOI: https://doi.org/10.48550/arXiv.1408.6610

2014-08-28

Abstract:The primitive of private broadcast encryption introduced by Barth, Boneh and Waters, is used to encrypt a message to several recipients while hiding the identities of the recipients. In their construction, a recipient has to first decrypt the received ciphertext to extract the verification key for one-time signature. He then uses the verification key to check whether the ciphertext is malformed. The authors did not consider that information delivered over a channel, especially over a broadcast channel, should be authenticated as to its origin. We remark that the conventional public key signature suffices to authenticate data origin and filter out all malformed ciphertexts. We also discuss the disadvantages of the primitive of one-time signature used in their construction.

Cryptography and Security

Hao Wang,Zhihua Zheng,Yilei Wang

DOI: https://doi.org/10.1109/INCoS.2013.61

2013-01-01

Abstract:In this paper, we consider the privacy-preserving problem in the context of broadcast encryption. We provide a security definition for privacy-preserving broadcast encryption, and construct a new scheme. To achieve privacy-preserving, we blind the cipher texts using the random factors. Moreover, we use a pair of orthonormal bases to construct secret key and cipher texts for proper decryption. Our privacy-preserving broadcast encryption scheme can be proven in the adaptive model without random oracle. The key technique used to obtain our result is an elaborate combination of the dual system encryption proposed by Waters and a new approach on bilinear pairings using the notion of dual pairing vector spaces (DPVS) proposed by Okamoto and Takasima.

Jianhong Zhang,Peirong Ou

DOI: https://doi.org/10.3390/s19153370

IF: 3.9

2019-07-31

Sensors

Abstract:Nowadays, the widely deployed and high performance Internet of Things (IoT) facilitates the communication between its terminal nodes. To enhance data sharing among terminal devices and ensure the recipients’ privacy protection, a few anonymous multi-recipient broadcast encryption (AMBE) proposals are recently given. Nevertheless, the majority of these AMBE proposals are only proven be securely against adaptively chosen plain-text attack (CPA) or selectively chosen ciphertext attack (CCA). Furthermore, all AMBE proposals are subjected to key escrow issue due to inherent characteristics of the ID-based public cryptography (ID-PKC), and cannot furnish secure de-duplication detection. However, for cloud storage, it is very important for expurgating duplicate copies of the identical message since de-duplication can save the bandwidth of network and storage space. To address the above problems, in the work, we present a privacy-preserving multi-receiver certificateless broadcast encryption scheme with de-duplication (PMCBED) in the cloud-computing setting based on certificateless cryptography and anonymous broadcast encryption. In comparison with the prior AMBE proposals, our scheme has the following three characteristics. First, it can fulfill semantic security notions of data-confidentiality and receiver identity anonymity, whereas the existing proposals only accomplish them by formalizing the weaker security models. Second, it achieves duplication detection of the ciphertext for the identical message encrypted with our broadcast encryption. Finally, it also avoids the key escrow problem of the AMBE schemes.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Xuecheng Ma,Xin Wang,Dongdai Lin

DOI: https://doi.org/10.48550/arXiv.1806.05943

2018-06-15

Abstract:Anonymous Identity-Based Encryption can protect privacy of the receiver. However, there are some situations that we need to recover the identity of the receiver, for example a dispute occurs or the privacy mechanism is abused. In this paper, we propose a new concept, referred to as Anonymous Identity-Based Encryption with Identity Recovery(AIBEIR), which is an anonymous IBE with identity recovery property. There is a party called the Identity Recovery Manager(IRM) who has a secret key to recover the identity from the ciphertext in our scheme. We construct it with an anonymous IBE and a special IBE which we call it testable IBE. In order to ensure the semantic security in the case where the identity recovery manager is an adversary, we define a stronger semantic security model in which the adversary is given the secret key of the identity recovery manager. To our knowledge, we propose the first AIBEIR scheme and prove the security in our defined model.

Cryptography and Security

Liqing Chen,Jiguo Li,Yang Lu,Yichen Zhang

DOI: https://doi.org/10.1016/j.ins.2020.05.092

IF: 8.1

2020-10-01

Information Sciences

Abstract:<p>The existing public key broadcast encryption schemes are mainly constructed in identity-based cryptosystem, which bears the inherent problems of key escrow and key distribution. The certificate-based encryption mechanism can effectively address the problems in identity-based cryptosystem. Meanwhile, it simplifies the certificate revocation issue for traditional public key cryptosystem. Inspired by the idea of certificate-based encryption, we put forward the new primitive certificate-based broadcast encryption as well as its formal definition and security model. In virtue of prime order bilinear groups, we present an instantiation scheme of certificate-based broadcast encryption. To our best knowledge, the proposed scheme is the first adaptively secure scheme for certificate-based broadcast encryption in the standard model against chosen-ciphertext attack. Compared with the previous work, our scheme has advantages in the respects of computation cost as well as security properties. Furthermore, we present an application scenario of the proposed scheme for data access control in cloud storage service.</p>

computer science, information systems

Mingwu Zhang,Bo Yang,Shenglin Zhu,Wenzheng Zhang

DOI: https://doi.org/10.1007/978-3-540-69304-8_14

2008-01-01

Abstract:Three of the most important services offered by cryptography are confidential, private and authenticatability in distributed systems, such as P2P, trust negotiation and decentralized trust management. Information provider secretly encrypts a message with a hidden approach to protect message security and his privacy. Ring signcryption is an important way to realize full anonymity where the signcrypter cannot verify that this ciphertext was produced by himself. In this paper, we propose a novel construction of efficient secret authenticatable anonymous signcryption scheme in which only the actual signcrypter can authenticate that the ciphertext was produced by himself. The receiver cannot distinguish who the actual signcrypter is in the group even though he obtains all group members' private keys. Proposed scheme has the following properties: semantic security, signcrypter anonymity, signcrypter secret authenticatability, and unforgeability. We prove its security in the random oracle model under the DBDH assumption.

Yu Chen,Song Luo,Jianbin Hu,Zhong Chen

DOI: https://doi.org/10.1007/978-3-642-27901-0_7

2012-01-01

Abstract:In EUROCRYPT 2004, Boneh and Boyen presented two efficient Identity Based Encryption (IBE) schemes that are selective-identity secure in the standard model. Particularly, the first one known as BB1 -IBE, which is characterized by commutative blinding technique (BB1 -style), distinguishes itself as the most fertile ground for many applications. They also proved that BB1 -IBE is fully secure in the random oracle model but with a looser reduction. In this paper, we propose a novel IBE scheme of BB1 -style, which is fully secure in the random oracle model with a tighter reduction. Additionally, we give a chosen ciphertext secure construction of our scheme from twin technique.

Beini Zhou,Hui Li,Li Xu

DOI: https://doi.org/10.1109/iscc.2018.8538446

2018-01-01

Abstract:Identity-based encryption is a key distribution system in which the public key of a user is derived directly from his identity information. Compared with PKI, Identity-based encryption simplifies key management issue, but it still suffers from drawbacks inkey escrow and private key delivering. Motivated by this, we propose an improved key distribution solution called BIBE by integrating the technique of blockchain into the identity-based encryption. Specifically, we split the nodes in the chain to complete user authentication and private key protection, respectively. Furthermore, the two sides complete the mutual identity authentication with the identity information key pairs obtained from BIBE. Additionally, to prevent network attack, we employ timestamps, random numbers and hash algorithm in the process of identification. Through the rigorous and mathematical analysis, the proposed scheme demonstratesa far better performance on correctness, safety and efficiency.

Shuanggen Liu,Hailun Pan,Xu An Wang,Siyi Zhao,Qing Li

DOI: https://doi.org/10.1016/j.sysarc.2024.103100

IF: 5.836

2024-03-08

Journal of Systems Architecture

Abstract:Medical data sharing is essential for the advancement of medical research, but the existence of malicious encryptors and malicious users poses a major challenge to the seamless sharing of information among healthcare providers. We proposed a traceable and revocable broadcast encryption scheme for preventing malicious encryptors in the Medical Internet of Things (MIoT). In 2023, Wang et al. first proposed the concept of malicious encryptor for broadcast encryption and trator tracing, and they constructed a scheme for preventing this attack. The malicious encryptor is reasonable in real broadcast encryption systems because the encryptor is not always the same as the digital content provider. When digital content providers for medical institutions want to share sensitive medical data, the employees may implement encryption. Then the employees may plant some trapdoors and sell to the black market, which can be used to construct pirated boxes. To resist malicious encryptor attacks, we rely on the uniform distribution of the output of the secure cryptographic hash function to generate the randomness needed for encryption. To prevent malicious users from selling their private keys to attackers, we set up public tracing and revocation mechanisms. Meanwhile, we enable digital content providers to share common encrypted data to different groups of authorized users protected by privacy, while also sharing individual data to designated consumers of those groups. Under the decision q -parallel BDHE assumption without random oracles, our construction is demonstrated to be adaptive IND-CPA secure. Since we have a compact communication bandwidth, a constant user secret key size, and only three bilinear operations are needed for decryption to recover the encrypted broadcast message, our scheme does not add much overhead and is therefore practical.

computer science, software engineering, hardware & architecture

Rafael F. Schaefer,Ashish Khisti,H. Vincent Poor

DOI: https://doi.org/10.1109/TCOMM.2017.2764892

2018-02-19

Abstract:The problem of secure broadcasting with independent secret keys is studied. The particular scenario is analyzed in which a common message has to be broadcast to two legitimate receivers, while keeping an external eavesdropper ignorant of it. The transmitter shares independent secret keys of sufficiently high rates with both legitimate receivers, which can be used in different ways: they can be used as one-time pads to encrypt the common message, as fictitious messages for wiretap coding, or as a hybrid of these. In this paper, capacity results are established when the broadcast channels involving the three receivers are degraded. If both legitimate channels are degraded versions of the eavesdropper's channel, it is shown that the one-time pad approach is optimal for several cases, yielding corresponding capacity expressions. Alternatively, the wiretap coding approach is shown to be optimal if the eavesdropper's channel is degraded with respect to both legitimate channels, establishing capacity in this case as well. If the eavesdropper's channel is neither the strongest nor the weakest, an intricate scheme that carefully combines both concepts of one-time pad and wiretap coding with fictitious messages turns out to be capacity-achieving. Finally we also obtain some results for the general non-degraded broadcast channel.

Information Theory

Hong Zhong,Shuo Zhang,Jie Cui,Lu Wei,Lu Liu

DOI: https://doi.org/10.1109/tvt.2021.3113660

IF: 6.8

2022-03-01

IEEE Transactions on Vehicular Technology

Abstract:Information dissemination in vehicular ad hoc networks (VANETs) is inseparable from the interaction between vehicles and infrastructure. The trust authority (TA) often plays a pivotal role in VANETs and requires interaction with multiple vehicles. However, when the TA sends the same message to multiple vehicles, there are many redundancies, as it needs to negotiate with each vehicle and send them different ciphertexts. This greatly reduces the work efficiency of the TA. To the best of our knowledge, there is no research on the problem of redundancy that occurs when the same message is sent to multiple vehicles in VANETs. The proposed scheme adopts identity-based broadcast encryption (IBBE) technology, which is a secure data-sharing scheme suitable for the vehicle-to-infrastructure communication mode, in VANETs for the first time. Thus, with only one encryption, the TA can generate a fixed-length ciphertext for a group of vehicles. When there are new vehicles that subsequently request a service, the TA can assign encryption tasks to the proxy server. In terms of security, our scheme meets the particular requirements of VANETs. The encryption overhead of the sender and the length of the ciphertext were comparatively analyzed. The results demonstrated that the performance of the scheme improved significantly. Thus, our scheme can prevent redundancies and effectively improve the work efficiency of TA.

telecommunications,engineering, electrical & electronic,transportation science & technology