Public key broadcast encryption,which belong to public-key cryptography, is thetypical scheme for group information security with dynamic and verifiability. It hasbeen recognized with broad application prospects in the communication, business,digital rights and other fields. Contemporary, provable security is essentially anaxiomatic research method, in which the security of cryptographic schemes is reducedto a“well-knownâ€basic theory or“an axiomâ€. It is not only a method for provingthe security of the cryptographic schemes but also a method for constructing newschemes, which are also a theme of this dissertation. This paper studies some provablysecure broadcast encryption schemes in standard model, which is currently the researchfocus in the field of cryptography. The main results are specified as follows:1. Three provably secure identity-based broadcast encryption schemes in the standardmodel are proposed using the billinear map and pairing. First, we give the formaldefinition of identity based broadcast encryption, and present a broadcastencryption based on Ad Hoc networks with short public key and small private keycalculated amount. The scheme is IND-IN-CPA secure against static adversariesunder the GDDHE intractability assumption. Then, we proposed the secondscheme with fairly efficiency, but its safety upgrade for the chosen ciphertextsecurity. Finally, a broadcast encryption scheme against selective opening attack isproposed by combining with Waters “linear or random†techniques and it canachieve constant-size key or ciphertext, so it can satisfy the higher efficiency andpractice requirement.2. Two provably secure broadcast signcryption schemes are presented.One scheme isconstructed under the random oracle model; the other is constructed under thestandard model. The scheme under the random oracles can achieve constant-sizepublic/private key, little alterative ciphertext which its size varies with thereceiver’s number, and signcryption/unsigncryption processes without bilinearpairing operation. The proof of security shows that the scheme is not only to beIDN-CCA2secure under the weak BCDH problem but also to be existentiallyunforgeable under the EF-ACMA of PSG proposed by Paterson. To the best of ourknowledge, very few works have dealt with the construction in the standard model.So, the other scheme is constructed in the standard model. It introduced a formal security model for certificateless broadcast signcryption secure against themalicious-but-passive KGC attacks and proposed a new certificateless broadcastsigncryption scheme. This scheme is proven not only to be IDN-CCA2secureunder the decisional Bilinear Diffie-Hellman intractability assumption but also tobe existentially unforgeable under the computational Diffie-Hellman intractabilityassumption.3. Researches on the design of the broadcast encryption scheme using the techniquesfor dual system encryption. Considering that Waters introduced a proofmethodology called Dual System Encryption to prove the full-security of (H)IBEsystems but the method’s shortage is that the ciphertext size growing linearly inthe depth of the hierarchy, two broadcast encryption schemes are proposed bycombining with Waters dual system encryption and the orthogonality property ofcomposite-order bilinear groups. Based on the standard model without tags, theschemes can achieve constant-size key and ciphertext, and its security is provedby using several static assumptions which do not depend on the number of queriesthe attacker makes. Furthermore, the analysis results indicated that the schemesare fully secure and fully secure anonymous, respectively.4. According to attribute-based encryption (ABE) systems offer users more levels offlexibility in sharing and managing sensitive data than are provided byidentity-based and public key encryption systems, contemporaneous its advantageis applicable to the unfixed decrypting party, an attribute-based broadcastencryption scheme and a “unbounded†key-policy attribute-based broadcastencryption scheme are proposed by combining with Waters dual systemencryption, attribute-based encryption and broadcast encryption system. Twoschemes can achieve short constant-size ciphertext and key, their security proofshown that schemes are fully secure and selective secure respectively under theseveral static assumptions which do not depend on the number of queries theattacker makes. |