Research On Provably Secure Broadcast Encryption Scheme In The Standard Model

Broadcast encryption is a cryptosystem for distributing messages to a set of authorized users via an insecure communication channel.Broadcast encryption system enables a sender adaptively selects the set of target users as the authorized set and broadcasts the encryption of messages.Only authorized users could decrypt the broadcasted data and any other cannot even if they obtain the broadcasted ciphertexts.Normally,the security and efficiency are the key aspects for the quality of a broadcast encryption system.Data confidentiality and the property of full collusion resistant are crucial to measure the security of broadcast system.The overhead of ciphertext,public parameters and user secret keys determine the fate of its efficiency.In the theory of provable security,the adversary in the standard model only is constrained by time and computing power.Compared with the random oracle model,the security of the scheme is reduced to a difficult problem in polynomial time,without employing an idealized cryptographic primitive of random oracle to compromise the unknown secret key.Obviously,it is more realistic to prove that the broadcast encryption scheme satisfies the provable security property in the standard model.Our specific works on provably secure broadcast encryption scheme in the standard model are listed as follows.Firstly,we devise a low overhead broadcast encryption scheme from composite order multilinear maps and demonstrate that it is adaptively secure in the standard model.Lewko and Waters introduce a methodology for constructing the semi-functional ciphertext and secret key with the orthogonality property in the subgroup of composite order bilinear group,and then realize the dual system encryption.Note that,the elements of source group and intermediate group both are used for the inputs of multilinear maps.In this paper,we generalize the method of Lewko and Waters for realizing dual system encryption to composite order multilinear groups and construct an adaptively secure broadcast encryption scheme.In such a system for N users,we use Naor-Reingold-style PRF and multilinear maps to shrink the secret key and public keys to O(log N)elements,the ciphertext size is also O(1).Secondly,we propose an authenticated public key based broadcast encryption scheme with prime order asymmetric bilinear maps and present the static security proof in the standard model based on the Decisional co-Diffie-Hellman assumption.In the public key broadcast encryption system,anyone could play the role of broadcaster and use the encryption algorithm to create ciphertext with the public parameters.The unsupervised broadcast strategy plays right into the hands of rogue users and they could distribute junk messages with the divulged public parameters.In the absence of trace mechanism,even someone outside the broadcast encryption system could execute the aforementioned operation and will not bear any responsibilities for that.Authenticated public key broadcast encryption ensures that no such strategy can succeed-the encryption algorithm encrypts messages with public key and the broadcaster's secret keys.It means that any available ciphertext distributed to users is responsible for its broadcaster for forbidding the above problems.In the paper,we firstly build a public key broadcast encryption scheme with static security from prime order asymmetric bilinear maps.Then we devise an authenticated public key broadcast encryption scheme based on the original scheme and prove that our construction captures the static security in the standard model based on the Decisional co-Diffie-Hellman assumption.In our system,the sizes of public parameters and users private key are both polynomial in the total user number,the ciphertext size is of constant size.Finally,we construct an authenticated public key broadcast encryption system in the composite order bilinear groups and show that it is adaptively secure in the standard model.Technically,we apply the method for realizing dual system encryption introduced by Lewko and Waters,and calculate the semi-functional secret keys and ciphertexts by the orthogonality property of the elements in the subgroups of composite order bilinear group.We organize the security proof of our construction as a strand of distinguishable games.The first game is defined as the real broadcast encryption game and the last one will be the one in which the adversary has no advantage unconditionally.Then we show that our scheme is adaptively secure under the general subgroup decisional assumptions in the standard model.Furthermore,the public key size and user secret key size are also O(N),and the ciphertext size is optimized O(1).