| Broadcast encryption which allows one party to send messages to multiple receivers is an essential part of public key cryptography. Instead of sending one encryption to one receiver, the sender can simply broadcast one encryption to make multiple receivers get access to the message while others can not. That is a more efficient approach to send identical messages to multiple receivers.In this sense, broadcast encryption is the same as muti-receiver encryption.In conventional broadcast encryption, the set of receivers’identities is often a part of the ciphertext. As a result, not only the receivers get the knowledge that they are actually receivers, but anyone who gets the ciphertext also does. That makes traditional broadcast encryption difficult to meet the needs of privacy protection in modern internet communication. Thus, private broadcast encryption becomes the new hot spot in this area. Privacy protection requires that even a legal receiver can not get the knowledge of the identities of other receivers.Most existing private broadcast encryption schemes construct an access structure in the set of identities whithout revealing it that only legal receivers are able to decrypt to achieve privacy protection. However, this approach suffers from a kind of "replace attack" due to the independence between the access structure and the ciphertext. Replace attack means a legal receiver encrypts a new message with the same access structure as the former encryption. Since the receivers of the original encryption can also get access to the new message, the attacker knows the identities of the original receivers by observing reactions to the new message. The scheme which can resist replace attack have tough requirements for subschemes used in the scheme. That makes the scheme hard to use the convenient techniques and lack of the ability of extension to other application. Due to the problems above, the pertinent innovation points of this paper show as follows:·This paper sums up the existing schemes and proposes a new convenient construction method of private broadcast encryption which can resist replace attack. This method puts no restriction on subschemes to make the approach easier to realize. The security of schemes following the method should be guaranteed under random oracle model against CCA attacks.·We realize the above result in identity based setting and try to give a construction which is both CCA-secure in ciphertext and privacy while the existing ID-based schemes did not achieve.·The extension of our approach leads to a new application:privacy preserving decryption management. We formalize its security model and transform above construction to an ID-based privacy preserving decryption management scheme with the reason why the existing schemes can not be used like this. |
PDF Full Text Request