Research On Anonymous Identity-Based Broadcast Encryption

With the increased determination of content owners to preserve copyright and the enhanced awareness of common users to protect their privacy, many multi-user applications, such as digital content distribution and pay-per-view, require a cryptographic mechanism to prevent unauthorized users and keep receiver anonymity. Anonymous Identity Based Broadcast Encryption(AIBBE) seems to be an ideal solution to settle the issue mentioned above. AIBBE allows a sender to generate a broadcast ciphertext with multiple intended receivers' identities. Given the generated ciphertext, every intended receiver can decrypt out the contained plaintext. In general, a secure AIBBE scheme guarantees that no one except the intended receivers can learn anything about the plaintext, and know who the intended receivers are.The existing AIBBE schemes fail to achieve efficient decryption or strong security, such as the constant decryption complexity, the security under the adaptive attack, or the security in the standard model. Hence, to overcome the drawbacks of previous schemes is very challenging.The idea of dual random-reuse and a standard data structure called history independent dictionary can be utilized to obtain constant decryption complexity and strong anonymity. Furthermore, the programmable hash function in the multilinear setting is an ideal tool to achieve provable semantic security under an adaptive attack in the standard model. Therefore, an improved AIBBE scheme can be constructed by integrating these features. This scheme is the first one to yield advantages in terms of all the aspect mentioned above and provide a sufficient contribution in theory due to its strong security.To verify the efficiency of decryption, another AIBBE scheme in the Random Oracle(RO) model is also proposed. This scheme makes use of a popular mathematical tool called bilinear map that has been implement by many cryptographic algorithms library. Through programming test, the result demonstrates that under the condition of different authorized recipients, the decryption cost of any authorized receiver is independent with the number of authorized recipients.