Identity-Based Dual Receiver Encryption

Dual receiver encryption(DRE),as a notion of special encryption algorithm,allows the sender to encrypt the message and send the ciphertext to two independent receivers.The ciphertext can be decrypted into the same original plaintext by the two independent receivers respectively.DRE can be adopted in ciphertext transmission through public channel to make the sensitive information be monitored and backed up.Furthermore,DRE is also an important means to protect the server from resource-depletion attacks during the interaction between client and servers.Traditional DRE constructions are considered in traditional public key encryption(PKE)settings.In encryption phase,the sender encrypt the message with two receivers'public keys.In decryption phase,the two independent receivers decrypt the ciphertext with their own private key alone.Those DRE schemes need a trusted certificate authority,which serves to generate,maintain,update and revoke the public keys in the system.The operations performed by the certificate authority will take up a lot ofcomputation and storage resources.The identity-based dual receiver encryption(ID-DRE)is proposed to overcome the issue of certificate management in traditional PKE settings.Inspired by the efficient identity-based encryption scheme constructed by Waters,we adopt the same technique to embed the user's identity information into the encryption process.After that,we achieved an ID-DRE scheme with the indistinguishability against adaptive chosen identity and ciphertext attacks(IND-ID-CCA)by using a general method showed by Lai et al,which describes how to construct a CCA PKE scheme from an IBE scheme.The new ID-DRE scheme is provably secure under the decisional bilinear Diffie-Hellman(DBDH)assumption in standard model.The security loss for our ID-DRE scheme is O(q2n),where n is the bitlength of user's identity information and q is the total of queries submitted by adversary in query phase.In addition,our ID-DRE scheme is efficient with short ciphertext and smaller public parameters compared with the previous scheme,which makes the scheme become more practical.In a DRE scheme,when a receiver suspects that the message is from a malicious sender,he has to convince a trusted third party that the massage he received privately was not correctly formed.To make the receiver have the ability,we did research on the property of non-interactive opening in DRE and initially put forth the notion of dual receiver encryption with non-interactive opening(DRENO).In a DRENO scheme,a receiver can produce a proof without extra interaction,which allows the validity of the ciphertext to be checked by a third party.The proof will not expose any information about the private key of the receiver.We gave two formal definitions and security models of the identity-based dual receiver encryption with non-interactive opening(ID-DRENO)according to the different proof provider.In each case,we constructed a concrete scheme.The proof in DRENO-REV scheme is produced by receivers and the proof in DRENO-KGC scheme is produced by private key generate center.Both concrete schemes are provably secure in standard model.