Identity-Based Broadcast Encryption with Efficient Revocation
Identity-based broadcast encryption (IBBE) is an effective method to protect the data security and privacy in multi-receiver scenarios, which can make broadcast encryption more practical. This paper further expands the study of scalable revocation methodology in the setting of IBBE, where a key authority releases a key update material periodically in such a way that only non-revoked users can update their decryption keys. Following the binary tree data structure approach, a concrete instantiation of revocable IBBE scheme is proposed using asymmetric pairings of prime order bilinear groups. Moreover, this scheme can withstand decryption key exposure, which is proven to be semi-adaptively secure under chosen plaintext attacks in the standard model by reduction to static complexity assumptions. In particular, the proposed scheme is very efficient both in terms of computation costs and communication bandwidth, as the ciphertext size is constant, regardless of the number of recipients. To demonstrate the practicality, it is further implemented in Charm, a framework for rapid prototyping of cryptographic primitives.
KeywordsBroadcast encryption Revocation Asymmetric pairings Provable security Constant size ciphertext
Part of this work was done while Aijun Ge was visiting Institute for Advanced Study, Tsinghua University. The authors would like to thank Jianghong Wei and Jie Zhang for their helpful discussions on the Charm framework. We also thank anonymous reviewers of PKC 2019 for their insightful comments. The work is partially supported by the National Natural Science Foundation of China (No. 61502529 and No. 61502276), the National Key Research and Development Program of China (No. 2017YFA0303903) and Zhejiang Province Key R&D Project (No. 2017C01062).
- 1.Agrawal S., Chase M.: FAME: fast attribute-based message encryption. In: Proceedings of the 24th ACM Conference on Computer and Communications Security (CCS 2017), pp. 665–682. ACM, New York (2017)Google Scholar
- 6.Boldyreva, A., Goyal, V., Kumar, G.: Identity-based encryption with efficient revocation. In: Proceedings of the 15th ACM Conference on Computer and Communications Security (CCS 2008), pp. 417–426. ACM, New York (2008)Google Scholar
- 17.Katsumata, S., Matsuda, T., Takayasu, A.: Lattice-based revocable (hierarchical) identity-based encryption with decryption key exposure resistance. Cryptology ePrint Archive, Report 2018/420 (2018)Google Scholar
- 20.Lee, K.: Revocable hierarchical identity-based encryption with adaptive security. Cryptology ePrint Archive, Report 2016/749 (2016)Google Scholar
- 23.Ling, S., Nguyen, K., Wang, H., Zhang, J.: Server-aided revocable predicate encryption: formalization and lattice-based instantiation. CoRR, abs/1801.07844 (2018)Google Scholar
- 24.Lee, K., Park, S.: Revocable hierarchical identity-based encryption with shorter private keys and update keys. Des. Codes Cryptogrphy (2018). https://doi.org/10.1007/s10623-017-0453-2
- 32.Susilo, W., Chen, R., Guo, F., et al.: Recipient rovocable identity-based broadcast encryption, or how to revoke some recipient in IBBE without knowledge of the plaintext. In: Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security (AsiaCCS 2016), Xi’an, China, pp. 201–210. ACM (2016)Google Scholar
- 38.Watanabe, Y., Emura, K., Seo, J.H.: New revocable IBE in prime-order groups: adaptively secure, decryption key exposure resistant, and with short public parameters. In: Handschuh, H. (ed.) CT-RSA 2017. LNCS, vol. 10159, pp. 432–449. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-52153-4_25CrossRefzbMATHGoogle Scholar
- 39.Yang, B., Yang, K., Qin, Y., Zhang, Z., Feng, D.: DAA-TZ: an efficient DAA scheme for mobile devices using ARM TrustZone. In: Conti, M., Schunter, M., Askoxylakis, I. (eds.) Trust 2015. LNCS, vol. 9229, pp. 209–227. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-22846-4_13CrossRefGoogle Scholar