Direct CCA secure identity-based broadcast encryption

Abstract

In the previous works, the general transformation methods from a CPA(chosen-plaintext attacks) secure scheme to a CCA(chosen-ciphertext attacks) secure scheme are the hierarchical identity-based encryption, one-time signature and MAC. These folklore construction methods lead to the CCA secure schemes that are somewhat inefficient in the real life. In this paper, a new direct chosen-ciphertext technique is introduced and a practical identity-based broadcast encryption(IBBE) scheme that is CCA secure is proposed. The new scheme has many advantages over the available, such as constant size private keys and constant size ciphertexts, which solve the trade-off between the private keys size and ciphertexts size. In addition, under the standard model, the security of the new scheme is reduced to the hardness assumption-decision bilinear Diffie-Hellman exponent problem(DBDHE). This assumption is more natural than many of the hardness assumptions recently introduced to IBBE in the standard model. © 2012 Springer-Verlag.