Forward-secure and searchable broadcast encryption with short ciphertexts and private keys

Abstract

We introduce a primitive called Hierarchical Identity- Coupling Broadcast Encryption (HICBE) that can be used for constructing efficient collusion-resistant public-key broadcast encryption schemes with extended properties such as forward-security and keyword- searchability. Our forward-secure broadcast encryption schemes have small ciphertext and private key sizes, in particular, independent of the number of users in the system. One of our best two constructions achieves ciphertexts of constant size and user private keys of size O(log2 T), where T is the total number of time periods, while another achieves both ciphertexts and user private keys of size O(logT). These performances are comparable to those of the currently best single-user forward-secure public-key encryption scheme, while our schemes are designed for broadcasting to arbitrary sets of users. As a side result, we also formalize the notion of searchable broadcast encryption, which is a new generalization of public key encryption with keyword search. We then relate it to anonymous HICBE and present a construction with polylogarithmic performance. © 2006 Springer-Verlag.