In a threshold broadcast encryption scheme, a sender chooses (ad-hoc) a set of n receivers and a threshold t, and then encrypts a message by using the public keys of all the receivers, in such a way that the original plaintext can be recovered only if at least t receivers cooperate. Previously proposed threshold broadcast encryption schemes have ciphertexts whose length is at least n + O(1). In this paper, we propose new schemes, for both PKI and identity-based scenarios, where the ciphertexts' length is n - t + O(1). The constructions use secret sharing techniques and the Canetti-Halevi-Katz transformation to achieve chosen-ciphertext security. The security of our schemes is formally proved under the Decisional Bilinear Diffie-Hellman (DBDH) Assumption. © Springer-Verlag Berlin Heidelberg 2007.
CITATION STYLE
Daza, V., Herranz, J., Morillo, P., & Ràfols, C. (2007). CCA2-Secure threshold broadcast encryption with shorter ciphertexts. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 4784 LNCS, pp. 35–50). Springer Verlag. https://doi.org/10.1007/978-3-540-75670-5_3
Mendeley helps you to discover research relevant for your work.