Anonymous broadcast encryption with an untrusted gateway

We propose a verifiable and anonymous broadcast encryption scheme, where an 'untrusted' gateway can verify incoming communication flows to ensure only the intended anonymous receivers in the target domain can receive them. This scenario is interesting while the privacy of receivers should be considered. The difficulty in this setting is how to achieve both confidentiality of the message and anonymity of receivers during the gateway verification. To achieve this goal, we introduce a new notion of encrypted identity search, which allows the gateway blindly verifies the incoming traffic. Our scheme captures security properties: confidentiality and anonymity against dishonest gateway, corrupted receivers and collusion attacks. We present a concrete construction of gateway-based verifiable and anonymous broadcast encryption system from bilinear pairings, and give its security reduction under the computational assumptions related to bilinear pairings.

[1]  Joonsang Baek,et al.  Public Key Encryption with Keyword Search Revisited , 2008, ICCSA.

[2]  Jan Camenisch,et al.  Practical Verifiable Encryption and Decryption of Discrete Logarithms , 2003, CRYPTO.

[3]  Silvio Micali,et al.  Probabilistic Encryption , 1984, J. Comput. Syst. Sci..

[4]  Amos Fiat,et al.  Broadcast Encryption , 1993, CRYPTO.

[5]  David Pointcheval,et al.  Fully Collusion Secure Dynamic Broadcast Encryption with Constant-Size Ciphertexts or Decryption Keys , 2007, Pairing.

[6]  Yevgeniy Dodis,et al.  Public Key Broadcast Encryption for Stateless Receivers , 2002, Digital Rights Management Workshop.

[7]  Brent Waters,et al.  Collusion Resistant Broadcast Encryption with Short Ciphertexts and Private Keys , 2005, CRYPTO.

[8]  Rafail Ostrovsky,et al.  Public Key Encryption with Keyword Search , 2004, EUROCRYPT.

[9]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[10]  Jan Camenisch,et al.  An Efficient System for Non-transferable Anonymous Credentials with Optional Anonymity Revocation , 2001, IACR Cryptol. ePrint Arch..

[11]  Kenneth G. Paterson,et al.  Anonymous Broadcast Encryption , 2011, IACR Cryptol. ePrint Arch..

[12]  Matthew K. Franklin,et al.  Verifiable Signature Sharing , 1995, EUROCRYPT.

[13]  Markus Stadler,et al.  Publicly Verifiable Secret Sharing , 1996, EUROCRYPT.

[14]  Jonathan Katz,et al.  Improved Efficiency for CCA-Secure Cryptosystems Built Using Identity-Based Encryption , 2005, CT-RSA.

[15]  Dan Boneh,et al.  Efficient Selective Identity-Based Encryption Without Random Oracles , 2011, Journal of Cryptology.

[16]  N. Asokan,et al.  Optimistic Fair Exchange of Digital Signatures (Extended Abstract) , 1998, EUROCRYPT.

[17]  Pascal Paillier,et al.  Public-Key Cryptosystems Based on Composite Degree Residuosity Classes , 1999, EUROCRYPT.

[18]  Jacques Stern,et al.  Fair Encryption of RSA Keys , 2000, EUROCRYPT.

[19]  Brent Waters,et al.  Adaptive Security in Broadcast Encryption Systems (with Short Ciphertexts) , 2009, EUROCRYPT.

[20]  Cécile Delerablée,et al.  Identity-Based Broadcast Encryption with Constant Size Ciphertexts and Private Keys , 2007, ASIACRYPT.

[21]  Feng Bao An Efficient Verifiable Encryption Scheme for Encryption of Discrete Logarithms , 1998, CARDIS.

[22]  Antoine Joux A One Round Protocol for Tripartite Diffie-Hellman , 2000, ANTS.

[23]  Brent Waters,et al.  Privacy in Encrypted Content Distribution Using Private Broadcast Encryption , 2006, Financial Cryptography.

[24]  Antoine Joux,et al.  Separating Decision Diffie–Hellman from Computational Diffie–Hellman in Cryptographic Groups , 2003, Journal of Cryptology.

[25]  M. Stadler Publicly Veriiable Secret Sharing , 1996 .

[26]  Eyal Kushilevitz,et al.  Private information retrieval , 1995, Proceedings of IEEE 36th Annual Foundations of Computer Science.

[27]  Antoine Joux,et al.  A One Round Protocol for Tripartite Diffie–Hellman , 2000, Journal of Cryptology.