论文信息 - Cryptanalysis of an identity based broadcast encryption scheme without random oracles

Cryptanalysis of an identity based broadcast encryption scheme without random oracles

Identity based broadcast encryption allows a centralized transmitter to send encrypted messages to a set of identities S, so that only the users with identity in S can decrypt these ciphertexts using their respective private key. Recently [Information Processing Letters 109 (2009)], an identity-based broadcast encryption scheme was proposed (Ren and Gu, 2009) [1], and it was claimed to be fully chosen-ciphertext secure without random oracles. However, by giving a concrete attack, we indicate that this scheme is even not chosen-plaintext secure.

[1] Yanli Ren,et al. Fully CCA2 secure identity based broadcast encryption without random oracles , 2009, Inf. Process. Lett..

[2] David Pointcheval,et al. Fully Collusion Secure Dynamic Broadcast Encryption with Constant-Size Ciphertexts or Decryption Keys , 2007, Pairing.

[3] Dan Boneh,et al. Secure Identity Based Encryption Without Random Oracles , 2004, CRYPTO.

[4] Brent Waters,et al. Collusion Resistant Broadcast Encryption with Short Ciphertexts and Private Keys , 2005, CRYPTO.

[5] Dan Boneh,et al. Efficient Selective-ID Secure Identity Based Encryption Without Random Oracles , 2004, IACR Cryptol. ePrint Arch..

[6] Amos Fiat,et al. Broadcast Encryption , 1993, CRYPTO.

[7] Adi Shamir,et al. Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[8] Brent Waters,et al. Efficient Identity-Based Encryption Without Random Oracles , 2005, EUROCRYPT.

[9] Craig Gentry,et al. Practical Identity-Based Encryption Without Random Oracles , 2006, EUROCRYPT.

[10] Matthew K. Franklin,et al. Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[11] Cécile Delerablée,et al. Identity-Based Broadcast Encryption with Constant Size Ciphertexts and Private Keys , 2007, ASIACRYPT.