Provably Secure Anonymous M ulti-Receiver Identity-Based Encryption with
Shorter Ciphertext
Huaqun Wang
School of Information Engineering, Dalian Ocean University, Dalian, China
wanghuaqun@aliyun.com
Abstract—Anonymous multi-receiver identity-based encryp-
tion (ID-MRE) can protect the r eceiver identity besides message
confidentiality. It can be applied in many fields, such as VoIP
(Voice over Internet Protocol) and pay-TV systems. Based
on the bilinear pairings, this paper proposes an anonymous
ID-MRE scheme. The proposed scheme satisfies the indis-
tinguishability of encryptions under selective multi-identity,
adaptive chosen ciphertext attacks (IND-sMID- CCA2). On the
other hand, it also satisfies the anonymous indistinguishability
of encryptions under selective multi-identity, adaptive chosen
ciphertext attacks (ANON-sMID-CCA2). The security analysis
and performance analysis show that our scheme is provably
secure and efficient.
Keyw ords-anonymity; multi-receiver; identity-based encryp-
tion; provable security;
I. INTRODUCTION
Public key encryption scheme must satisfy two basic
security requirements: security and efficiency. The standard
security notion for a encryption scheme is indistinguisha-
bility against adaptive chosen ciphertext attacks, i.e., IND-
CCA2 for short. With respect to efficiency, there are two
main aspects to consider: computational efficiency and com-
munication efficiency. As a special public key encryption
system, multi-receiver encryption can broadcasts a message
with a high-level of computational efficiency while retaining
security. This encryption system can be used in the real
world where there are many users, each with a public
key. The service provider sends them the encrypted data.
Although multi-receiver encryption can solve some problems
in the real world, it cannot protect the privacy of receivers.
On the other hand, it is very important to protect receiver
privacy in some fields, such as VoIP, pay-TV, et al. Thus,
anonymous ID-MRE attracted attentions of some experts
from different fields. It is meaningful to design the anony-
mous ID-MRE security model and the concrete anonymous
ID-MRE scheme.
A. Motivation
In the pay-TV or streaming audio/video services, the
service provider will encrypt the audio/video and sends the
ciphertext to all the receivers who have ordered the program.
Upon receiving the ciphertext, the receiver decrypts the
ciphertext by using his/her personal private key. When the
client orders the sensitive program, he/she usually expects
to hide his/her identity even to other receivers. Thus, it is
important and necessary to study anonymous multi-receiver
encryption scheme.
B. Related works
The concept of multi-receiver public key encryption was
independently formalized by Bellare et al. [1] and Baudron,
et al. [2]. It can be used in many fields, for example,
underwater sensor networks [3], large-scale RFID system-
s[4],etc. After that, many multi-receiver identity-based
encryption schemes are designed [5], [6]. These schemes
do not protect receivers privacy. Until 2012, Fan et al.
presented an anonymous multi-receiver identity-based en-
cryption scheme by taking use of Lagrange interpolating
polynomial mechanisms [7]. It’s regretful that their scheme
does not satisfy the property of anonymity [8], [9]. After
that, Hur et al. proposed a novel privacy-preserving identity-
based broadcast encryption scheme by taking use of key
encapsulation mechanism [10]. In some situations, such as
ordering sensitive TV programmes, a receiver or customer
usually expects that any other receiver or customer does
not know her/his ID when ordering the TV programmes.
Anonymous multi-receiver IBE has a lot of applications. It
is necessary to study this type of cryptographic system.
In an identity-based public key cryptography system,
every user has his/her own identity (ID). These ID may
be some meaningful or easily memorized strings. ID-based
cryptography has attracted a lot of researchers and has
gained some results [11], [12], [13], [14]. Since elliptic curve
public key cryptography is more secure than RSA based on
the same security level, this cryptography system develops
faster. After bilinear pairings were proposed, they are used
to design public key cryptographic schemes [15], [16], [17],
[18]. Bilinear pairings can also be used to study anonymous
ID-MRE cryptographic system.
C. Our contributions
In this paper, we propose a provably secure anonymous
multi-receiver identity-based encryption scheme. The secu-
rity analysis and performance analysis show that our scheme
is provably secure and highly efficient.
2014 IEEE 12th International Conference on Dependable, Autonomic and Secure Computing
978-1-4799-5079-9/14 $31.00 © 2014 IEEE
DOI 10.1109/DASC.2014.24
85