A recent primitive known as asymmetric group key agreement allows a group of users to negotiate a common encryption key which is accessible to any entities while each user holds her respective secret decryption key. This concept not only enables confidential communications among group users but also permits any outsider to send encrypted messages to the group. The existing instantiation is only secure against passive adversaries. In this paper, we first propose an authenticated asymmetric group key agreement protocol which captures the practical security properties against active attacks. Based on our protocol, we then propose a broadcast encryption system without relying on a trusted dealer to distribute the secret keys to the users. Our system has also short ciphertexts. Furthermore, the proposal is equipped with the perfect forward security property.
展开▼