Accountable authority identity-based broadcast encryption with constant-size private keys and ciphertexts

摘要

Identity-based broadcast encryption (IBBE) enables a sender to broadcast a message to multiple identities efficiently. Nevertheless, since IBBE is based on identity-based cryptography (IBC), it suffers from the inherent key escrow problem. As a consequence, not only the user knows its private key, but also the private key generator (PKG). This property leads to that the creator of a given pirated private key, named a private key from an unknown source, is untraceable since both the PKG and suspected user can generate such a pirated private key for this identity. To mitigate this problem, accountable authority IBBE (A-IBBE) was proposed to provide accountability for IBBE, where white-box A-IBBE can distinguish the creator of a given pirated private key between the PKG and suspected user and black-box A-IBBE can further trace the creator of a decoder box. However, all prior constructions of black-box A-IBBE do not capture constant-size private keys and ciphertexts simultaneously. In this paper, to fill this gap, we propose a weak black-box A-IBBE scheme with constant-size private keys and ciphertexts. Our construction supports public traceability such that tracing can be performed with the public tracing key of suspected user instead of its secret key. We first define the weak black-box A-IBBE with public traceability. Then, we give our construction where the private key and ciphertext consist of two and five group elements respectively. Furthermore, the proposed scheme is proven to be secure with random oracles. (C) 2019 Elsevier B.V. All rights reserved.