Identity-Based Broadcast Encryption with Efficient Revocation

  • Aijun GeEmail author
  • Puwen Wei
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11442)


Identity-based broadcast encryption (IBBE) is an effective method to protect the data security and privacy in multi-receiver scenarios, which can make broadcast encryption more practical. This paper further expands the study of scalable revocation methodology in the setting of IBBE, where a key authority releases a key update material periodically in such a way that only non-revoked users can update their decryption keys. Following the binary tree data structure approach, a concrete instantiation of revocable IBBE scheme is proposed using asymmetric pairings of prime order bilinear groups. Moreover, this scheme can withstand decryption key exposure, which is proven to be semi-adaptively secure under chosen plaintext attacks in the standard model by reduction to static complexity assumptions. In particular, the proposed scheme is very efficient both in terms of computation costs and communication bandwidth, as the ciphertext size is constant, regardless of the number of recipients. To demonstrate the practicality, it is further implemented in Charm, a framework for rapid prototyping of cryptographic primitives.


Broadcast encryption Revocation Asymmetric pairings Provable security Constant size ciphertext 



Part of this work was done while Aijun Ge was visiting Institute for Advanced Study, Tsinghua University. The authors would like to thank Jianghong Wei and Jie Zhang for their helpful discussions on the Charm framework. We also thank anonymous reviewers of PKC 2019 for their insightful comments. The work is partially supported by the National Natural Science Foundation of China (No. 61502529 and No. 61502276), the National Key Research and Development Program of China (No. 2017YFA0303903) and Zhejiang Province Key R&D Project (No. 2017C01062).


  1. 1.
    Agrawal S., Chase M.: FAME: fast attribute-based message encryption. In: Proceedings of the 24th ACM Conference on Computer and Communications Security (CCS 2017), pp. 665–682. ACM, New York (2017)Google Scholar
  2. 2.
    Akinyele, A., Garman, C., Miers, I., et al.: Charm: a framework for rapidly prototyping cryptosystems. J. Cryptogr. Eng. 3, 111–128 (2013)CrossRefGoogle Scholar
  3. 3.
    Attrapadung, N., Imai, H.: Attribute-based encryption supporting direct/indirect revocation modes. In: Parker, M.G. (ed.) IMACC 2009. LNCS, vol. 5921, pp. 278–300. Springer, Heidelberg (2009). Scholar
  4. 4.
    Boneh, D., Boyen, X.: Efficient selective-ID secure identity-based encryption without random oracles. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 223–238. Springer, Heidelberg (2004). Scholar
  5. 5.
    Boneh, D., Franklin, M.: Identity-based encryption from the Weil pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001). Scholar
  6. 6.
    Boldyreva, A., Goyal, V., Kumar, G.: Identity-based encryption with efficient revocation. In: Proceedings of the 15th ACM Conference on Computer and Communications Security (CCS 2008), pp. 417–426. ACM, New York (2008)Google Scholar
  7. 7.
    Chang, D., Chauhan, A.K., Kumar, S., Sanadhya, S.K.: Revocable identity-based encryption from codes with rank metric. In: Smart, N.P. (ed.) CT-RSA 2018. LNCS, vol. 10808, pp. 435–451. Springer, Cham (2018). Scholar
  8. 8.
    Chen, J., Lim, H.W., Ling, S., Wang, H., Nguyen, K.: Revocable identity-based encryption from lattices. In: Susilo, W., Mu, Y., Seberry, J. (eds.) ACISP 2012. LNCS, vol. 7372, pp. 390–403. Springer, Heidelberg (2012). Scholar
  9. 9.
    Chatterjee, S., Menezes, A.: On cryptographic protocols employing asymmetric pairings-the role of \(\varphi \) revisited. Discret. Appl. Math. 159(13), 1311–1322 (2011)MathSciNetCrossRefGoogle Scholar
  10. 10.
    Chen, J., Wee, H.: Semi-adaptive attribute-based encryption and improved delegation for boolean formula. In: Abdalla, M., De Prisco, R. (eds.) SCN 2014. LNCS, vol. 8642, pp. 277–297. Springer, Cham (2014). Scholar
  11. 11.
    Delerablée, C.: Identity-based broadcast encryption with constant size ciphertexts and private keys. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 200–215. Springer, Heidelberg (2007). Scholar
  12. 12.
    Emura, K., Seo, J.H., Youn, T.: Semi-generic transformation of revocable hierarchical identity-based encryption and its DBDH instantiation. IEICE Trans. Fundam. Electron. Commun. Comput. Sci. 99((A(1))), 83–91 (2016)CrossRefGoogle Scholar
  13. 13.
    Fiat, A., Naor, M.: Broadcast encryption. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 480–491. Springer, Heidelberg (1994). Scholar
  14. 14.
    Galbraith, S., Paterson, K., Smart, N.: Pairings for cryptographers. Discret. Appl. Math. 156(16), 3113–3121 (2008)MathSciNetCrossRefGoogle Scholar
  15. 15.
    Gentry, C., Waters, B.: Adaptive security in broadcast encryption systems (with short ciphertexts). In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 171–188. Springer, Heidelberg (2009). Scholar
  16. 16.
    Jutla, C.S., Roy, A.: Shorter quasi-adaptive NIZK proofs for linear subspaces. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT 2013. LNCS, vol. 8269, pp. 1–20. Springer, Heidelberg (2013). Scholar
  17. 17.
    Katsumata, S., Matsuda, T., Takayasu, A.: Lattice-based revocable (hierarchical) identity-based encryption with decryption key exposure resistance. Cryptology ePrint Archive, Report 2018/420 (2018)Google Scholar
  18. 18.
    Katz, J., Sahai, A., Waters, B.: Predicate encryption supporting disjunctions, polynomial equations, and inner products. In: Smart, N. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 146–162. Springer, Heidelberg (2008). Scholar
  19. 19.
    Kogan, N., Shavitt, Y., Wool, A.: A practical revocation scheme for broadcast encryption using smart cards. ACM Trans. Inf. Syst. Secur. 9(3), 325–351 (2006)CrossRefGoogle Scholar
  20. 20.
    Lee, K.: Revocable hierarchical identity-based encryption with adaptive security. Cryptology ePrint Archive, Report 2016/749 (2016)Google Scholar
  21. 21.
    Lee, K., Lee, D., Park, J.: Efficient revocable identity-based encryption via subset difference methods. Des. Codes Cryptogr. 85, 39–76 (2017)MathSciNetCrossRefGoogle Scholar
  22. 22.
    Lai, J., Mu, Y., Guo, F., et al.: Full privacy-preserving and revocable ID-based broadcast encryption for data access control in smart city. Pers. Ubiquitous Comput. 21, 855–868 (2017)CrossRefGoogle Scholar
  23. 23.
    Ling, S., Nguyen, K., Wang, H., Zhang, J.: Server-aided revocable predicate encryption: formalization and lattice-based instantiation. CoRR, abs/1801.07844 (2018)Google Scholar
  24. 24.
    Lee, K., Park, S.: Revocable hierarchical identity-based encryption with shorter private keys and update keys. Des. Codes Cryptogrphy (2018).
  25. 25.
    Libert, B., Vergnaud, D.: Adaptive-ID secure revocable identity-based encryption. In: Fischlin, M. (ed.) CT-RSA 2009. LNCS, vol. 5473, pp. 1–15. Springer, Heidelberg (2009). Scholar
  26. 26.
    Miyaji, A., Nakabayashi, M., Takano, S.: Characterization of elliptic curve traces under FR-reduction. In: Won, D. (ed.) ICISC 2000. LNCS, vol. 2015, pp. 90–108. Springer, Heidelberg (2001). Scholar
  27. 27.
    González-Nieto, J.M., Manulis, M., Sun, D.: Fully private revocable predicate encryption. In: Susilo, W., Mu, Y., Seberry, J. (eds.) ACISP 2012. LNCS, vol. 7372, pp. 350–363. Springer, Heidelberg (2012). Scholar
  28. 28.
    Naor, D., Naor, M., Lotspiech, J.: Revocation and tracing schemes for stateless receivers. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 41–62. Springer, Heidelberg (2001). Scholar
  29. 29.
    Nguyen, K., Wang, H., Zhang, J.: Server-aided revocable identity-based encryption from lattices. In: Foresti, S., Persiano, G. (eds.) CANS 2016. LNCS, vol. 10052, pp. 107–123. Springer, Cham (2016). Scholar
  30. 30.
    Qin, B., Deng, R.H., Li, Y., Liu, S.: Server-aided revocable identity-based encryption. In: Pernul, G., Ryan, P.Y.A., Weippl, E. (eds.) ESORICS 2015. LNCS, vol. 9326, pp. 286–304. Springer, Cham (2015). Scholar
  31. 31.
    Ramanna, S.C.: More efficient constructions for inner-product encryption. In: Manulis, M., Sadeghi, A.-R., Schneider, S. (eds.) ACNS 2016. LNCS, vol. 9696, pp. 231–248. Springer, Cham (2016). Scholar
  32. 32.
    Susilo, W., Chen, R., Guo, F., et al.: Recipient rovocable identity-based broadcast encryption, or how to revoke some recipient in IBBE without knowledge of the plaintext. In: Proceedings of the 11th ACM on Asia Conference on Computer and Communications Security (AsiaCCS 2016), Xi’an, China, pp. 201–210. ACM (2016)Google Scholar
  33. 33.
    Seo, J.H., Emura, K.: Revocable identity-based encryption revisited: security model and construction. In: Kurosawa, K., Hanaoka, G. (eds.) PKC 2013. LNCS, vol. 7778, pp. 216–234. Springer, Heidelberg (2013). Scholar
  34. 34.
    Seo, J.H., Emura, K.: Efficient delegation of key generation and revocation functionalities in identity-based encryption. In: Dawson, E. (ed.) CT-RSA 2013. LNCS, vol. 7779, pp. 343–358. Springer, Heidelberg (2013). Scholar
  35. 35.
    Seo, J.H., Emura, K.: Revocable hierarchical identity-based encryption: history-free update, security against insiders, and short ciphertexts. In: Nyberg, K. (ed.) CT-RSA 2015. LNCS, vol. 9048, pp. 106–123. Springer, Cham (2015). Scholar
  36. 36.
    Seo, J.H., Emura, K.: Adaptive-ID secure revocable hierarchical identity-based encryption. In: Tanaka, K., Suga, Y. (eds.) IWSEC 2015. LNCS, vol. 9241, pp. 21–38. Springer, Cham (2015). Scholar
  37. 37.
    Waters, B.: Dual system encryption: realizing fully secure IBE and HIBE under simple assumptions. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 619–636. Springer, Heidelberg (2009). Scholar
  38. 38.
    Watanabe, Y., Emura, K., Seo, J.H.: New revocable IBE in prime-order groups: adaptively secure, decryption key exposure resistant, and with short public parameters. In: Handschuh, H. (ed.) CT-RSA 2017. LNCS, vol. 10159, pp. 432–449. Springer, Cham (2017). Scholar
  39. 39.
    Yang, B., Yang, K., Qin, Y., Zhang, Z., Feng, D.: DAA-TZ: an efficient DAA scheme for mobile devices using ARM TrustZone. In: Conti, M., Schunter, M., Askoxylakis, I. (eds.) Trust 2015. LNCS, vol. 9229, pp. 209–227. Springer, Cham (2015). Scholar

Copyright information

© International Association for Cryptologic Research 2019

Authors and Affiliations

  1. 1.Key Laboratory of Cryptologic Technology and Information SecurityMinistry of Education, Shandong UniversityJinanChina
  2. 2.State Key Laboratory of Mathematical Engineering and Advanced ComputingZhengzhouChina
  3. 3.Henan Key Laboratory of Network Cryptography TechnologyZhengzhouChina

Personalised recommendations