CCA2-Secure Threshold Broadcast Encryption with Shorter Ciphertexts

  • Vanesa Daza
  • Javier Herranz
  • Paz Morillo
  • Carla Ràfols
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4784)


In a threshold broadcast encryption scheme, a sender chooses (ad-hoc) a set of n receivers and a threshold t, and then encrypts a message by using the public keys of all the receivers, in such a way that the original plaintext can be recovered only if at least t receivers cooperate. Previously proposed threshold broadcast encryption schemes have ciphertexts whose length is at least \(n + \mathcal{O}(1)\). In this paper, we propose new schemes, for both PKI and identity-based scenarios, where the ciphertexts’ length is \(n-t + \mathcal{O}(1)\). The constructions use secret sharing techniques and the Canetti-Halevi-Katz transformation to achieve chosen-ciphertext security. The security of our schemes is formally proved under the Decisional Bilinear Diffie-Hellman (DBDH) Assumption.


Secret Sharing Scheme Bilinear Pairing Broadcast Encryption Challenge Ciphertext Choose Ciphertext Attack 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Abe, M., Cui, Y., Imai, H., Kiltz, E.: Efficient hybrid encryption from ID-based encryption. IACR ePrint (2007), available at Google Scholar
  2. 2.
    Bellare, M., Boldyreva, A., Micali, S.: Public-key encryption in a multi-user setting: security proofs and improvements. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 259–274. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  3. 3.
    Bellare, M., Goldreich, O.: On defining proofs of knowledge. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 390–420. Springer, Heidelberg (1993)Google Scholar
  4. 4.
    Blakley, G.R.: Safeguarding cryptographic keys. In: Proceedings of the National Computer Conference, American Federation of Information, Processing Societies Proceedings, vol. 48, pp. 313–317 (1979)Google Scholar
  5. 5.
    Boneh, D., Boyen, X.: Efficient selective-ID secure identity-based encryption without random oracles. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 223–238. Springer, Heidelberg (2004)Google Scholar
  6. 6.
    Boneh, D., Boyen, X., Halevi, S.: Chosen ciphertext secure public key threshold encryption without random oracles. In: Pointcheval, D. (ed.) CT-RSA 2006. LNCS, vol. 3860, pp. 226–243. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  7. 7.
    Boneh, D., Canetti, R., Katz, J., Halevi, S.: Chosen-ciphertext security from identity-based encryption. SIAM Journal on Computing 36(5), 1301–1328 (2007)CrossRefMathSciNetGoogle Scholar
  8. 8.
    Boneh, D., Franklin, M.K.: Identity-based encryption from the Weil pairing. SIAM Journal on Computing 32(3), 586–615 (2003)zbMATHCrossRefMathSciNetGoogle Scholar
  9. 9.
    Boneh, D., Gentry, C., Waters, B.: Collusion resistant broadcast encryption with short ciphertexts and private keys. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 258–275. Springer, Heidelberg (2005)Google Scholar
  10. 10.
    Canetti, R., Goldwasser, S.: An efficient threshold public key cryptosystem secure against adaptive chosen ciphertext attack. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 90–106. Springer, Heidelberg (1999)Google Scholar
  11. 11.
    Canetti, R., Halevi, S., Katz, J.: Chosen-ciphertext security from identity-based encryption. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 207–222. Springer, Heidelberg (2004)Google Scholar
  12. 12.
    Chai, Z., Cao, Z., Zhou, Y.: Efficient ID-based broadcast threshold decryption in ad hoc network. In: Proceedings of IMSCCS 2006, vol. 2, IEEE Computer Society Press, Los Alamitos (2006)Google Scholar
  13. 13.
    Chatterjee, S., Sarkar, P.: Multi-receiver identity-based key encapsulation with shortened ciphertext. In: Barua, R., Lange, T. (eds.) INDOCRYPT 2006. LNCS, vol. 4329, pp. 394–408. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  14. 14.
    Daza, V., Herranz, J., Morillo, P., Ràfols, C.: Ad-hoc threshold broadcast encryption with shorter ciphertexts. In: Proceedings of WCAN 2007 (to be published by Electronic Notes in Theoretical Computer Science) (2007)Google Scholar
  15. 15.
    Fiat, A., Naor, M.: Broadcast encryption. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 480–491. Springer, Heidelberg (1994)Google Scholar
  16. 16.
    Ghodosi, H., Pieprzyk, J., Safavi-Naini, R.: Dynamic threshold cryptosystems: a new scheme in group oriented cryptography. In: Proceedings of Pragocrypt 1996, CTU Publishing house, pp. 370–379 (1996)Google Scholar
  17. 17.
    Lim, C.H., Lee, P.J.: Directed signatures and application to threshold cryptosystems. In: Lomas, M. (ed.) Security Protocols. LNCS, vol. 1189, pp. 131–138. Springer, Heidelberg (1997)Google Scholar
  18. 18.
    Sakai, R., Furukawa, J.: Identity-based broadcast encryption. IACR ePrint (2007), available at
  19. 19.
    Shamir, A.: How to share a secret. Communications of the ACM 22, 612–613 (1979)zbMATHCrossRefMathSciNetGoogle Scholar
  20. 20.
    Shamir, A.: Identity-based cryptosystems and signature schemes. In: Blakely, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 47–53. Springer, Heidelberg (1985)CrossRefGoogle Scholar
  21. 21.
    Shoup, V., Gennaro, R.: Securing threshold cryptosystems against chosen ciphertext attack. Journal of Cryptology 15(2), 75–96 (2002)zbMATHMathSciNetGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Vanesa Daza
    • 1
  • Javier Herranz
    • 2
  • Paz Morillo
    • 3
  • Carla Ràfols
    • 3
  1. 1.Dept. D’Enginyeria Informàtica i Matemàtiques, Universitat Rovira i Virgili, Av. Països Catalans 26, E-43007 TarragonaSpain
  2. 2.IIIA, Artificial Intelligence Research Institute, CSIC, Spanish National Research Council, Campus UAB s/n, E-08193 BellaterraSpain
  3. 3.Dept. Matemàtica Aplicada IV, Universitat Politècnica de Catalunya, C. Jordi Girona 1-3, E-08034 BarcelonaSpain

Personalised recommendations