Toward Practical Group Encryption
A group encryption scheme allows anyone to form a ciphertext for a given group member while keeping the receiver’s identity private. At the same time, the encryptor is capable of proving that some (anonymous) group member is able to decrypt the ciphertext and, optionally, that the corresponding plaintext satisfies some a priori relation (to prevent sending bogus messages). Finally, in case of a dispute, the identity of the intended receiver can be recovered by a designated authority. In this paper, we abstract a generic approach to construct group encryption schemes. We also introduce several new implementation tricks. As a result, we obtain group encryption schemes that significantly improve the state of the art. Both interactive and non-interactive constructions are considered.
KeywordsGroup encryption Canetti-Halevi-Katz paradigm homomorphic encryption structure-preserving signatures (non)-interactive zero-knowledge
Unable to display preview. Download preview PDF.