Welcome to the resource topic for 2016/953
Title:
Collusion-Resistant Broadcast Encryption with Tight Reductions and Beyond
Authors: Linfeng Zhou
Abstract:The issue of tight security for identity-based encryption schemes ((\mathsf{IBE})) in bilinear groups has been widely investigated and a lot of optimal properties have been achieved. Recently, a tightly secure IBE scheme in bilinear groups under the multi-challenge setting has been achieved by Chen et al. (to appear in PKC 2017), and their scheme even achieves constant-size public parameters and is adaptively secure. However, we note that the issue of tight security for broadcast encryption schemes ((\mathsf{BE})) in bilinear groups has received less attention so far. Actually current broadcast encryption systems of bilinear groups are either not tightly secure or based on non-static assumptions. In this work we mainly focus on the issue of tight security for standard broadcast encryption schemes \footnote{We utilize the syntax of broadcast encryption schemes under the key-encapsulation setting in this work and it is easy to be transformed into one under the standard setting.}. We construct the \textit{first} tightly secure broadcast encryption scheme from static assumptions (i.e., decisional subgroup assumptions) in the selective security model by utilizing improved techniques derived from the Déjà Q framework (Eurocrypt 2014, TCC-A 2016). The proof of our construction will lead to only (O(\log n)) or (O(\log \lambda)) security loss, where (n) is the number of users in the system and (\lambda) is the security parameter. Following this result, we present a tightly secure non-zero inner product encryption scheme ((\mathsf{NIPE})) from decisional subgroup assumptions in the selective security model. This NIPE scheme has the same parameter sizes as our BE scheme and there is only (O(\log n)) or (O(\log \lambda)) security loss as well, where (n) is the dimension of the inner product space and (\lambda) is the security parameter. Finally, we further present a tightly secure functional commitment scheme ((\mathsf{FC})) for linear functions, which was introduced by Libert et al. (ICALP 16). In contrast with their scheme, which also suffers (O(n)) security loss during the reduction, there is only (O(\log n)) or (O(\log \lambda)) security loss in our FC scheme.
ePrint: https://eprint.iacr.org/2016/953
See all topics related to this paper.
Feel free to post resources that are related to this paper below.
Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.
For more information, see the rules for Resource Topics .