Hierarchical Identity-Based Broadcast Encryption (HIBBE) organizes users into a tree-like structure, and it allows users to delegate their decryption ability to subordinates and enable encryption to any subset of us...Hierarchical Identity-Based Broadcast Encryption (HIBBE) organizes users into a tree-like structure, and it allows users to delegate their decryption ability to subordinates and enable encryption to any subset of users while only intended users can decrypt. However, current HIBBE schemes do not support efficient revocation of private keys. Here, a new primitive called Revocable Hierarchical Identity-Based Broadcast Encryption (RHIBBE) is formalized that allows revocation of the HIBBE. Ciphertext indistinguishability is defined against the selectively Bounded Revocable Identity-Vector-Set and Chosen-Plaintext Attack (IND-sBRIVS-CPA). An IND-sBRIVS-CPA secure RHIBBE scheme is constructed with efficient revocation on prime-order bilinear groups. The unbounded version of the scheme is also shown to be secure but a little weaker than the former under the decisional n-Weak Bilinear Diffie-Hellman inversion assumption.展开更多
基金supported by the National Key Research and Development Program of China (No. 2017YFB0802502)the National Natural Science Foundation of China (Nos. 61672083, 61370190, 61532021, 61472429, 61402029, 61702028, and 61571024)+3 种基金the National Cryptography Development Fund (No. MMJJ20170106)the Planning Fund Project of Ministry of Education (No. 12YJAZH136)the Beijing Natural Science Foundation (No. 4132056)the Fund of the State Key Laboratory of Information Security, the Institute of Information Engineering, and the Chinese Academy of Sciences (No. 2017-MS-02)
文摘Hierarchical Identity-Based Broadcast Encryption (HIBBE) organizes users into a tree-like structure, and it allows users to delegate their decryption ability to subordinates and enable encryption to any subset of users while only intended users can decrypt. However, current HIBBE schemes do not support efficient revocation of private keys. Here, a new primitive called Revocable Hierarchical Identity-Based Broadcast Encryption (RHIBBE) is formalized that allows revocation of the HIBBE. Ciphertext indistinguishability is defined against the selectively Bounded Revocable Identity-Vector-Set and Chosen-Plaintext Attack (IND-sBRIVS-CPA). An IND-sBRIVS-CPA secure RHIBBE scheme is constructed with efficient revocation on prime-order bilinear groups. The unbounded version of the scheme is also shown to be secure but a little weaker than the former under the decisional n-Weak Bilinear Diffie-Hellman inversion assumption.
