Fully privacy-preserving id-based broadcast encryption with authorization
The British Computer Society 2017. All rights reserved. A revocable ID-based broadcast encryption scheme allows an authorized third party to revoke any receiver (decryptor) from the initial receiver set S of the original broadcast ciphertext without the need of decryption. However, the existing revocable ID-based broadcast encryption schemes in the literature cannot fully preserve the receiver privacy and have a large size of ciphertext when the revoked user sets are large. To solve these problems, in this paper, we propose a novel scheme: fully privacy-preserving ID-based broadcast encryption with authorization. Our scheme allows an authorized party to dynamically handle the decryption rights of receivers via an authorized user set L without knowing the message and the identities of the initial receivers. Only those users who are both in S and L can decrypt the ciphertext successfully. The final ciphertext reveals nothing about the identity information of receivers and the authorized users. Our scheme achieves full collusion resistance and is applicable to anonymous data sharing where the receivers are decided by the authorized third party (or multiple authorized third parties) excluding the data owner. We show that our proposed scheme is provably secure under the defined security models in the random oracle model.