Identity-based broadcast encryption for inner products
In the identity-based broadcast encryption (IBBE), only these users whose identities are chosen in the ciphertext computing can decrypt the encrypted message. In this paper, we introduce an extension of IBBE, namely Identity-Based Broadcast Encryption for Inner Product (IBBE-IP), where message encryption is replaced by inner product encryption (IPE) introduced by Abdalla et al. (PKC 2015). Precisely, in the IBBE-IP, the private key is associated with a pair of an identity and a vector (ID, →y ). The user with private key of (ID, →y ) can decrypt the encrypted vector →x for an identity set § selected by the encryptor and learn the inner product →x, →y ñ if and only if ID∈ §. Differing from the IBBE, the decryption in the IBBE-IP yields the inner product associated with the encrypted vector without leaking any information of the vector. The encrypted vector is protected as long as the number of selected identities is less than their length. We present a construction of IBBE-IP with constant-size private keys and it supports unbounded private key queries, which was unachieved in the previous works of IPE in the public-key setting. The security of our proposed scheme is proved in the random oracle model.