Revocable Hierarchical Identity-Based Broadcast Encryption  

作　　者：Dawei Li Jianwei Liu Zongyang Zhang Qianhong Wu Weiran Liu 

机构地区：[1]School of Electronic and Information Engineering, Beihang University, Beijing 100191, China

出　　处：《Tsinghua Science and Technology》2018年第5期539-549,共11页清华大学学报（自然科学版（英文版）

基　　金：supported by the National Key Research and Development Program of China (No. 2017YFB0802502);the National Natural Science Foundation of China (Nos. 61672083, 61370190, 61532021, 61472429, 61402029, 61702028, and 61571024);the National Cryptography Development Fund (No. MMJJ20170106);the Planning Fund Project of Ministry of Education (No. 12YJAZH136);the Beijing Natural Science Foundation (No. 4132056);the Fund of the State Key Laboratory of Information Security, the Institute of Information Engineering, and the Chinese Academy of Sciences (No. 2017-MS-02)

摘　　要：Hierarchical Identity-Based Broadcast Encryption （HIBBE） organizes users into a tree-like structure, and it allows users to delegate their decryption ability to subordinates and enable encryption to any subset of users while only intended users can decrypt. However, current HIBBE schemes do not support efficient revocation of private keys. Here, a new primitive called Revocable Hierarchical Identity-Based Broadcast Encryption （RHIBBE） is formalized that allows revocation of the HIBBE. Ciphertext indistinguishability is defined against the selectively Bounded Revocable Identity-Vector-Set and Chosen-Plaintext Attack （IND-sBRIVS-CPA）. An IND-sBRIVS-CPA secure RHIBBE scheme is constructed with efficient revocation on prime-order bilinear groups. The unbounded version of the scheme is also shown to be secure but a little weaker than the former under the decisional n-Weak Bilinear Diffie-Hellman inversion assumption.Hierarchical Identity-Based Broadcast Encryption （HIBBE） organizes users into a tree-like structure, and it allows users to delegate their decryption ability to subordinates and enable encryption to any subset of users while only intended users can decrypt. However, current HIBBE schemes do not support efficient revocation of private keys. Here, a new primitive called Revocable Hierarchical Identity-Based Broadcast Encryption （RHIBBE） is formalized that allows revocation of the HIBBE. Ciphertext indistinguishability is defined against the selectively Bounded Revocable Identity-Vector-Set and Chosen-Plaintext Attack （IND-sBRIVS-CPA）. An IND-sBRIVS-CPA secure RHIBBE scheme is constructed with efficient revocation on prime-order bilinear groups. The unbounded version of the scheme is also shown to be secure but a little weaker than the former under the decisional n-Weak Bilinear Diffie-Hellman inversion assumption.

关 键 词：Revocable Hierarchical Identity-Based Broadcast Encryption （RHIBBE） REVOCATION provable security 

分 类 号：TN918.4[电子电信—通信与信息系统]