Provably CCA-Secure Anonymous Multi-Receiver Certificateless Authenticated Encryption

Multi-receiver encryption allows a sender to choose a set of authorized receivers and send them a message securely and efficiently. Only one ciphertext corresponding to the message is generated regardless of the number of receivers. Thus it is practical and useful for video conferencing systems, pay...

Full description

Saved in:
Bibliographic Details
Published inJournal of Information Science and Engineering Vol. 34; no. 6; pp. 1517 - 1541
Main Authors 曾一凡(YI-FAN TSENG), 范俊逸(CHUN-I FAN)
Format Journal Article
LanguageEnglish
Published Taipei 社團法人中華民國計算語言學學會 01.11.2018
Institute of Information Science, Academia Sinica
Subjects
Algorithms
Authentication
Conferencing systems
Distance learning
Encryption
Islam
Privacy
Receivers
Security
Videoconferencing
anonymity
multi-receiver encryption
sender authentication
chosen-ciphertext attacks
certificate-less encryption
Online AccessGet full text
ISSN1016-2364
DOI10.6688/JISE.201811_34(6).0009

Cover

More Information
Summary:Multi-receiver encryption allows a sender to choose a set of authorized receivers and send them a message securely and efficiently. Only one ciphertext corresponding to the message is generated regardless of the number of receivers. Thus it is practical and useful for video conferencing systems, pay-per-view channels, distance education, and so forth. In 2010, for further protecting receivers' privacy, anonymous multi-receiver identity- based (ID-based) encryption was first discussed, and from then on, many works on the topic have been presented so far. To deal with the key escrow problem inherited from ID-based encryption (IBE), Islam et al. proposed the first anonymous multi-receiver certificateless encryption (AMRCLE) in 2014. In 2015, Hung et al. proposed a novel AMRCLE to improve the efficiency. However, we found that their security proofs are flawed, i.e., the simulation cannot be successfully performed. In this paper, we present a novel AMRCLE scheme with CCA security in confidentiality and anonymity against both Type I and Type II adversaries. Moreover, the identity of the sender of a ciphertext can be authenticated by the receiver after a successful decryption. To the best of our knowledge, the proposed scheme is the first CCA secure AMRCLE scheme, and furthermore, we also pioneer in achieving sender authentication in AMRCLE.
Bibliography:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
ISSN:1016-2364
DOI:10.6688/JISE.201811_34(6).0009