This Article 
 Bibliographic References 
 Add to: 
Anonymous Multireceiver Identity-Based Encryption
September 2010 (vol. 59 no. 9)
pp. 1239-1249
Chun-I Fan, National Sun Yat-sen University, Kaohsiung
Ling-Ying Huang, National Sun Yat-sen University, Kaohsiung
Pei-Hsiu Ho, National Sun Yat-sen University, Kaohsiung
Recently, many multireceiver identity-based encryption schemes have been proposed in the literature. However, none can protect the privacy of message receivers among these schemes. In this paper, we present an anonymous multireceiver identity-based encryption scheme where we adopt Lagrange interpolating polynomial mechanisms to cope with the above problem. Our scheme makes it impossible for an attacker or any other message receiver to derive the identity of a message receiver such that the privacy of every receiver can be guaranteed. Furthermore, the proposed scheme is quite receiver efficient since each of the receivers merely needs to perform twice of pairing computation to decrypt the received ciphertext. We prove that our scheme is secure against adaptive chosen plaintext attacks and adaptive chosen ciphertext attacks. Finally, we also formally show that every receiver in the proposed scheme is anonymous to any other receiver.

[1] J. Baek, R. Safavi-Naini, and W. Susilo, "Efficient Multi-Receiver Identity-Based Encryption and Its Application to Broadcast Encryption," Public Key Cryptography—PKC 2005, pp. 380-397, Springer, 2005.
[2] M. Bellare and P. Rogaway, "Random Oracles are Practical: A Paradigm for Designing Efficient Protocols," Proc. ACM CCCS '93, pp. 62-73, 1993.
[3] J. Bethencourt, H. Chan, A. Perrig, E. Shi, and D. Song, "Anonymous Multi-Attribute Encryption with Range Query and Conditional Decryption," technical report, Carnegie Mellon Univ., CMU-CS-06-135, 2006.
[4] D. Boneh and M. Franklin, "Identity-Based Encryption from the Weil Pairing," SIAM J. Computing, vol. 32, no. 3, pp. 586-615, 2003.
[5] X. Boyen and B. Waters, "Anonymous Hierarchical Identity-Based Encryption (without Random Oracles)," Advances in Cryptology—CRYPTO 2006, Springer, Cryptology ePrint Archive, Report 2006/085,, 2006.
[6] H. Chabanne, D.H. Phan, and D. Pointcheval, "Public Traceability in Traitor Tracing Schemes," Advances in Cryptology— EUROCRYPT 2005, pp. 542-558, Springer, 2005.
[7] S. Chatterjee and P. Sarkar, "Multi-Receiver Identity-Based Key Encapsulation with Shortened Ciphertext," Progress in Cryptology— INDOCRYPT 2006, pp. 394-408, Springer , 2006.
[8] X. Du, Y. Wang, J. Ge, and Y. Wang, "An ID-Based Broadcast Encryption Scheme for Key Distribution," IEEE Trans. Broadcasting, vol. 51, no. 2, pp. 264-266, June 2005.
[9] E. Fujisaki and T. Okamoto, "Secure Integration of Asymmetric and Symmetric Encryption Schemes," Proc. Advances in Cryptology—CRYPTO '99, pp. 537-554, 1999.
[10] C. Gentry, "Practical Identity-Based Encryption without Random Oracles," Advances in Cryptology—EUROCRYPT 2006, pp. 445-464, Springer, 2006.
[11] F.B. Hildebrand, Introduction to Numerical Analysis, second ed. Dover, 1974.
[12] L. Hu, D.G. Feng, and T.H. Wen, "Fast Multiplication on a Family of Koblitz Elliptic Curves," J. Software, vol. 14, no. 11, pp. 1907-1910, 2003.
[13] J.W. Lee, Y.H. Hwang, and P.J. Lee, "Efficient Pubic Key Broadcast Encryption Using Identifier of Receivers," Information Security Practice and Experience, pp. 153-164, Springer, 2006.
[14] L. Lu and L. Hu, "Pairing-Based Multi-Recipient Public Key Encryption," Proc. 2006 Int'l Conf. Security Management, pp. 159-165, 2006.
[15] V.S. Miller, "The Weil Pairing, and Its Efficient Calculation," J. Cryptology, vol. 17, pp. 235-261, 2004.
[16] R. Molva and A. Pannetrat, "Network Security in the Multicast Framework," Advanced Lectures in Networking, pp. 59-82, Springer, 2002.
[17] T. Okamoto and D. Pointcheval, "REACT: Rapid Enhanced-Security Asymmetric Cryptosystem Transform," Topics in Cryptology CT-RSA 2001, pp. 159-174, Springer-Verlag, 2001.
[18] M. Scott, N. Costigan, and W. Abdulwahab, "Implementing Cryptographic Pairings on Smartcards," Cryptology ePrint Archive, Report 2006/144,, 2006.
[19] L. Wang and C.-K. Wu, "Efficient Identity-Based Multicast Scheme from Bilinear Pairing," IEE Proc. Comm., vol. 152, no. 6, pp. 877-882, 2005.
[20] V.K. Wei, T.H. Yuen, and F. Zhang, "Group Signature where Group Manager Members Open Authority are Identity-Based," Information Security and Privacy, pp. 468-480, Springer, 2005.
[21] E.D. Win, S. Mister, B. Prennel, and M. Wiener, "On the Performance of Signature Based on Elliptic Curves," Algorithmic Number Theory, pp. 252-266, Springer, 1998.
[22] C. Yang, X. Cheng, W. Ma, and X. Wang, "A New ID-Based Braodcast Encryption Scheme," Autonomic and Trusted Computing 2006, pp. 487-492, Springer-Verlag, 2006.
[23] T.H. Yuen and V.K. Wei, "Fast and Proven Secure Blind Identity-Based Signcryption from Pairings," Topics in Cryptology CT-RSA 2005, pp. 305-322, Springer, 2005.

Index Terms:
Anonymity, multireceiver encryption, pairings, identity-based encryption.
Chun-I Fan, Ling-Ying Huang, Pei-Hsiu Ho, "Anonymous Multireceiver Identity-Based Encryption," IEEE Transactions on Computers, vol. 59, no. 9, pp. 1239-1249, Sept. 2010, doi:10.1109/TC.2010.23
Usage of this product signifies your acceptance of the Terms of Use.