Cryptanalysis of an identity based broadcast encryption scheme without random oracles

https://doi.org/10.1016/j.ipl.2011.02.007Get rights and content

Abstract

Identity based broadcast encryption allows a centralized transmitter to send encrypted messages to a set of identities S, so that only the users with identity in S can decrypt these ciphertexts using their respective private key. Recently [Information Processing Letters 109 (2009)], an identity-based broadcast encryption scheme was proposed (Ren and Gu, 2009) [1], and it was claimed to be fully chosen-ciphertext secure without random oracles. However, by giving a concrete attack, we indicate that this scheme is even not chosen-plaintext secure.

Research highlights

► We analyze a recent identity-based broadcast encryption scheme. ► We present a chosen-plaintext attack against this scheme. ► Our attack indicate that this scheme is even not chosen-plaintext secure.

References (12)

  • Y. Ren et al.

    Fully CCA2 secure identity based broadcast encryption without random oracles

    Inf. Process. Lett.

    (2009)
  • A. Fiat et al.

    Broadcast encryption

  • D. Boneh et al.

    Collusion resistant broadcast encryption with short ciphertexts and private keys

  • C. Delerablée et al.

    Fully collusion secure dynamic broadcast encryption with constant-size ciphertexts or decryption keys

  • A. Shamir

    Identity-based cryptosystems and signature schemes

  • D. Boneh et al.

    Identity-based encryption from the Weil pairing

There are more references available in the full text version of this article.

Cited by (0)

View full text