SCIENCE CHINA Information Sciences, Volume 61 , Issue 11 : 118101(2018) https://doi.org/10.1007/s11432-017-9287-6

Dual-mode broadcast encryption

More info
  • ReceivedJun 25, 2017
  • AcceptedOct 27, 2017
  • PublishedMay 21, 2018


There is no abstract available for this article.


This work was supported by National Natural Science Foundation of China (Grant No. 61472032), NSFC-Genertec Joint Fund for Basic Research (Grant No. U1636104), and Joint Research Fund for Overseas Chinese Scholars and Scholars in Hong Kong and Macao (Grant No. 61628201).


[1] Fiat A, Naor M. Broadcast encryption. In: Proceedings of the 13th Annual International Cryptology Conference, Santa Barbara, 1993. 480--491. Google Scholar

[2] Boneh D, Gentry C, Waters B. Collusion resistant broadcast encryption with short ciphertexts and private keys. In: Proceedings of the 25th Annual International Cryptology Conference, Santa Barbara, 2005. 258--275. Google Scholar

[3] Gentry C, Waters B. Adaptive security in broadcast encryption systems (with short ciphertexts). In: Proceedings of the 28th Annual International Conference on Advances in Cryptology: the Theory and Applications of Cryptographic Techniques, Cologne, 2009. 171--188. Google Scholar

[4] Naor M, Pinkas B. Efficient trace and revoke schemes. In: Proceedings of the 4th International Conference on Financial Cryptography, Anguilla, 2000. 1--20. Google Scholar

[5] Delerablée C, Paillier P, Pointcheval D. Fully collusion secure dynamic broadcast encryption with constant-size ciphertexts or decryption keys. In: Proceedings of the 1st International Conference on Pairing-Based Cryptography, Tokyo, 2007. 39--59. Google Scholar

[6] Lai J C, Mu Y, Guo F C, et al. Anonymous identity-based broadcast encryption with revocation for file sharing. In: Proceedings of the 21st Australasian Conference on Information Security and Privacy, Melbourne, 2016. 223--239. Google Scholar

  • Table 1   Performance evaluation of the RBBE scheme$^{{\rm~a})}$
    Computational complexity Communication/storage complexity
    Setup $(2n)~\cdot~E(\mathbb{G})~+1\cdot~M(\mathbb{G})$ $(2n+1)~\cdot~l_{\mathbb{G}}$(PK), $2\cdot~l_{\mathbb{Z}_p^*}+1\cdot~l_{\mathbb{G}}$(MK)
    KeyGen $|U|~\cdot~(3~\cdot~E(\mathbb{G})+1\cdot~M(\mathbb{G})~+1\cdot~D(\mathbb{G}))$ (for $|U|$ users) $|U|~\cdot~l_{\mathbb{G}}$ (${\rm~sk}_i$, for $|U|$ users)
    Encrypt $~2~\cdot~E(\mathbb{G})+1~\cdot~E(\mathbb{G}_T)+(|R|-1)\cdot~M(\mathbb{G})~+1\cdot~D(\mathbb{G})+1~\cdot~B$ $2~\cdot~l_{\mathbb{G}}$ ($C_R$)
    Decrypt $(|R|-1)\cdot~M(\mathbb{G})~+1\cdot~D(\mathbb{G})+2~\cdot~B+~1~\cdot~D(\mathbb{G}_T)$ $1~\cdot~l_{\mathbb{G}_T}$ (ek)

    a) $E(\cdot)$, $M(\cdot)$ and $D(\cdot)$ denote the exponentiation operation, multiplication operation and division operation in cyclic group, respectively. $B$ denotes the bilinear pairing $e:~\mathbb{G}~\times~\mathbb{G}~\rightarrow~\mathbb{G}_T$. $|U|$ and $|R|$ denote the number of users in set $U$ and $R$, respectively. $l_{\mathbb{Z}_p^*}$, $l_{\mathbb{G}}$ and $l_{\mathbb{G}_T}$ denote the length of elements in $\mathbb{Z}_p^*$, $\mathbb{G}$ and $\mathbb{G}_T$, respectively.