There is no abstract available for this article.
This work was supported by National Natural Science Foundation of China (Grant No. 61472032), NSFC-Genertec Joint Fund for Basic Research (Grant No. U1636104), and Joint Research Fund for Overseas Chinese Scholars and Scholars in Hong Kong and Macao (Grant No. 61628201).
[1] Fiat A, Naor M. Broadcast encryption. In: Proceedings of the 13th Annual International Cryptology Conference, Santa Barbara, 1993. 480--491. Google Scholar
[2] Boneh D, Gentry C, Waters B. Collusion resistant broadcast encryption with short ciphertexts and private keys. In: Proceedings of the 25th Annual International Cryptology Conference, Santa Barbara, 2005. 258--275. Google Scholar
[3] Gentry C, Waters B. Adaptive security in broadcast encryption systems (with short ciphertexts). In: Proceedings of the 28th Annual International Conference on Advances in Cryptology: the Theory and Applications of Cryptographic Techniques, Cologne, 2009. 171--188. Google Scholar
[4] Naor M, Pinkas B. Efficient trace and revoke schemes. In: Proceedings of the 4th International Conference on Financial Cryptography, Anguilla, 2000. 1--20. Google Scholar
[5] Delerablée C, Paillier P, Pointcheval D. Fully collusion secure dynamic broadcast encryption with constant-size ciphertexts or decryption keys. In: Proceedings of the 1st International Conference on Pairing-Based Cryptography, Tokyo, 2007. 39--59. Google Scholar
[6] Lai J C, Mu Y, Guo F C, et al. Anonymous identity-based broadcast encryption with revocation for file sharing. In: Proceedings of the 21st Australasian Conference on Information Security and Privacy, Melbourne, 2016. 223--239. Google Scholar
| Computational complexity | Communication/storage complexity | |
| Setup | $(2n)~\cdot~E(\mathbb{G})~+1\cdot~M(\mathbb{G})$ | $(2n+1)~\cdot~l_{\mathbb{G}}$(PK), $2\cdot~l_{\mathbb{Z}_p^*}+1\cdot~l_{\mathbb{G}}$(MK) |
| KeyGen | $|U|~\cdot~(3~\cdot~E(\mathbb{G})+1\cdot~M(\mathbb{G})~+1\cdot~D(\mathbb{G}))$ (for $|U|$ users) | $|U|~\cdot~l_{\mathbb{G}}$ (${\rm~sk}_i$, for $|U|$ users) |
| Encrypt | $~2~\cdot~E(\mathbb{G})+1~\cdot~E(\mathbb{G}_T)+(|R|-1)\cdot~M(\mathbb{G})~+1\cdot~D(\mathbb{G})+1~\cdot~B$ | $2~\cdot~l_{\mathbb{G}}$ ($C_R$) |
| Decrypt | $(|R|-1)\cdot~M(\mathbb{G})~+1\cdot~D(\mathbb{G})+2~\cdot~B+~1~\cdot~D(\mathbb{G}_T)$ | $1~\cdot~l_{\mathbb{G}_T}$ (ek) |
a) $E(\cdot)$, $M(\cdot)$ and $D(\cdot)$ denote the exponentiation operation, multiplication operation and division operation in cyclic group, respectively. $B$ denotes the bilinear pairing $e:~\mathbb{G}~\times~\mathbb{G}~\rightarrow~\mathbb{G}_T$. $|U|$ and $|R|$ denote the number of users in set $U$ and $R$, respectively. $l_{\mathbb{Z}_p^*}$, $l_{\mathbb{G}}$ and $l_{\mathbb{G}_T}$ denote the length of elements in $\mathbb{Z}_p^*$, $\mathbb{G}$ and $\mathbb{G}_T$, respectively.
