Server-aided identity-based anonymous broadcast encryption

A broadcast encryption scheme enables a broadcaster to send an encrypted message to the multiple privileged users. In identity-based broadcast encryption schemes, a broadcaster typically encrypts a message by combining public identities of receivers and system parameters, which therefore reveals identities of receivers to the public and raised a concern on user privacy. On the other hand, identity-based systems generally require pairing computations which are computationally costly. It would be desirable if pairing computations could be avoided in resource constrained devices. The aim of this paper is to provide the solutions to these problems by introducing a new concept called server-aided identity-based anonymous broadcast encryption. We formalise the notion of server-aided identity-based anonymous broadcast encryption and present a construction in the random oracle model based on pairings that achieve anonymity under adaptive corruptions in the chosen-plaintext setting. Comparing with other broadcast encryption schemes, our scheme requires less computation cost for encryption and decryption while preserving receiver's privacy