In a threshold broadcast encryption scheme, a sender chooses (ad-hoc) a set of $n$ receivers and a threshold $t$, and then encrypts a message by using the public keys of all the receivers, in such a way that the original plaintext can be recovered only if at least $t$ receivers cooperate. Previously proposed threshold broadcast encryption schemes have ciphertexts whose length is at least $n + \O(1)$. In this paper, we propose new schemes, for both PKI and identity-based scenarios, where the ciphertexts' length is $n-t + \O(1)$. The constructions use secret sharing techniques and the Canetti-Halevi-Katz transformation to achieve chosen-ciphertext security. The security of our schemes is formally proved under the Decisional Bilinear Diffie-Hellman (DBDH) Assumption.
Links:
[1] http://www.iiia.csic.es/en/individual/javier-herranz
[2] http://www.iiia.csic.es/en/individual/vanes-daza
[3] http://www.iiia.csic.es/en/individual/paz-morillo
[4] http://www.iiia.csic.es/en/individual/carla-rafols
[5] http://www.iiia.csic.es/en/publications/export/tagged/2784
[6] http://www.iiia.csic.es/en/publications/export/xml/2784
[7] http://www.iiia.csic.es/en/publications/export/bib/2784
[8] http://www.iiia.csic.es/en/project/ares
[9] http://www.iiia.csic.es/en/project/e-aegis-db-privacy