Cloud assisted semi-static secure accountable authority identity-based broadcast encryption featuring public traceability without random oracles

Cloud computing has gained widespread popularity in the industry and academia and rapidly becomes an integral part of our everyday life. It offers several benefits including reduced cost on technical support for data backups, saving electric power and maintenance cost. These encourage the major industry players like Google, IBM, Microsoft to invest into cloud storage with the goal to extend the spectrum of cloud-based services from open public to closed private. One of the crucial challenges in cloud computing is the security of outsourced data. Sharing sensitive data among multiple users under the same domain in a secure and efficient way requires technical solutions. Identity-based broadcast encryption (IBBE) is an important building block in cryptography. This is a one to many encryption that broadcasts a message to many identities. In this paper, we address the key escrow problem of IBBE. As private key generator (PKG) generates secret keys for users, it has the capability to decrypt the ciphertext and recover the message. The accountable authority IBBE was introduced to give accountability in IBBE, where white-box A-IBBE can differentiate the creator of a given pirated private key between the PKG and suspected user and black-box A-IBBE can further trace the creator of a decoder box. In our construction, we have established the secret key by using zero-knowledge proof between the user and PKG. The decryption key is held by the user only. This restricts PKG to re-distribute keys maliciously and solves the key escrow problem. Inspired by the work of Zhao et al., we develop an accountable authority identity-based broadcast encryption scheme (A-IBBE). Our construction is the first publicly traceable weak black-box A-IBBE scheme secure against the indistinguishability under chosen-identity and chosen-plaintext attack in the standard model. We support the conjectured security of our candidate by analysis and prove its security without using any random oracle under the hardness of the decision bilinear Diffie-Hellman exponent (DB-DHE) sum problem. Another interesting feature of our scheme is that it features a constant size secret key and ciphertext. More positively, when contrasted with the existing similar schemes, our scheme exhibits favorable results in terms of secret key size and ciphertext length with constant number of pairing computations.