Fully anonymous identity-based broadcast signcryption with public verification

In the multicast communication scenario, compared with broadcast encryption, broadcast signcryption or multi-receiver signcryption has additional ability to authenticate the source of the message. With the enhanced awareness of privacy preservation, ordinary users pay more attention to the identity leakage in the communication process. The primitive of anonymous broadcast signcryption has been proposed to solve this problem, which provides additional anonymity compared with the existing broadcast signcryption. However, most anonymous broadcast signcryption schemes only ensure the sender's identity concealment but ignore the anonymity of the receiver set. In this paper, we present a fully anonymous identity-based broadcast signcryption scheme, which meets insider unforgeability, outsider confidentiality, identity concealment of sender and full anonymity of the receiver set. In addition, our scheme has two further desirable characteristics. One is public verifiability which means any third party can verify the validity of the message source without knowing the private key provided by the receiver. The other is statelessness which means the user does not need to update the private key due to the join or revocation of other users. Moreover, our scheme has constant-size public parameters and private key as well as constant decryption complexity, which makes the scheme more suitable for deployment in devices with limited storage or low computing power such as IoT devices.