Tight Adaptively Secure Broadcast Encryption with Short Ciphertexts and Keys

We present a new public key broadcast encryption scheme where both the ciphertext and secret keys consist of a constant number of group elements. Our result improves upon the work of Boneh, Gentry and Waters (Crypto'05) as well as several recent follow-ups (TCC'16A, Asiacrypt'16) in two ways: (i) we achieve adaptive security instead of selective security, and (ii) our construction relies on the decisional k-Linear Assumption in prime-order groups (as opposed to q-type assumptions or subgroup decisional assumptions in composite-order groups); our improvements come at the cost of a larger public key. Finally, we show that our scheme achieves adaptive security in the multi-ciphertext setting with a security loss that is independent of the number of challenge ciphertexts.