Fully CCA2 secure identity based broadcast encryption without random oracles

In broadcast encryption schemes, a broadcaster encrypts messages and transmits them to some subset S of users who are listening to a broadcast channel. Any user in S can use his private key to decrypt the broadcast. An identity based cryptosystem is a public key cryptorsystem where the public key can be represented as an arbitrary string. In this paper, we propose the first identity based broadcast encryption (IBBE) scheme that is IND-ID-CCA2 secure without random oracles. The public key and ciphertext are constant size, and the private key size is linear in the total number of receivers. To the best of our knowledge, it is the first IBBE scheme that is fully CCA2 secure without random oracles. Moreover, our IBBE scheme is collusion resistant for arbitrarily large collusion of users. (C) 2009 Elsevier B.V. All rights reserved.