Daza, VanesaHerranz, JavierMorillo, PazRàfols, Carla2019-09-132019-09-132007Daza V, Herranz J, Morillo P, Ràfols C. CCA2-secure threshold broadcast encryption with shorter ciphertexts. In: Susilo W, Liu JK, Mu Y, editors. ProvSec 2007: Provable Security First International Conference. Proceedings; 2007 Nov 1-2; Wollongong, Australia. Berlin: Springer; 2007. p. 35-50. (LNCS; no. 4784). DOI: 10.1007/978-3-540-75670-5_3http://hdl.handle.net/10230/42275Comunicació presentada a: ProvSec 2007: Provable Security First International Conference, celebrada de l'1 al 2 de novembre de 2007 a Wollongong, Austràlia.In a threshold broadcast encryption scheme, a sender chooses (ad-hoc) a set of n receivers and a threshold t, and then encrypts a message by using the public keys of all the receivers, in such a way that the original plaintext can be recovered only if at least t receivers cooperate. Previously proposed threshold broadcast encryption schemes have ciphertexts whose length is O(n). In this paper, we propose new schemes, for both PKI and identity-based scenarios, where the ciphertexts’ length is O(n − t). The construction uses secret sharing techniques and the Canetti-Halevi-Katz transformation to achieve chosen-ciphertext security. The security of our schemes is formally proved under the Decisional Bilinear Diffie-Hellman (DBDH) Assumption.application/pdfeng© Springer The final publication is available at Springer via https://doi.org/10.1007/978-3-540-75670-5_3info:eu-repo/semantics/conferenceObjecthttp://dx.doi.org/10.1007/978-3-540-75670-5_3info:eu-repo/semantics/openAccess