Collusion Resistant Broadcast Encryption with Tight Reductions and Beyond

The issue of tight security for identity-based encryption schemes (IBE) in bilinear groups has been widely investigated and a lot of optimal properties have been achieved. Recently, a tightly secure IBE scheme in bilinear groups under the multi-challenge setting has been achieved by Chen et al. (to appear in PKC 2017), and their scheme even achieves constant-size public parameters and is adaptively secure. However, we note that the issue of tight security for broadcast encryption schemes (BE) in bilinear groups has received less attention so far. Actually current broadcast encryption systems of bilinear groups are either not tightly secure or based on non-static assumptions. In this work we mainly focus on the issue of tight security for standard broadcast encryption schemes . We construct the first tightly secure broadcast encryption scheme from static assumptions (i.e., decisional subgroup assumptions) in the selective security model by utilizing improved techniques derived from the Déjà Q framework (Eurocrypt 2014, TCC-A 2016). The proof of our construction will lead to only O(logn) or O(log λ) security loss, where n is the number of users in the system and λ is the security parameter. Following this result, we present a tightly secure non-zero inner product encryption scheme (NIPE) from decisional subgroup assumptions in the selective security model. This NIPE scheme has the same parameter sizes as our BE scheme and there is only O(logn) or O(log λ) security loss as well, where n is the dimension of the inner product space and λ is the security parameter. Finally, we further present a tightly secure functional commitment scheme (FC) for linear functions, which was introduced by Libert et al. (ICALP 16). In contrast with their scheme, which also suffers O(n) security loss during the reduction, there is only O(logn) or O(log λ) security loss in our FC scheme.