Group Decryption

Anonymity is one of the main concerns in group-oriented cryptography. However, most efforts, for instance, group signatures and ring signatures, are only made to provide anonymity on the sender’s point of view. There is only few work done to ensure anonymity in a cryptographic sense on the recipient’s point of view in group-oriented communications. In this paper, we formalize the notion of group decryptions. It can be viewed as an analogous of group signatures in the context of public key encryptions. In this notion, a sender can encrypt a committed message intended to any member of a group, managed by a group manager, while the recipient of the ciphertext remains anonymous. The sender can convince a verifier about this fact without leaking the plaintext or the identity of the recipient. If required, the group manager can verifiably open the identity of the recipient. We propose an efficient group decryption scheme that is proven secure in the random oracle model. The overhead in both computation and communication is independent of the group size. A full ciphertext is about 0.2K bytes in a typical implementation and the scheme is practical to protect the recipient identity in privacy-sensitive group-oriented communications.