Adaptively Secure Broadcast Encryption with Short Ciphertexts

We propose an adaptively secure broadcast encryption scheme with short ciphertexts, where the size of broadcast encryption message is fixed regardless of the size of the broadcast group. In our proposed scheme, members can join and leave the group without requiring any change to public parameters of the system or private keys of existing members. Our construction has a twofold improvement over previously known best broadcast encryption schemes. First, we propose a scheme that immediately yields adaptive security without any increase in the size of ciphertexts or use of a random oracle. Secondly, the proof of security in the proposed scheme is defined in a stronger security model closely simulating an adversary in real world. In our security model, the adversary can selectively query private keys of the group members after the setup and can receive decryption of broadcast encryption messages at any given time.