Adaptively secure broadcast encryption with authenticated content distributors

In public key broadcast encryption systems, anyone could run the encryption algorithm to broadcast messages by using the public parameters. The unsupervised broadcast strategy allows malicious users (even though someone outside the system with the intentionally divulged public parameters) to distribute junk messages without responsibility. Consequently, content distributor authentication is essential for broadcast encryption systems to forbid spreading of junk information. In this work, we devise a solution for public key broadcast encryption system with adaptive security to resolve the aforementioned vicious broadcaster problem, which is neglected in the previous related works. In our scheme, any user could distribute an encryption of messages with both public parameters and his/her own secret keys, and each message is associated to its broadcaster. The construction is based on the composite order bilinear groups and its adaptive security depends on the hardness of the general subgroup decisional assumptions. Furthermore, this allows our scheme to be flexible in terms on the overhead of ciphertexts, which is constant sized. Compared with previous related broadcast encryption systems constructed in the composite order bilinear groups, our scheme inherits the superiority of adaptive security based non-interactive falsifiable assumption, and simultaneously achieves the optimal ciphertext overhead and the authentication of broadcasters.