Protecting Receivers ’ Identities in Secure Data Distribution

In the standard setting of broadcast encryption, information about the receivers is transmitted as part of the ciphertext. In several broadcast scenarios, however, the identities of the users authorized to access the content are often as sensitive as the content itself. In this paper, we propose the first broadcast encryption scheme to attain meaningful guarantees of receiver anonymity with ciphertexts that are sublinear in the number of authorized users. We formalize the notion of outsider-anonymous broadcast encryption(oABE), and describe generic constructions in the standard model that achieve outsideranonymity under adaptive corruptions in the chosen-plaintext and chosen-ciphertext settings. We also describe two constructions with enhanced decryption, one under the gap Diffie-Hellman assumption, in the random oracle model, and the other under the decisional Diffie-Hellman assumption, in the standard model.