The Barth-Boneh-Waters Private Broadcast Encryption Scheme Revisited
This is an incremental improvement for cryptography researchers and practitioners working on secure communication protocols.
The paper revisits the Barth-Boneh-Waters private broadcast encryption scheme, identifying that it lacks origin authentication for broadcast channels and uses inefficient one-time signatures, proposing conventional public key signatures as a better alternative.
The primitive of private broadcast encryption introduced by Barth, Boneh and Waters, is used to encrypt a message to several recipients while hiding the identities of the recipients. In their construction, a recipient has to first decrypt the received ciphertext to extract the verification key for one-time signature. He then uses the verification key to check whether the ciphertext is malformed. The authors did not consider that information delivered over a channel, especially over a broadcast channel, should be authenticated as to its origin. We remark that the conventional public key signature suffices to authenticate data origin and filter out all malformed ciphertexts. We also discuss the disadvantages of the primitive of one-time signature used in their construction.