Wireless Communications and Mobile Computing

Volume 2018, Article ID 5702068, 10 pages

https://doi.org/10.1155/2018/5702068

## An Anonymous Multireceiver with Online/Offline Identity-Based Encryption

^{1}School of Computer Science and Engineering, University of Electronic Science and Technology of China, Chengdu 611731, China^{2}School of Medical Information Engineering, Jining Medical University, Rizhao 272067, China^{3}School of Computer Science, Nanjing University of Posts and Telecommunications, Nanjing 210003, China

Correspondence should be addressed to Fagen Li; nc.ude.ctseu@ilnegaf

Received 2 March 2018; Revised 21 May 2018; Accepted 13 June 2018; Published 12 August 2018

Academic Editor: Mohammad Shojafar

Copyright © 2018 Qihua Wang et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

#### Abstract

Anonymous multireceiver encryption scheme can not only protect the privacy of the receiver but also ensure the security of message. However, the computational cost of this scheme is very large. It is not suitable for the sender which has limited resources, such as mobile devices and sensor nodes. In this work, an anonymous multireceiver online/offline identity-based encryption is proposed based on offline/online and identity-based encryption (IBE). In identity-based encryption scheme, the sender can encrypt the message using the unique information of the user (such as identity number or e-mail address) as its public key. The receiver obtains the private key from a central authority. For mobile device with limited resource, the online/offline encryption scheme can reduce the computational cost. Compared to the previous anonymous multireceiver schemes, the proposed scheme can efficiently encrypt message with offline/online method and ensure the anonymity of receivers. The analysis results also show that our scheme is efficient in terms of computational cost by comparing to the previous works.

#### 1. Introduction

Multireceiver communication [1] is a crucial way to send and receive message. It can effectively solve the problem of key management and data sending. Multireceiver encryption also is converted to broadcast encryption [2] in certain extent. In multireceiver encryption strategy, the sender/encryptor can select any receiver. In broadcast encryption scheme, the sender/encryptor sends message to a group of users; only the legal uses can decrypt the ciphertext. This scheme is widely used in pay-TV applications, the distribution of copyright materials, etc.

In [3], the authors use the idea of identity-based encryption (IBE for short) for reference. The identity information of the receiver is converted to a public key. The receiver’s private key which is distributed by a Key Generator Center (KGC) is connected with the identity information. The receiver can use the private key to decrypt the ciphertext. In [4], Lu and Hu addressed a pairing based multireceiver encryption scheme which can broadcast sensitive information in a complex environment, but it did not protect the privacy of the users. That is to say, this scheme cannot reach the anonymity of the users. A secure and efficient anonymous multireceiver IBE scheme was proposed in [5]. Based on [5], an anonymous multireceiver IBE scheme was improved by Wang et al. [6]. The proposed method cannot truly attain the anonymity of the receiver's information, and the receiver's privacy was not protected. In [5, 6], a legal receiver can easily verify whether a specific user is one of the legal receiver or not using only two bilinear pairing computational costs. Li et al. [7] analyzed the security vulnerabilities that exist in [6], but they did not give specific solutions. In order to deal with the privacy of the legal receivers, a really anonymous multireceiver IBE scheme was proposed in [8]. In the proposed scheme, all users can receive the broadcast ciphertext of the sender/encryptor, but only the receiver which was selected by the sender/encryptor can decrypt the ciphertext information. No one except the sender knows who the receiver is. The key issue of this scheme is how to design encryption scheme by using Lagrange interpolation function. Chien [9] proposed an improved scheme which can achieve the receiver’s anonymity and enhance the security of the message. However, in encryption phase, this scheme requires a number of bilinear pairing operations which is proportional to the number of receivers. He et al. [10] addressed an efficient certificateless anonymous multireceiver encryption scheme according to elliptic curve cryptography for devices with limited resources. The anonymous multirecipient IBE scheme can be used in pay per-view TV channel and sensitive program order. The receiver does not want any other receivers to know his or her identity information.

In IBE, the computational cost of multiplication and exponentiation operations in groups is larger. It takes much more time and battery power to execute exponential operations for the receiver with limited energy such as mobile phones or mobile devices. In IBE, data encryption needs bilinear pairing operation which can increase the runtime of encryption because the computational cost of bilinear pairing operation is very large. It is difficult to complete the encryption task in a short time for lightweight devices such as wireless sensor nodes or smart cards. Moreover, the anonymous multireceiver IBE takes more time compared to standard IBE.

One challenge in the anonymous multireceiver IBE is that the added functionality may increase the computation cost compared to standard public key cryptography. Online/offline technology can effectively reduce encryption time. The first online/offline IBE scheme was proposed by Guo et al. [11]. The scheme divided the encryption process into two stages: online stage and offline stage. In offline stage, the complex operation is preprocessed. In online encryption stage, the sender performs simple operations and generates the ciphertext. The online phase would be very fast. Moreover, it requires little computational cost in this phase. The online/offline encryption strategy is more suitable for lightweight equipment such as wireless sensor nodes or smart cards [12, 13]. Online/offline identity-based encryption scheme has attracted extensive attention, and series of research results have emerged [14–16]. Recently online/offline technology is also used in attribute-based encryption [17, 18]. However, previous literatures did not apply the online/offline scheme to the anonymous multireceiver IBE.

In this article, we concentrate on multireceiver IBE scheme that takes into consideration online/offline encryption. The offline information cannot be reused in previous work. In our proposed scheme, a few operations can be done in offline phase. The offline ciphertext which is computed in offline phase can be reused for the same receiver sets. This method can reduce the computation cost for the senders when they encrypt the message to the same receive sets.

Our motivating application for the work in this way is mobile device with limited resources. The preparation computation can be done while the mobile device is plugged into a power supply, and then when it is on the move without plugging, it performs the encryption operations with little computational cost.

The structure of this work is organized as follows. Section 2 reviews the cryptographic backgrounds and Section 3 describes an anonymous multireceiver online/offline identity-based encryption. The security proof and performance analysis are given in Section 4. Finally, Section 5 is the conclusions of this work.

#### 2. Preliminary

Some fundamental backgrounds related to this work are given in this section.

##### 2.1. Lagrange Interpolation Theorem

Fitting the curve through these points can be expressed as follows [6]:where for each is mapped by identity information of the receiver.

##### 2.2. Bilinear Maps

Let and be two multiplicative cyclic groups with the same prime order . Let be a generator of . Let be a bilinear map which has the following properties [19]:(1)Bilinearity: and , (2)Nondegeneracy: , such that . 1 denotes the identity element of .(3)Computability: ; there is an efficient polynomial algorithm to calculate

According to the bilinearity, the bilinear mapping has the following specific property:

##### 2.3. Hard Problems

The following security assumptions are used in many encryption schemes. We will use them to deal with some problems in our scheme. In our paper, denotes the generator of .(1)Computational Diffie-Hellman problem: given for any , compute (2)Bilinear Diffie-Hellman (BDH) problem: given for some compute .(3)Cobilinear Diffie-Hellman (Co-BDH) problem [6]: given for any and , compute .(4)Codecision bilinear Diffie-Hellman (Co-DBDH) problem [6]: given for any , and , decide whether .(5)Codecision bilinear Diffie-Hellman (Co-DBDH) assumption [5]: an algorithm with an output has advantage in solving the Co-DBDH problem if (6)Given two groups and of the same prime order , , , a generator of , and a bilinear map -bilinear Diffie-Hellman inversion (-BDHI) problem is to compute .(7)Given two groups and of the same prime order , , , , a generator of , and a bilinear map the modified bilinear inverse Diffie-Hellman (mBIDH) problem is to compute .

##### 2.4. Security Definition

According to the works [3, 5, 6], a general model and security formalization problem is given. Security formalization problem is indistinguishability encryptions of chosen ciphertext attacks, under selective multi-ID (IND-CCA-sMID for short) [5, 6]. The notion of IND-CCA-sMID is given as follows.

*Definition 1 ((IND-CCA-sMID) [5, 6]). *Let be a polynomial-time algorithm attacker. Symbol denotes a general multireceiver IBE scheme. Attacker interacts with the challenger in the following steps.*Setup*. The challenger executes the setup algorithm. Attacker attains the resulting public parameters from challenger. The attacker does not know any information about private key. The challenger keeps the master key secret.*Phase 1*. outputs multiple targets identities where denotes a positive integer.*Phase 2*. publishes private key extraction queries. When a private key extraction query with identity is received, the challenger obtains private key by running the private key extraction algorithm. The only constraint is that for *Phase 3*. publishes decryption queries for target identity information. When a decryption query denoted by for some is received, the challenger creates a private key which is denoted by associated with identity information The challenger returns the information to .*Challenge*. outputs a target plaintext message pair ; the challenger randomly selects and creates a target ciphertext information Ciphertext is given to by the challenger.*Phase 4*. publishes the private key extraction queries and decryption queries for target identities, and query methods are the same as in phase 2 and phase 3, respectively. Restrictive condition is that *Guess*. To the end, outputs the result of conjecture We can say that wins the game if . conjecture advantage is defined as follows:Our scheme is said to be -IND-CCA-sMID secure if the conjecture advantage of any attacker with polynomial running time is less than .

breaks IND-CCA-sMID of with if and only if the conjecture advantage of the attack is not less than with the running time . and denote the number of private of key extraction queries and decryption queries, respectively. Scheme is said to be - IND-CCA-sMID secure if there is no polynomial-time algorithm attacker with that can break IND-CCA-sMID of scheme .

#### 3. The Proposed Encryption Scheme

In this section, we introduce a novel anonymous multireceiver IBE on the basis of offline/online encryption. Our scheme ensures both the confidentiality of the information and the anonymity of the receiver. The process of our encryption scheme is given in Figure 1. As shown in Figure 1, the system framework comprises three types of participants:* Sender, Receiver*, and* KGC.*