Collusion resistant broadcast encryption with short ciphertexts and private keys.
Adaptive CCA Broadcast Encryption with Constant-Size Secret Keys and Ciphertexts.
Identity-Based Broadcast Encryption with Constant Size Ciphertexts and Private Keys.
An AE scheme allows the signer to produce an authenticated ciphertext such that only the designated recipient has the ability to recover the message and verify its signature.
The signer can generate an authenticated ciphertext and only the designated recipient has the ability to verify it.
The signer will generate an authenticated ciphertext and deliver it to the designated recipient.
It would be desirable to have an acceptably secure encryption process that would render a database of identifying information useless to an attacker without a key, but that would produce ciphertext in the same formatas the plaintext.
Ciphertext (data in encrypted form) bears roughly the same resemblance to plaintext (data in its original form) as a hamburger does to a T-bone steak.
In this case, any possible encryption/decryption oracle is destroyed, and the best that an attacker can do, short of finding a way to recorrelate the data with plaintext by breaking into internal databases, is to examine the ciphertext.
The ciphertext size is independent of the level of the hierarchy.
But the ciphertext length is linear in the depth of the hierarchy.
IND-ID-CCA2: Boneh and Franklin defined chosen ciphertext security for IBE systems under a chosen ciphertext attack via the following game [6,8].