International Association
for Cryptologic Research

Distributed broadcast encryption (DBE) [Boneh and Zhandry - CRYPTO 2014] improves on the traditional notion of broadcast encryption by eliminating the key-escrow problem: In a DBE system, users generate their own secret keys without the help of a trusted party. Then anyone can broadcast a message for a subset S of the users, in such a way that the resulting ciphertext size is sublinear in (and, ideally, independent of) |S|. Unfortunately, the only known construction of DBE requires heavy cryptographic machinery, such as general-purpose indistinguishability obfuscation. In this work, we show that obfuscation is not necessary for DBE, and we present two DBE schemes from standard assumptions in prime-order bilinear groups. Our constructions are conceptually simple, satisfy the strong notion of adaptive security, and are concretely efficient. In fact, their performance, in terms of number of group elements and efficiency of the algorithms, is comparable with that of traditional (non distributed) broadcast encryption schemes from bilinear groups.