Compact IBBE and Fuzzy IBE from Simple Assumptions.

We propose new constructions for identity-based broadcast encryption (IBBE) and fuzzy identity-based encryption (FIBE) in bilinear groups of composite order. Our starting point is the IBBE scheme of Delerablee (Asiacrypt 2007) and the FIBE scheme of Herranz et al. (PKC 2010) proven secure under parameterised assumptions called generalised decisional bilinear Diffie-Hellman (GDDHE) and augmented multi-sequence of exponents Diffie-Hellman (aMSE-DDH) respectively. The two schemes are described in the prime-order pairing group. We transform the schemes into the setting of (symmetric) composite-order groups and prove security from two static assumptions (subgroup decision). The Deja, Q framework of Chase et al. (Asiacrypt 2016) is known to cover a large class of parameterised assumptions (dubbed fiber assumption), that is, these assumptions, when defined in asymmetric composite order groups, are implied by subgroup decision assumptions in the underlying composite-order groups. We argue that the GDDHE and aMSEDDH assumptions are not covered by the Deja, Q iiber assumption framework. We therefore work out direct security reductions for the two schemes based on subgroup decision assumptions. Furthermore, our proofs involve novel extensions of Deja, Q techniques of Wee (TCC 2016A) and Chase et al. Our constructions have constant-size ciphertexts. The IBBE has constant-size keys as well and guarantees stronger security as compared to Delerablee's IBBE, thus making it the first compact IBBE known to be selectively secure without random oracles under simple assumptions. The fuzzy IBE scheme is the first to simultaneously feature constant-size ciphertexts and security under standard assumptions.