Provably CCA-Secure Anonymous Multi-Receiver Certificateless Authenticated Encryption

Multi-receiver encryption allows a sender to choose a set of authorized receivers and send them a message securely and efficiently. Only one ciphertext corresponding to the message is generated regardless of the number of receivers. Thus it is practical and useful for video conferencing systems, pay-per-view channels, distance education, and so forth. In 2010, for further protecting receivers' privacy, anonymous multi-receiver identity-based (ID-based) encryption was first discussed, and from then on, many works on the topic have been presented so far. To deal with the key escrow problem inherited from ID-based encryption (IBE), Islam et al. proposed the first anonymous multi-receiver certificateless encryption (AMRCLE) in 2014. In 2015, Hung et al. proposed a novel AMRCLE to improve the efficiency. However, we found that their security proofs are flawed, i.e., the simulation cannot be successfully performed. In this paper, we present a novel AMRCLE scheme with CCA security in confidentiality and anonymity against both Type I and Type II adversaries. Moreover, the identity of the sender of a ciphertext can be authenticated by the receiver after a successful decryption. To the best of our knowledge, the proposed scheme is the first CCA secure AMRCLE scheme, and furthermore, we also pioneer in achieving sender authentication in AMRCLE.