• identity-based encryption;
  • multi-receiver;
  • multiple domain;
  • bilinear pairings


In The International Conference on Practice and Theory in Public-Key Cryptography (PKC)'05, Baek et al. proposed the first multi-receiver identity-based encryption scheme. Their scheme is highly efficient in that it only needs one pairing computation to encrypt a single message for n receivers. However, the application scenario considered by Baek et al. is merely the ideal “single domain environment,” where all the n receivers are from the same administrative domain. When used in the real-world application scenario where the n receivers are from l different administrative domains (i.e., a multiple domain environment), their scheme becomes inefficient as it requires l pairing computations for one message. In this paper, we present an efficient multiple domain multi-receiver identity-based encryption scheme that only requires “one” pairing computation to encrypt a single message for n receivers from l different administrative domains. We prove the security of the new scheme under the modified decisional bilinear Diffie–Hellman assumption in the random oracle model. In addition, the new scheme can be extended to be adaptive chosen ciphertext secure under the gap modified bilinear Diffie–Hellman assumption. Copyright © 2013 John Wiley & Sons, Ltd.