Efficient dynamic threshold identity-based encryption with constant-size ciphertext

This paper revisits the notion of dynamic threshold identity-based encryption, due to the recent practical interest. In this notion, an encryptor selects n recipients and a threshold value t for the creation of the ciphertext. The plaintext can only be recovered if at least t receivers cooperate. The key issue in this notion is its dynamicity, where after the users enroll to the system, the sender can dynamically select the set of recipients as well as dynamically set the threshold t upon the creation of the ciphertext. Another essential feature of this notion is the need for a constant-size ciphertext. Interestingly, the work by Delerablée and Pointcheval in Crypto 2008 is the only work that achieves this essential feature. In this work, we propose a new scheme achieving all of these nice properties with significant improvements in terms of the computational efficiency (both the encryption and decryption). In our scheme, there is no need to conduct any encryption and decryption using additional dummy users, which are not part of the recipient group, which is in contrast to Delerablée and Pointcheval's work. This improvement has significantly reduced the amount of computations required in both encryption and decryption algorithms.