Wildcarded identity-based encryption (WIBE) is an encryption system where one can encrypt messages to multiple users by specifying a pattern, which is a set of identity strings or wildcards. It is a useful primitive for practical applications where users are defined with multiple attributes (or affiliations), such as organization networks or IoT firmware updates. However, the ciphertext size in traditional WIBE schemes are linear to the number of wildcards in the pattern; since the ciphertext size determines the payload in network systems, it degrades the practicality when deployed in transmission-sensitive systems. In this paper, we represent scalable wildcarded identity-based encryption (SWIBE), which achieves a constant-size ciphertext regardless of the number of wildcards (or depth of patterns). the SWIBE scheme also allows the wildcard usage key derivation as well as encryption: a user with wildcarded pattern can delegate keys for the fixed pattern. Compared to the existing WIBE schemes, the SWIBE scheme is the first approach to yield constant-size ciphertext. Moreover, SWIBE also improves encryption time and decryption time while maintaining a key size of 2L, comparable to the key size of L in WIBE schemes (where L is a depth of the pattern). The experimental results show that the decryption time is 3 to 10 times faster than the existing WIBE schemes, and 650 times faster than the attribute-based encryption with constant-size ciphertext. For the security, we first propose the selective-CPA-secure SWIBE scheme in a prime order bilinear group and extend it to be selective-CCA-secure. Then we also propose a fully-secure SWIBE scheme which can overcome the selective security.
Attribute-based encryption implies identity-based encryption
