Anonymous Identity Based Broadcast Encryption against Continual Side Channel Attacks in the State Partition Model

: In the past 10 years, many side-channel attacks have been discovered and exploited one after another by attackers, which have greatly damaged the security of cryptographic systems. Since no existing anonymous broadcast encryption scheme can resist the side-channel attack, the paper presents an anonymous identity-based broadcast encryption against continual side-channel attacks in the state partition model (CLR-SS-AIBBE). Based on split-state technology, the proposed scheme divides the private key into two states, and the decryption operations are correspondingly divided into two steps. Based on the three static hypotheses for a bilinear group with composite order, the proposed scheme can be proved to be fully secure by the dual system encryption technology in the standard model. The leakage ratio about the private key can reach 1/3.


Introduction
In the past 10 years, cryptography has made great progress in expanding the adversary model to cover side-channel attacks [1][2][3][4], and researchers have built some provably secure cryptographic schemes that can resist some side-channel attacks. In most theoretical work, it is assumed that the participants have complete confidentiality to their local computation. The attacker may only obtain the signature of the selected plaintext or the decryption of the selected ciphertext, but it is usually assumed that the signature or encryption process itself is completely secret to the adversary. In particular, theoretically, the related information of the private key that an adversary can obtain is only contained in a clear boundary, such as signature or decryption. Such adversaries are sometimes called "black box" attackers. Goldwasser and Micali pioneered work for modern cryptography. Based on some computational complexity assumptions, they proved the security of many cryptographic schemes under the black box model, such as encryption [5], signature [6] and the zero-knowledge proof [7].
However, real attackers do not always follow such clear boundaries. Various successful side-channel attacks have proven that the key information and internal state information related to the specific calculation may be leaked to a certain adversary. Since each cryptographic algorithm is ultimately implemented on the physical platform, it will inevitably affect the surrounding environment in a measurable way. The side-channel attack obtains secret information about the cryptographic system by measuring the surrounding environment of the machine that is executing the related algorithms. For example, an attacker obtains the relevant confidential information of the cryptographic system by measuring and analyzing the time [4] or the electromagnetic radiation [8] of the specific algorithm. Through the "cold start" attack [9], if an adversary can access the corresponding physical device, it can recover part of the key of the cryptographic system even when the power has just been cut off. Side-channel attacks [10,11] allow processes to violate isolation boundaries and read information from other processes on the same machine. In other words, the real attacker may not be the black box.
The emergence of side-channel attacks leads cryptographers to reevaluate the black box model and create new adversary models and provable security schemes. This work is called leakage-resilient cryptography.
As leakage-resilient cryptography is a relatively young research direction of cryptography, the theory and practice of leakage-resilient cryptography have made remarkable achievements in the past decade.

Leakage-Resilient Cryptography
Leakage-resilient (LR) cryptosystems are the cryptographic systems that are secure against side-channel attacks. The attack capability depends on specific limitations, which are usually abstracted as a leak function in the security model. According to different restrictions on the leakage function, the current leakage-resilient cryptography models are mainly as follows.
(1) "Only calculation leaks" Micali et al. [12] proposed the concept of "only calculation leaks" (OCL): it is required that the leakage can only occur in the computing portion, so the portion that does not participate in the computing does not leak information. The total leakage amount and the leakage function form are not limited. In this model, Dziembowski et al. [13] proposed a secure stream cipher scheme. Goldwasser et al. [14] constructed one time scheme, which was later widely used in other schemes.
(2) Bounded-leakage model For a cold start attack, even parts that do not participate in the computation can leak information. To solve this problem, Akavia et al. [15] gave the concept of bounded-leakage model (BLM). It is required that the leakage function has a bounded output. Naor et al. [16] extended the concept of bounded leakage and presented the entropy-bounded-leakage model. There is no requirement on the output length about the leakage function, only that the system's secret information derived from the leakage function has a bounded entropy loss.
Akavia et al. [15] gave a specific public key encryption (PKE) scheme and an identitybased encryption scheme, which are leakage-resilient. Naor et al. [16] used the hash proof system (HPS) to obtain an encryption scheme with chosen plaintext attack (CPA) security and an encryption scheme with chosen ciphertext attack (CCA2) security, which resist side-channel attacks. The leakage rate of the private key for their scheme with CCA2 security can only reach one-sixth. Luo et al. [17] proposed a lattice-based PKE scheme. The paper [18] presented an effective LR PKE. The work [19] used anonymous HPS to construct an anonymous LR PKE. Li et al. [20] gave an efficient leakage-resilient identity-based encryption scheme.
Following the basic requirement of the "only calculation leaks" model and boundedleakage model, Prouf et al. [21] introduced the noise-leakage model, which can capture the power consumption and electromagnetic leakage well. Duc et al. [22] proposed the random detection model, which includes noise leakage.
Unlike the construction of LR cryptosystems through specific number theory and algebraic hypothesis, Hazay et al. [23] constructed LR PKE schemes through any standard PKE under general and minimum assumptions. Only if a one-way function exists, then they can construct LR symmetric key encryption, etc.
Galindo et al. [24] weakened the limitations on the leakage function and only required that the output of the leakage function has sufficient minimum entropy. What is more, they did not limit the amount of leakage. The safety of their scheme was proven by using the general bilinear group theory. They proposed a scheme that was easily implemented by coding technology, and the scheme was implemented by software based on the MIRACL library.
Genkin et al. [25] designed hardware devices for the zero-knowledge proof and general multiparty computation. This construction can unconditionally capture the "only calculation leaks" of the real side-channel attack. They provided different tradeoffs between efficiency and security.
(3) Continual leakage model When the side-channel attack continues, the leakage may gradually increase and eventually exceed the given limit. BLM cannot solve this problem. Both refs. [26,27], respectively, presented the concept of the continuous-leakage model (CLM). Their main idea is to refresh the secret key periodically. The restrictions are that the leakage is bounded between two consecutive updates. The leakage of the whole process can be unlimited. The paper [28] gives a dynamic secret-sharing scheme with continual leakage resilience by using the state partition technique. The paper [29] proposed a hierarchical attribute-based encryption that resists a continuous-leakage attack.
The relationship about the three leakage models is given in Figure 1. plemented by coding technology, and the scheme was implemented by software based on the MIRACL library. Genkin et al. [25] designed hardware devices for the zero-knowledge proof and general multiparty computation. This construction can unconditionally capture the "only calculation leaks" of the real side-channel attack. They provided different tradeoffs between efficiency and security.
(3) Continual leakage model When the side-channel attack continues, the leakage may gradually increase and eventually exceed the given limit. BLM cannot solve this problem. Both refs. [26,27], respectively, presented the concept of the continuous-leakage model (CLM). Their main idea is to refresh the secret key periodically. The restrictions are that the leakage is bounded between two consecutive updates. The leakage of the whole process can be unlimited. The paper [28] gives a dynamic secret-sharing scheme with continual leakage resilience by using the state partition technique. The paper [29] proposed a hierarchical attribute-based encryption that resists a continuous-leakage attack.
The relationship about the three leakage models is given in Figure 1. The "only calculation leaks" model allows information leakage only in the part currently performing the calculation of a cryptographic system. If we consider that there may be information leakage in the part that does not participate in calculation, the bounded-leakage model can solve the problem. In order to solve the problem that the leaked information will gradually exceed the given limit, given that it is necessary to update the key periodically, the continuous-leakage model is produced.

Identity-Based Broadcast Encryption
Ref. [30] provided the broadcast encryption (BE) scheme. From then on, many BE schemes have been proposed [31][32][33]. Broadcast encryption is widely used to multicast communication, copyright management, et al. For example, to solve the redundancy problem in information transmission for the vehicular ad hoc network, Zhong et al. [34] used broadcast encryption as the secure data sharing scheme from vehicle to infrastructure communication mode.
Ref. [35] constructed the first identity-based BE (IBBE) under the random oracle model (ROM). Since then, scholars have conducted in-depth research on IBBE from the aspects of efficiency and special performance, obtaining many achievements. Ren et al. [36] designed an IBBE scheme and proved its security in the standard model (STDM). In their proposed scheme, the length of ciphertext and public key are fixed. Zhang et al. [37] gave an IBBE in STDM and proved its security with dual-system technology. Their scheme has a fixed private key and ciphertext length. The anonymous IBBE constructed by Libert et al. [38] has a ciphertext that is not fixed in length and is positively related to the number of recipients.
The anonymous IBBE given by Zhang et al. [39] has a fixed ciphertext length, but the key is too long. The scheme is provably safe under STDM through dual-system technology. Li et al. [40] gave an anonymous certificate-based broadcast encryption. Lai The "only calculation leaks" model allows information leakage only in the part currently performing the calculation of a cryptographic system. If we consider that there may be information leakage in the part that does not participate in calculation, the boundedleakage model can solve the problem. In order to solve the problem that the leaked information will gradually exceed the given limit, given that it is necessary to update the key periodically, the continuous-leakage model is produced.

Identity-Based Broadcast Encryption
Ref. [30] provided the broadcast encryption (BE) scheme. From then on, many BE schemes have been proposed [31][32][33]. Broadcast encryption is widely used to multicast communication, copyright management, et al. For example, to solve the redundancy problem in information transmission for the vehicular ad hoc network, Zhong et al. [34] used broadcast encryption as the secure data sharing scheme from vehicle to infrastructure communication mode.
Ref. [35] constructed the first identity-based BE (IBBE) under the random oracle model (ROM). Since then, scholars have conducted in-depth research on IBBE from the aspects of efficiency and special performance, obtaining many achievements. Ren et al. [36] designed an IBBE scheme and proved its security in the standard model (STDM). In their proposed scheme, the length of ciphertext and public key are fixed. Zhang et al. [37] gave an IBBE in STDM and proved its security with dual-system technology. Their scheme has a fixed private key and ciphertext length. The anonymous IBBE constructed by Libert et al. [38] has a ciphertext that is not fixed in length and is positively related to the number of recipients.
The anonymous IBBE given by Zhang et al. [39] has a fixed ciphertext length, but the key is too long. The scheme is provably safe under STDM through dual-system technology. Li et al. [40] gave an anonymous certificate-based broadcast encryption. Lai et al. [41] gave an IBBE from inner products with fixed private key length, which supported infinite private key query in ROM. Jiang et al. [42] proposed an efficient IBBE with keyword search in cloud computing. It provides data retrieval and resists internal attack. Zhao et al. [43] presented a weak black box IBBE scheme in ROM, which has fixed private key size and public traceability for ciphertext. The tracking was performed through employing a public key of some suspicious user instead of its private key. Chen et al. [44] gave an efficient identity based anonymous broadcast encryption for cloud storage services, which has a fixed size for its public parameters, private key and ciphertext.

Our Motivations
Xiong et al. [28] presented a secret-sharing scheme that can resist side-channel attacks by the split-state technology. Since then, state partition technology has been gradually used to construct some cryptographic schemes with special performance. Liu et al. [45] ensured the security of their scheme in the case of continuous state partition leakage and tamper attacks from an algorithmic point of view by means of general reference string and nonmalleable code.
Faonio et al. [46] divided the code into two parts. By using a refresh process based on state division, non-extensible code has the ability to resist persistent leakage attacks. In these schemes based on state division technology, the state is usually divided into two parts. The state is sometimes divided into four or eight parts [47,48].
Since dual-system technology [49] was used to prove the security for cryptosystems, a lot of work has been carried out along this line. In view of bilinear groups with composite order, the orthogonality of subgroup elements can be fully utilized to carry effective information and hide invalid information. It is usually used to finish the security proof in combination with dual-system encryption technology. Refs. [50][51][52] achieve some schemes with leakage resilience through dual-system technology.
For the anonymous broadcast encryption, there is no leakage-resilient scheme at present. On the basis of the reference [53], we present an anonymous broadcast encryption scheme against the continuous leakage of a private key.

Our Contributions
We put forward an anonymous IBBE against a continual-leakage attack. First, for the first time, we use state division technology to obtain the leakage resilience of a broadcast encryption scheme. The main advantage is that it can ensure that the scheme has the ability to resist side-channel attacks and has relatively high computational efficiency at the same time. The computational efficiency is also one of the important considerations of the cryptographic scheme. Second, the scheme has anonymity, which protects the privacy of users. For example, for a health diagnosis and treatment system based on cloud storage, if the data owner (a hospital) wants to encrypt the data about coronary heart disease in the Department of Cardiology for the relevant patients, if there is no anonymity, a bystander can infer that a user accessing this data is suffering from heart disease. Thus, the identity information of the user is virtually leaked. Therefore, anonymity is also a very important aspect. In fact, ref. [53] provided an anonymous broadcast encryption. Although its efficiency is considered, a side-channel attack is not considered. Thirdly, our scheme has a good ability to resist a side-channel attack. The side-channel attack is a new cryptosystem attack form in the past 10 years. Therefore, if the designed cryptographic algorithm can capture the side-channel attacks, the security for the cryptographic scheme is better. Figure 2 shows a whole framework about an anonymous leakage-resilient IBBE for cloud services. The system involves four entities: private key generator (PKG), cloud storage server (CSS), data user (DU) and data owner (DO). The PKG offers private keys for all DUs based on DUs' identities. The PKG sends the system's parameters to the DO and DU. The DO will authorize the data user in the target set as the receiver and encrypt the symmetric encryption key through anonymous IBBE. The DO encrypts its information by the session key and places the ciphertext on CSS. The symmetric encryption key is broadcast by the data owner to the target user set. The target user decrypts the ciphertext with their private key and obtains a symmetric encryption key. Next, the target user decrypts the ciphertext with the symmetric encryption key. In this process, the user cannot obtain the information of other users, so the system has anonymity. the symmetric encryption key through anonymous IBBE. The DO encrypts its information by the session key and places the ciphertext on CSS. The symmetric encryption key is broadcast by the data owner to the target user set. The target user decrypts the ciphertext with their private key and obtains a symmetric encryption key. Next, the target user decrypts the ciphertext with the symmetric encryption key. In this process, the user cannot obtain the information of other users, so the system has anonymity.

Related Knowledge
We give some notations in Table 1 and give the preliminaries that will be used in the paper.

Related Knowledge
We give some notations in Table 1 and give the preliminaries that will be used in the paper. Table 1. Some notations.

Notation
Description Subgroups of G 1 for order w 1 , w 2 and w 3 Safety parameter Public parameters MK Master private key SK ID,k Private key for identity ID SK ID,k+1 Updated private key Bound for private key leakage EX R Real security game

Bilinear Group
Definition 1. Suppose that G 1 and G 2 are multiplicative cyclic group with order N. Suppose that a is a generator of group G 1 . A map e : G 1 × G 1 → G 2 is called as bilinear map, if it satisfies the conditions as follows.
(3) Computability: There is an effective algorithm to calculate e(a, b).

Composite Order Bilinear Groups
Ref. [54] put forward the concept of composite order bilinear groups. Let Φ represent a bilinear group generation algorithm. Taking the safety parameters as inputs, Φ can produce a bilinear group with composite order Ω = {N = w 1 w 2 w 3 , G 1 , G 2 , e}. w 1 , w 2 and w 3 are three different primes with θ bits (that is, log . G 1 is a cyclic group with order N = w 1 w 2 w 3 , so is G 2 . e is a bilinear map that maps G 1 × G 1 to G 2 . θ is determined by safety parameter . Let G w 1 , G w 2 and G w 3 denote the subgroups of order w 1 , w 2 and w 3 , respectively, in the group G 1 . Let G w 1 w 2 denote the subgroup of order w 1 w 2 in G 1 . If an element Y can be written as the product of an element in G w 1 and an element in G w 2 , then these two parts are called the part G w 1 of Y and the part G w 2 of Y, respectively. Assuming that p i ∈ G w i and p j ∈ G w j (i = j), we can acquire e(p i , p j ) = 1. So, G w i and G w j are orthogonal. For example, G w 1 and G w 2 are orthogonal. Suppose g is a generator of G 1 , g w 1 w 2 is a generator of G w 3 , g w 1 w 3 is a generator of G w 2 , and g w 2 w 3 is a generator of G w 1 . Then, there are α 1 and α 2 , such that Three assumptions [49,51] are given below. Suppose g i is the generator of G w i .

Assumption 1.
Let Φ generate a bilinear group. Given the following distribution: The superiority that one adversary destroys Assumption 1 is denoted by If Adv ψ,A ( ) can be ignored, Assumption 1 is considered valid.

Assumption 2.
Let Φ generate a bilinear group. Given the following distribution: The superiority that one adversary destroys Assumption 2 is denoted by If Adv ψ,A ( ) can be ignored, Assumption 2 is considered valid.

Assumption 3.
Let Φ generate a bilinear group. Given the following distribution: The superiority that one adversary destroys Assumption 3 is denoted by If Adv ψ,A ( ) can be ignored, Assumption 3 is considered valid.

Syntax of CLR-SS-AIBBE
Inspired by refs. [50,51,53], a formal definition of CLR-SS-AIBBE is given. CT. First, it divides CT into (C, Hdr). If ID i ∈ S, the algorithm uses Hdr to produce some part related to the plaintext.
Decryption algorithm 2: Decrypt2(MP, SK ID i ,k,2 , S, CT ) → M . The algorithm inputs the master public key MP, private key SK ID i ,k,2 , users' identity set S and ciphertext CT . If ID i ∈ S, it first calculates the CK. Then, the plaintext message is recovered by decrypting C.
Semi-functional private key generation algorithm: KeyGenSF(MP, MK, ID) → SK ID . It inputs MP, MK and an identity ID. It outputs the semi-functional private key SK ID .
Semi-functional encryption algorithm: EncryptSF(MP, M, S) → CT . The algorithm inputs MP, S and M. Semi-functional ciphertext CT is generated.
The first three algorithms are run by the private key generation center, and other algorithms are run by the user. The last two algorithms are only used for the security proof. Both decryption algorithm 1 and decryption algorithm 2 are executed by the data user. They are usually executed on two components and then transmit information through a secure channel. Each component operates independently and suffers from side-channel attacks. In this way, security can be enhanced.

Security Description of CLR-SS-AIBBE
Our scheme is secure against the chosen ciphertext attack. The security of the CLR-SS-AIBBE scheme is described by the upcoming game EX R . In EX R , the challenger B holds a list L = {(H, I, SK, LK 1 , LK 2 )}, where H, I, SK and LK 1 , LK 2 are the handle's space, the identity's space, the private key's space and the leakage space, respectively. Let H = N and LK 1 = LK 2 = N.
The game EX R is played by an adversary (or attacker), A, and a challenger, B. O-Generate(ID). As for one identity ID, B finds its corresponding item in L. If one item is found out, the game is over. If no item is found out, B runs KeyGen to obtain one private key SK ID and updates the handle h ← h + 1 . Then, the challenger puts (h, ID, SK ID , 0, 0) in L.
O-Leak(h, f 1 , f 2 ). The attacker inquires the leakage of the private key about the item h. The attacker selects two leakage functions, f 1 and f 2 . f 1 and f 2 input the private keys SK ID i ,k,1 and SK ID i ,k,2 , respectively. B sends the outputs of f 1 and f 2 to the adversary.
Specifically, B looks for one corresponding item about the handle h. If one item (h, ID, SK ID , L 1 , L 2 ) is found out, B determines whether L 1 + f 1 (SK ID ) ≤ L SK 1 and L 2 + f 2 (SK ID ) ≤ L SK 2 , where L SK 1 and L SK 2 are the maximum values that allow the leakage of the private key. If L 1 + f 1 (SK ID ) ≤ L SK 1 , the challenger will send f 1 (SK ID ) to the adversary and use (h, ID, SK ID , L 1 +| f 1 (SK ID )|, L 2 ) to update (h, ID, SK ID , L 1 , L 2 ). Otherwise, the challenger outputs ⊥. Similarly, if L 2 + f 2 (SK ID ) ≤ L SK 2 , the challenger will send f 2 (SK ID ) to the adversary and use (h, ID, SK ID , L 1 , L 2 +| f 2 (SK ID )|) to update (h, ID, SK ID , L 1 , L 2 ). Otherwise, the challenger outputs ⊥. Set L SK 1 = L SK 2 = L SK .
O-Reveal(h). If A asks for a private key about one handle h, B looks for it in L. If the found item is (h, ID, SK ID , L 1 , L 2 ), the challenger sends SK ID to A.
O-Re f ersh. If an attacker enquires an updated private key about the handle h, the challenger looks for it in L. If the found item is (h, ID, SK ID , L 1 , L 2 ), the challenger invokes KeyUpd to obtain the updated private key SK ID . B sends SK ID to A and uses (h, ID, SK ID , 0, 0) to update (h, ID, SK ID , L 1 , L 2 ).
O-Decrypt1. If the attacker asks for the corresponding plaintext of (ID, CT), the challenger looks for SK ID in L. The challenger runs Decrypt1(MP, SK ID i ,k,1 , S, CT) → CT . If ID i ∈ S, the challenger calculates some parts CT of the plaintext and sends CT to A. O-Decrypt2. If A inquires about this plaintext of (ID, CT), the challenger looks for SK ID about ID in L. This challenger runs Decrypt2(MP, SK ID i ,k,2 , S, CT ) → M . First, CT is divided into (C, Hdr). If ID i ∈ S, the challenger uses Hdr to calculate the symmetric key CK. Then, it recovers M by decrypting C with CK and sends it to A.
Challenge. A gives two messages, M 0 and M 1 , of equal size. B selects randomly β ← {0, 1} . Then, B takes MP and the identity set S * = ID * 1 , . . . , ID * d (d ≤ l) as input. B outputs (Hdr * , CK * ). B utilizes CK * to encrypt M β to get the ciphertext C * . B sends (C * , Hdr * , S * ). Other restrictions are that A cannot inquiry the information about ID ∈ S * and Hdr = Hdr * . In addition, a leakage inquiry cannot be performed. Since, if a leakage inquiry is allowed, A may take the ciphertext, the decryption algorithm and M 0 and M 1 as the input of the leakage function and obtain a bit output, and win the game in an ordinary way.
Guess. The attacker gives one guess, β ∈ {0, 1}. If β = β, A wins this game EX R . The superiority, that A wins this game EX R , is defined as Adv A (L SK ) = Pr[β = β] − 1 2 . If any PPT attacker can only win negligible advantages in the game EX R , the CLR-SS-AIBBE scheme is said to be safety against leakage attack.

Specific Construction of CLR-SS-AIBBE
Let Φ to represent a bilinear group generation algorithm. Taking the safety parameters as inputs, Φ produces a bilinear group with composite order Ω = {N = w 1 w 2 w 3 , G 1 , G 2 , e}. w 1 , w 2 and w 3 are three different primes with θ bits (that is, log . G 1 is a cyclic group with order N = w 1 w 2 w 3 , so is G 2 . e is a bilinear map that maps G 1 × G 1 to G 2 . θ is determined by safety parameter . Initialization algorithm. Let l indicate the maximum number of users. The algorithm randomly selects g 1 , h 1 ∈ G w 1 ,g 3 ∈ G w 3 , a 1 , a 2 , . . . , a l , b ∈ Z N and α ∈ Z N and sets u 1 = g a 1 1 , . . . , u l = g a l 1 and h 1 = g b 1 . The master public key is MP = N, g 1 , g 3 , h 1 , u 1 , . . . , u l , e(g 1 , g 1 ) α . The master private key is MK = {α}.
Private key generation algorithm. For an identity ID i ∈ S, where S = (ID 1 , . . . , ID d ) (d ≤ l) is this set of the intended recipients, the algorithm inputs MP, MK and one user's identity, ID i . The algorithm randomly selects a 1 , a 2 , . . . , a d , b ∈ Z N , β i,0 , γ i,0 ∈ Z N , r i ∈ Z N (i = {1, . . . , d}) and R i , Q i , R i , Q i ∈ G p 3 . It sets u 1 = g a 1 1 , . . . , u l = g a l 1 and h 1 = g b 1 . The generated private key is SK ID i ,0 = (SK ID i ,0,1 , SK ID i ,0,2 , where SK ID i ,0,1 = (g r i 1 R i g ).
Private key update algorithm. It inputs SK ID i ,k and MP. It obtains a new private key SK ID i ,k+1 . For the private key SK ID i ,k = (SK ID i ,k,1 , SK ID i ,k,2 , where SK ID i ,k,1 = (SK 1 ID i ,k,1 , ). It chooses randomly β i,k+1 , λ i,k+1 ∈ Z N and calculates a new private key: and Since β i,k+1 , λ i,k+1 ∈ Z N are randomly selected, β i,1 + . . . + β i,k + β i,k+1 and γ i,1 + . . . + γ i,k + γ i,k+1 are also random. The private keys SK ID i ,k+1 and SK ID i ,k have the same distributions. Without losing the generality, if a private key is needed, the original private key SK ID i will be used for the convenience.
Encryption algorithm. It takes M and one set S = (ID 1 , . . . , ID d ) that will receive the ciphertext as the input. It randomly chooses s ∈ Z N and Z, Z ∈ G p 2 and computes the ciphertext: The encapsulated key is e(g 1 , g 1 ) αs . The data owner transmits (CT, S) to the receiver. Decryption algorithm 1. For one user ID i , if ID i ∈ S, it can decrypt the received ciphertext. It divides CT = (C, Hdr). They run the decryption algorithm Decrypt1(MP, SK ID i ,k,1 , S, CT) → CT . If ID i ∈ S, the algorithm uses Hdr to calculate part of the plaintext, CT .
First, it uses SK ID i ,k,1 to calculate CT = (C, C 1 , C 2 , C 1 , C 2 ): Decryption algorithm 2. The algorithm inputs MP, SK ID i ,k,2 , the user's identity set S and the part plaintext CT . Supposing ID i ∈ S, it first calculates the encapsulated key CK. Next, the plaintext message M is recovered by CK.
First, it calculates: Then, it obtains For the semi-functional private key generation algorithm, given SK ID i ,k = (SK ID i ,k,1 , ), it randomly selects ξ 1 , ξ 2 , ζ 1 , ζ 2 ∈ Z N and generates the semi-functional private key: ). The semi-functional encryption algorithm invokes Encrypt to gain normal ciphertext . Then, it randomly selects ρ 1 , ρ 2 , ρ 3 ∈ Z N and generates semi-functional ciphertexts: The main ideal of the proof. The indistinguishability of a series of games expounds its security of the given scheme. EX R is a real security game, and the rest of the games are gradually changed from EX R . In EX F , any attacker has no advantage. As long as it is proven that the adversary cannot distinguish between two consecutive games, security is achieved. q denotes the maximum number of private key queries.
EX R : It is the real security game of CLR-SS-AIBBE. EX 0 : It is very similar to EX R . The only difference is that EX 0 has semi-functional ciphertext.
EX i (i ∈ [1, q]): The challenger responds to A with a semi-functional ciphertext, responds to A's previous i private key inquiries with semi-functional ones and responds to the other private key queries with normal ones. Supposing i = q (EX q ), the challenger generates semi-functional private keys to respond to all private key queries. EX F . The only difference between EX q and EX F is that in EX F , B encrypts a message randomly, while in EX q , B only encrypts one of the two given challenge messages. Table 2 shows the types of the ciphertext and the private key for every game. The ciphertext or the private key represented by SMF is semi-functional. We use NM to indicate that one ciphertext or one private key is normal. The types for the ciphertext and the private key are represented by TY SK    Proof. We will complete the proof through EX R , EX i (i ∈ (0, 1, . . . , q)) and EX F and four lemmas. Lemma 1 gives the limit of leakage. The other three lemmas prove the indistinguishability of these games. Moreover, the advantage gained by the attacker in the game EX F is proven to be negligible. Table 3 illustrates the distinctions for the superiority achieved by the attacker between two consecutive games. Here, we give the conclusions of Lemma 2, Lemma 3 and Lemma 4. Their proofs will be given later. Adv

EX R
A or Adv EX R A (L SK ) is used to indicate the superiority achieved by A in this game EX R . We use Adv EX i A or Adv EX i A (L SK ) to indicate the superiority achieved by A in this game EX i (i ∈ (0, . . . , q)). We use Adv EX F A or Adv

EX F
A (L SK ) to indicate the superiority achieved by A in this game EX F . Table 3. The distinctions for the superiority achieved by the attacker between two consecutive games (CLR-SS-AIBBE).

Two Consecutive Games
Differences of the Advantages Lemmas From Table 3, the following fact can be obtained.
Furthermore, according to theorem 6.8 given in [50], we obtain that Adv  Proof. We will utilize a result in ref. [26] to complete the proof.
According to Result 1, the following Deduction 1 is obtained easily. Deduction 1. Given a prime p, we choose n 1 ≥ 3, → δ ← Z n 1 p , → τ ← Z n 1 p and → τ ← Z n 1 p such that the dot product of → τ and → δ is orthogonal with respect to the module p. Suppose that the leakage function is f : Z n 1 Proof. According to the conclusion 1, if n 2 = n 1 − 1, n 1 = n 2 + 1 ≥ n 2 ≥ 2. This basis of the orthogonal space of → δ corresponds to X and → τ corresponds to Φ. So, when If we set n 2 = 2, p 2 = p and ε = p −Λ 2 , the allowed value of private key leakage is log Thus, the maximum value of private key leakage can reach L SK 1 = L SK 2 = L SK = (1 − 2Λ)θ.

Lemma 2. If there is an adversary
the challenger B can destroy Assumption 1 over advantage ε.
Proof. Given D = (Ω, g 1 , X 3 ), U, V ∈ G w 2 and T (T ∈ G w 1 w 2 or T ∈ G w 1 ), B and A interact as follows.
Initialization. Let l indicate the maximum number of users. The challenger B randomly selects g 1 , h 1 ∈ G w 1 ,g 3 ∈ G w 3 , a 1 , a 2 , . . . , a l , b ∈ Z N and α ∈ Z N . B sets u 1 = g a 1 1 , . . . , u l = g a l 1 and h 1 = g b 1 . The master public key is MP = N, g 1 , g 3 , h 1 , u 1 , . . . , u l , e(g 1 , g 1 ) α , and the master private key is MK = {α}. B sends MP to A. Phase 1. A inquires the private key of ID i ∈ S, where S = (ID 1 , . . . , ID d ), (d ≤ l) is this set of the intended recipients, B randomly selects β i,0 , γ i,0 ∈ Z N and r i ∈ Z N (i = {1, . . . , d})r i , q i , r i , q i ∈ Z N . B generates private key SK ID i ,0 = (SK ID i ,0,1 , SK ID i ,0,2 , where . B responds to A with the private key SK D i . Challenge. A gives B one set S * = ID * 1 , . . . , D * d and two messages, M 0 and M 1 , of equal size. B randomly selects β ∈ {0, 1} and calculates ciphertext CT = (C, Hdr) = a j ID j +b U, TV). Phase 2. A may query the private key for ID i / ∈ S * . Guess. A output a guess β . If β , A wins the game. When T = g z 1 g v 2 ∈ G w 1 w 2 (z, v are randomly selected), B properly simulates the game EX 0 . When T = g z 1 ∈ G w 1 (z is randomly selected), B properly simulates the game EX R . In other words, as long as A achieves certain advantages in distinguishing EX R and EX 0 , the challenger has the same advantages in destroying assumption 1. This is not consistent with

Lemma 3.
If there is an adversary A such that Adv (1, . . . , q)), the challenger B can destroy Assumption 2 over advantage ε.

Initialization.
Let l indicate the maximum number of users. The challenger B randomly selects g 1 , h 1 ∈ G w 1 ,g 3 ∈ G w 3 , a 1 , a 2 , . . . , a l , b ∈ Z N and α ∈ Z N . B sets u 1 = g a 1 1 , . . . , u l = g a l 1 and h 1 = g b 1 . The master public key is MP = N, g 1 , g 3 , h 1 , u 1 , . . . , u l , e(g 1 , g 1 ) α , and the master private key is MK = {α}. B sends MP to A. Phase 1. A inquires a private key, which corresponds to ID i ∈ S, where S = {ID 1 , . . . , ID d }. B responds like this.
(1) In case i < k, B responds with one private key with a semi-functional form. B randomly picks ξ 1 , ξ 2 , ζ 1 , ζ 2 ∈ Z N and generates one private key with the semi-functional form . (2) In case i > k, B calls the private key generation algorithm to gain one private key with normal form. ( ). Provided T ∈ G w 1 w 3 , this private key is normal. B correctly imitates EX k−1 . Provided T ∈ G 1 , this private key has a semi-functional form. B correctly imitates EX k .
Challenge. A gives B one set S * = ID * 1 , . . . , D * d and two messages, M 0 and M 1 , of equal size. B randomly selects β ∈ {0, 1} and calculates ciphertext CT = (C, Hdr) = (C, C 1 , C 2 ) = (M β e(g 1 , g z Phase 2. A may query the private key for ID i / ∈ S * . Guess. A output a guess β . If β = β, A wins the game. When T ∈ G w 1 w 3 , B properly simulates the game EX k−1 . When T ∈ G 1 , B properly simulates the game EX k . Thus, |Pr[B(D, In other words, as long as A achieves certain advantages in distinguishing EX k−1 and EX k , the challenger has the same advantages in destroying Assumption 2. This is not consistent with assumption 2. So, Adv A (L SK ) < ε (the proof will be given in Lemma 4). In this way, we can obtain: In other words, the advantage gained by A in EX i can be ignored. Lemma 3 is finished.

Lemma 4. If there is an adversary
the challenger B can destroy assumption 3 over advantage ε.
Initialization. Let l indicate the maximum number of users. The challenger B randomly selects g 1 , h 1 ∈ G w 1 ,g 3 ∈ G w 3 , a 1 , a 2 , . . . , a l , b ∈ Z N and α ∈ Z N . B sets u 1 = g a 1 1 , . . . , u l = g a l 1 and h 1 = g b 1 . The master public key is MP = N, g 1 , g 3 , h 1 , u 1 , . . . , u l , e(g 1 , g 1 ) α , and the master private key is MK = {α}. B sends MP to A. Phase 1. A queries the private key that corresponds to the identity ID i ∈ S, where S = {ID 1 , . . . , ID d }. B randomly selects ξ 1 , ξ 2 , ζ 1 , ζ 2 ∈ Z N and generates one private key with the semi-functional form ζ 2 ). Challenge. A gives B one set S * = ID * 1 , . . . , D * d and two messages, M 0 and M 1 , of equal size. B randomly selects β ∈ {0, 1} and calculates ciphertext CT = (C, Hdr) = (C, C 1 , A may query the private key for ID i / ∈ S * . Guess. A output a guess β . If β , A wins the game. When T = e(g 1 , g 1 ) αs , B properly simulates the game EX q . When T ∈ G 2 , B properly simulates the game EX F . Thus, |Pr[B(D, T = e(g 1 , In other words, as long as A achieves certain advantages in distinguishing EX q and EX F , the challenger has the same advantages in destroying Assumption 3. This is not consistent with Assumption 3. So, Adv As time goes on the leakage must exceed a certain limit, which will damage the security of the system. If the scheme keeps secure against continual side-channel attack, its private key should be refreshed periodically. In fact, through the update algorithm for the private key, our scheme has the function of continual-leakage resilience.
Proof. Similar to [52], the proposed CLR-SS-AIBBE gains continual leakage resilience through the update algorithm for the private key. The private key updation algorithm inputs SK ID,k and MP and generates one new private key SK ID,k+1 . For the private key updation, an additional random number is added to the original one of the private key.
Since the newly added value is randomly selected, the new private key has the same distribution with the original one. If private key updates periodically, continual-leakage resilience can be obtained.

Relative Leakage Ratio
The relative leakage ratio of one private key refers to the ratio of the leakage amount of one private key to the length of the private key.
In our proposed scheme, w 1 , w 2 and w 3 are primes with length of θ bits. This private key has 2 × 2 × 3θ bits. The leakage amount of the private key amounts to 2 × 2(1 − 2Λ)θ bits, where Λ is a very small constant value. So, the relative leakage ratio about the private key is Table 4 shows some comparisons about the proposed scheme and some related schemes are given in [51,53]. We will consider the private key size, leakage amount, storage requirement and leakage rate. Ref. [53] gives an anonymous IBBE scheme but does not consider leakage. Ref. [51] proposes a continuous-leakage-resilient (CLR) IBBE scheme (CLR-IBBE), which essentially uses the private key extension technology, but does not consider the anonymity. The scheme given in this paper takes account of both key leakage and anonymity. Table 4. Some comparisons related to the proposed scheme and some related schemes given in [51,53].

Schemes IBBE of [53] CLR-IBBE of [51] Our Scheme
Private key size 6θ  Table 4, we see that the leakage resilience of the given scheme is better than that of [51]. In addition, because the scheme of [51] requires n ≥ 2, the storage requirement of our scheme is better than that of [51]. In fact, for the scheme of [51], when n is a large value, a high leakage rate can be obtained. For example, when n = 2, the private key leakage ratio in [51] is 1 12 . When n = 4, the private key leakage ratio of the scheme [51] is 1 6 . The leakage rate of the scheme in [51] increases with the increase in n, but the maximum leakage rate is 1 3 . The essence is that the scheme of [51] obtains certain leakage resilience at the expense of storage space and calculation cost. The scheme of this paper divides the private key into two different states through state partition technology, so that the private key can be properly separated to obtain leakage resilience. Table 5 shows the comparisons of the calculation efficiency of our scheme and the schemes of [51,53]. Table 5. Comparisons of the calculation efficiency of our scheme and the schemes of [51,53].

Schemes
Initialization Private Generation Private Updation Encryption Decryption [53] E + P (d + 2)E × (d + 3)E 2P [51] (4n + 3m + 5)E + P (3n + 2d + 4)E (3n + d + 5)E (n + d + 2)E (n + 2)P Our scheme The number of main operations (pairing operation and group exponent operation) is listed in Table 5. P indicates pairing operation. E indicates group exponent operation. m is the max value of the users in the system. d denotes the count of those users in some broadcast. The calculation efficiency of each operation of this presented scheme in this paper is better than that of the scheme in [51]. The encryption and decryption calculation efficiency of our scheme is as good as that of [53], and the efficiency is higher than that of the scheme in [51]. Since the private key is divided into two states, the scheme in this paper has two more exponential operations than the scheme in [53] for the private key generation algorithm. In addition, since the decryption is divided into two stages, the scheme in this paper has two more pairing operations than the scheme in [53].

Conclusions
This paper gives the syntax and security description of CLR-SS-AIBBE and proposes a concrete CLR-SS-AIBBE scheme. The private key is continuously updated through state division. The proposed scheme can resist the continual leakage about the private key. The relative leakage rate reaches one-third. Based on the general subgroup decision hypothesis, it is proven that our scheme is secure under the standard model. In addition, through the special treatment of a private key, this given scheme also has the characteristics of anonymity. It has three advantages.
First, our scheme has better application value. Since the adversary in the real environment can carry out continuous-leakage attacks, the continuous-leakage model is closer to the application needs of the real environment. In this paper, the leakage-resilient performance of IBBE mechanism is achieved under the continuous-leakage model, so the scheme is more practical.
Second, our scheme has better user-identity privacy protection. In the identity-based broadcast encryption scheme, broadcasters usually encrypt messages by combining the public identity of the receiver and system parameters. This may reveal the identity of the receiver to the public, which causes users to worry about identity privacy. Most identitybased broadcast encryption (IBBE) schemes are not anonymous, which means that attackers can obtain the identities of all recipients from the ciphertext. The paper provides anonymity and has a good role in protecting user identity privacy.
Third, the given scheme is suitable for some intelligent systems. The public parameter size and private key size of the proposed scheme are constant, and the decryption cost is independent of the number of recipients. Therefore, this scheme requires less computing energy consumption and is very suitable for intelligent city information systems.