1

I have an hybrid encryption (RSA, AES) for a file sharing project I am working on, where I use a single public key for encryption on the sender side and corresponding private key for decryption on the recipient side. I would like for a sender to be able to send files to multiple users each having only their own unique key pair (public keys would be distributed).

I know this is possible using GPG

gpg --encrypt --recipient alice@example.com --recipient bob@example.com doc.txt

How to do this using RSA or ECC? Is it possible?

J.Valášek
  • 13
  • 3

1 Answers1

1

You are describing the problem of broadcast encryption. This problem was first studied by Fiat and Naor in the aptly named "Broadcast Encryption" paper where they came up with a scheme resilient against $k$ colluding users with roughly $k$ bandwidth cost.

A more efficient scheme using pairing-based cryptography was introduced by Boneh and Gentry in "Collusion Resistant Broadcast Encryption With Short Ciphertexts and Private Keys" which achieves resistance independent of $k$.

Maarten Bodewes
  • 96,351
  • 14
  • 169
  • 323
Daniel S
  • 29,316
  • 1
  • 33
  • 73