Decryption. If there has been proper receipt pursuant to Section 2.1 the receiving party shall attempt to decrypt the Transaction. If the Transaction decryption is unsuccessful, the receiving party shall send the applicable error message to the sending party. The sending party shall attempt to correct the error and promptly retransmit the Transaction or notify the receiving party in an attempt to solve the problem. If the Transaction can not be authenticated an applicable error message will be sent to the sending party however, if the sending party’s identity can not be ascertained, then the transmission will not be deemed a Transaction.
Decryption. After receiving a ciphertext (c1, c2, c3), anyone with a valid message-signature pair (s, σ) can extract =
Decryption. The recipient optionally can verify the encrypted DSRC key with the public key KS-PUB of the originator and decrypts the DSRC key with his private key KR-PRIV. Signature verification KS-PUB Signature OK / not OK RSA decryption KR-PRIV encrypted Key DSRC Key copy Figure 7: Signature Verification and Decryption (optional part in grey)
Decryption the receiver, Bob, uses his private key skBob to decrypt the ciphertext.
Decryption. The recipient IDi set a vector a1 = (0,…0,1,0,…0) with n elements, and only the ith element is 1. Then A is a n × n matrix The recipient IDi can solve the following system of equations (x1,x2,…,xn) × A = ( 1 1 … 1). With (x1,x2,…,xn) they can get To decrypt the ciphertext, the recipient IDi needs to compute e(Xxxx, r QV1) , which with knowledge of the private key Si it can do via: e(Ppub, r QV1) = e(Ppub, r(x1Qi + x1 QV2 + … + xn QVn)) = e(Ppub, rx1Qi) e(Ppub, r(x2 QV2+ … + xn QVn)) = e(rP, x1sQi) e(Ppub, x2rQV2+ … + xn rQVn) = e(U1, x1Si) e(Ppub, x2U2 + … + xn Un) Then the recipient can compute K = V ⊕ H2(e(U1, x1Si) e(Ppub, ∑n i=2 xiUi ))
Decryption. Each member of the group can decrypt the ciphertext with the group key. For short, this section gives an example of user A that is the group member wants to decrypt the message as the following; mD = m′ H (R KABC PKD (KABC)-1 ) mD = m′ H (R ((a PKB a -1)PKC (a PKB a -1) -1) PKD ((a PKB a -1) PKC (aPKB a -1 ) -1 )-1 ) From the above example, user A can use his private key a in the term KABC and (KABC)-1 as in the user A’s view as mentioned in the previous subsection.
Decryption. Bob can decrypt the message sent from Xxxxx by using his private key; SK1B, SK2B and an identity of Xxxxx, XXX as the following. M = M′ ⊕ H{ SK1B Z1 (g1) Z2SK2B }
Decryption. Group member can decrypt the message sent from Eve by using his/her private key as the following. For Xxxxx: M = M′ ⊕ H{SK1A Z1(g2) (g3)( g5) Z2 SK2A } For Bob: M = M′ ⊕ H{SK1B Z1(g1) (g3)( g5) Z2 SK2B } For Xxxxxxx: M = M′ ⊕ H{SK1C Z1(g1) (g2)( g5) Z2 SK2C }
Decryption. After receiving a ciphertext (c1, c2, c3), anyone with a valid message-signature pair (s, σ) can extract c3 m = . e(σ, c1)e(H(s), c2) ⊗ ⊙ ⊗ ⊗ ⊙ ⊙ The correctness of the proposed ASBB scheme follows from a direct verifica- tion. Define by (R1, A1) (R2, A2)= (R1R2, A1A2) and by σ1 σ2 = σ1σ2. For security, we have the following claims in which Claim 2 follows from the definition of and , and the security proof of Claim 3 can be found in the full version of the paper [23]. O
Decryption. P : the generator of an given cyclic addition group G, where G consists of all points on a given elliptic curve
