1970-01-01

(2026-02) Group Encryption with Oblivious Traceability

• [[Khoa Nguyen]]
• [[Yanhong Xu]]
• [[Nam Tran]]
• [[Willy Susilo]]
• [[Huaxiong Wang]]

2026-02-27

• #cryptography
• #paper

Abstract

We revisit Group Encryption (GE)—an encryption analogue of group signatures introduced by Kiayias et al. (Asiacrypt 2007). A GE system simultaneously provides anonymity and traceability for receivers who are certified group members, enabling a range of privacy-preserving applications. While prior work has extensively addressed \emph{how} to trace receivers in GE, the question of \emph{why} a ciphertext should be traceable remains unexplored. Unlike group signatures, where opening can be justified by the signed content, tracing in GE poses a dilemma because the underlying plaintext is confidential.

To address this gap, we introduce Group Encryption with Oblivious Traceability (GEOT), an enhanced form of GE in which the traceability of a ciphertext $\psi$ intended for receiver $\mathsf{id}$ and containing message $\mathbf{w}$ is governed by a public tracing policy $P(\mathsf{id},\mathbf{w}) \in {0,1}$. Here, $P(\mathsf{id},\mathbf{w})=0$ denotes traceability, whereas $P(\mathsf{id},\mathbf{w})=1$ ensures non-traceability. The traceability status is known to the sender but remains hidden from all parties except the opening authority, which learns nothing about $\mathsf{id}$ in the non-traceable case. GEOT further supports message filtering and dynamic membership, following Nguyen et al. (PKC 2021). Filtering enforces that valid ciphertexts satisfy a public policy $F(\mathbf{w})=1$, while dynamicity enables users to join and leave the system over time.

We formalize GEOT with concise syntax and rigorous security notions, and present a modular construction based on standard cryptographic primitives: signatures, public-key encryption, and non-interactive zero-knowledge proofs. We also give a concrete instantiation from code-based assumptions supporting arbitrary tracing and filtering policies represented by polynomial-size Boolean circuits. In addition to expressive filtering and tracing functionalities, our scheme achieves significant efficiency improvements over existing post-quantum GE constructions.