encryption – How to send a fixed size encrypted message to be broadcast to multiple (known) recipients without letting the broadcaster decrypt the message

I am creating a network with three layers. A sender layer, A gateway layer, and a Receiver layer; each having different platforms. See diagram below

enter image description here

All platforms have published their public keys on a trusted public database server (not shown on the diagram).

A sender S wants to send a message to the receiver layer but it can only send the message via one of the platforms in the Gateway layer. Let’s call it G.

The message contains a public section that can be accessed by anyone and a private section that should be accessible only by the receiver layer. Something like below

    "public"  : { <public data>  },
    "private" : { <private data - encrypted> }

Every time S sends a message to G; G uses the public section of the message to verify the authenticity of the sender and to identify a subset of Receivers { R1, R2 … Rp } where p <= n; and broadcasts the message to the “p” receivers.

How does S encrypt the message such that only {R1, R2 … Rp} are able to decrypt the message and not G?

Some additional forces that exist are as follows:

  • Sender platforms layer can have 1-100000000 independent devices each having its own key pair
  • The gateway platforms could range from a 1-500 platforms
  • The receiver layer could have 1-10000000 platforms each having its own key pair

Any ideas on how to achieve this? I can do this using two Gateways, G1 and G2 where one G1 broadcasts the public key of S and G2 broadcasts the message. The receiver can check if the broadcaster of the key is different from the broadcaster of the message and return an “INSECURE_TRANSACTION” error of sorts. But is there a way to make it work using only one Gateway? Any help would be appreciated.