The security against chosen-ciphertext attack (CCA) can effectively figure active attacks in reality. The existing cryptosystems against chosen-ciphertext attack are mainly designed by the foreign and there is a lack of CCA secure cryptosystems designed by our people. Although there are several generic transformation approaches to achieve CCA security, the price to pay is the growth of both computational overhead and communication overhead. In this paper, based on SM9, we propose a new identity-based broadcast encryption which is secure against chosen-ciphertext attack. The scheme construction is derived from SM9 encryption algorithm. The private key size and ciphertext size are of constant which is independent of the number of receivers chosen in data encryption phase. Precisely, the private key consists of one element and the ciphertext is composed of three elements only. If the GDDHE assumption holds, we prove that the proposed scheme is selective secure under chosen-ciphertext attack in the random oracle model. To achieve CCA security, we embed a dummy identity in the ciphertext generation, which can be used to answer the decryption query successfully. Analysis shows that the proposed scheme is comparable to the existing efficient identity-based broadcast encryption schemes in terms of computational efficiency and storage efficiency.