It is critical to guarantee message confidentiality and user privacy in communication networks, especially for group communications. We find previous works seldom consider these aspects at the same time and some trivial solutions cannot remain secure under strong security models. In order to address the aforementioned problem properly, we propose a privacy-preserving source-verifiable encryption scheme. With our scheme, the sender can prove his legitimation to anyone in a set
of users chosen by himself without leaking his identity, and only the intended receiver can retrieve the original message and the identity of the sender from a given ciphertext. Considering the security of our scheme, we define three security models which capture the message confidentiality, the user privacy and the user impersonation resistance respectively. We prove that our scheme maintains all the three aforementioned properties under the random oracle model.