Abstract
We present a pairing-based traitor tracing scheme for N users with
This is the first pairing-based scheme to achieve \(| \textsf{pk}| \cdot | \textsf{sk}| \cdot | \textsf{ct}| = o(N)\). Our construction relies on the (bilateral) k-Lin assumption, and achieves private tracing and full collusion resistance. Our result simultaneously improves upon the sizes of \( \textsf{pk}, \textsf{ct}\) in Boneh–Sahai–Waters [Eurocrypt ’06] and the size of \( \textsf{sk}\) in Zhandry [Crypto ’20], while further eliminating the reliance on the generic group model in the latter work.
J. Gong—Partially supported by National Natural Science Foundation of China (62002120), Innovation Program of Shanghai Municipal Education Commission (2021-01-07-00-08-E00101) and the “Digital Silk Road” Shanghai International Joint Lab of Trustworthy Intelligent Software (22510750100). Part of this work was done while visiting NTT Research.
J. Luo—Partially supported by NSF grants CNS-1936825 (CAREER), CNS-2026774, a JP Morgan AI Research Award, a Cisco Research Award, and a Simons Collaboration on the Theory of Algorithmic Fairness. Part of this work was done during an internship at NTT Research.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
In a bit more detail, the construction starts with a variant of \((O(1),N_2)\)-rPLBE with parameters
$$\begin{aligned} | \textsf{pk}| = O(N_2), \quad | \textsf{ct}| = O(N_2\kappa ), \quad | \textsf{sk}| = O(1), \end{aligned}$$which yields a “\(1/N_1\)-risky” traitor tracing scheme for \(N_1N_2\) users following [18]. That is, tracing succeeds with probability \(1/N_1\). This is then amplified to a standard traitor tracing scheme with a blow-up in \( \textsf{sk}\).
- 2.
In MBME, ciphertexts are associated with \((z_1,\ldots ,z_\ell ) \in \{0,1\}^\ell \) and keys with \((y_1,\ldots ,y_\ell ) \in \{0,1\}^\ell \) and decryption is possible iff
$$\textstyle \bigwedge _{i=1}^\ell z_i \vee y_i = 1.$$Security requires both attribute and function hiding. MBME for \(\ell \)-bit vectors can be instantiated from attribute-hiding function-hiding inner product predicate encryption for \(O(\ell )\)-dimensional vectors, since
$$\textstyle \bigwedge _{i=1}^\ell z_i \vee y_i = 1 \Longleftrightarrow \sum _{i=1}^\ell (1-z_i)(1-y_i) {\mathop {=}\limits ^{?}} 0. $$.
- 3.
As \(\kappa =\omega (\log \lambda )\) and \(N={\text {poly}}(\lambda )\), any statistical error \(2^{-\Omega (\kappa )}\) is absorbed by \(\lambda ^{-\omega (1)}\) when combined with a computational argument, and thus omitted in such case.
- 4.
Claim 3 does not care about whether \({\varepsilon _0\ge \varepsilon (\lambda )}\).
- 5.
\(N_1\) is a random variable due to the random coins of \(\mathcal {A}\), so it is impossible to write \(N_1\) outside probability or expectation. For non-uniform security we may assume \(N_1\) is fixed for every \(\lambda \), yet it is better to present the more general proof.
- 6.
It is important that we do not assume \(\rho \) is the identity map by enlarging \(\textbf{M}\), so that we capture key size dependency in m, the locality. The scheme will be instantiated for \(\kappa \)-local roMSPs (\({\kappa \ll n}\)), which is crucial for the efficiency of our application.
References
Abdalla, M., Catalano, D., Gay, R., Ursu, B.: Inner-product functional encryption with fine-grained access control. In: Moriai, S., Wang, H. (eds.) ASIACRYPT 2020. LNCS, vol. 12493, pp. 467–497. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-64840-4_16
Agrawal, S., Libert, B., Stehlé, D.: Fully secure functional encryption for inner products, from standard assumptions. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9816, pp. 333–362. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53015-3_12
Baltico, C.E.Z., Catalano, D., Fiore, D., Gay, R.: Practical functional encryption for quadratic functions with applications to predicate encryption. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10401, pp. 67–98. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-63688-7_3
Billet, O., Phan, D.H.: Efficient traitor tracing from collusion secure codes. In: Safavi-Naini, R. (ed.) ICITS 2008. LNCS, vol. 5155, pp. 171–182. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-85093-9_17
Boneh, D., Naor, M.: Traitor tracing with constant size ciphertext. In: Ning, P., Syverson, P.F., Jha, S. (eds.) ACM CCS 2008, pp. 501–510. ACM Press, October 2008. https://doi.org/10.1145/1455770.1455834
Boneh, D., Sahai, A., Waters, B.: Fully collusion resistant traitor tracing with short ciphertexts and private keys. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 573–592. Springer, Heidelberg (2006). https://doi.org/10.1007/11761679_34
Boneh, D., Shoup, V.: A Graduate Course in Applied Cryptography. Draft (2015). version 0.2. https://toc.cryptobook.us/
Boneh, D., Waters, B.: A fully collusion resistant broadcast, trace, and revoke system. In: Juels, A., Wright, R.N., De Capitani di Vimercati, S. (eds.) ACM CCS 2006. pp. 211–220. ACM Press, October/November 2006. https://doi.org/10.1145/1180405.1180432
Boneh, D., Zhandry, M.: Multiparty key exchange, efficient traitor tracing, and more from indistinguishability obfuscation. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8616, pp. 480–499. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-44371-2_27
Chen, J., Gay, R., Wee, H.: Improved dual system ABE in prime-order groups via predicate encodings. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9057, pp. 595–624. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46803-6_20
Chen, J., Gong, J., Kowalczyk, L., Wee, H.: Unbounded ABE via bilinear entropy expansion, revisited. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10820, pp. 503–534. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-78381-9_19
Chen, Y., Vaikuntanathan, V., Waters, B., Wee, H., Wichs, D.: Traitor-tracing from LWE made simple and attribute-based. In: Beimel, A., Dziembowski, S. (eds.) TCC 2018. LNCS, vol. 11240, pp. 341–369. Springer, Cham (2018). https://doi.org/10.1007/978-3-030-03810-6_13
Chor, B., Fiat, A., Naor, M.: Tracing traitors. In: Desmedt, Y.G. (ed.) Advances in Cryptology — CRYPTO 1994. LNCS, vol. 839, pp. 257–270. Springer, Heidelberg (1994). https://doi.org/10.1007/3-540-48658-5_25
Escala, A., Herold, G., Kiltz, E., Ràfols, C., Villar, J.: An algebraic framework for Diffie-Hellman assumptions. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8043, pp. 129–147. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-40084-1_8
Etesami, O., Mahloujifar, S., Mahmoody, M.: Computational concentration of measure: Optimal bounds, reductions, and more. In: Chawla, S. (ed.) 31st SODA, pp. 345–363. ACM-SIAM, January 2020. https://doi.org/10.1137/1.9781611975994.21
Gong, J., Luo, J., Wee, H.: Traitor tracing with \(N^{1/3}\)-size ciphertexts and \(O(1)\)-size keys from \(k\)-Lin. Cryptology ePrint Archive, Report 2023/256 (2023). https://eprint.iacr.org/2023/256
Gong, J., Wee, H.: Adaptively secure ABE for DFA from k-Lin and more. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020. LNCS, vol. 12107, pp. 278–308. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-45727-3_10
Goyal, R., Koppula, V., Russell, A., Waters, B.: Risky traitor tracing and new differential privacy negative results. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018. LNCS, vol. 10991, pp. 467–497. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-96884-1_16
Goyal, R., Koppula, V., Waters, B.: Collusion resistant traitor tracing from learning with errors. In: Diakonikolas, I., Kempe, D., Henzinger, M. (eds.) 50th ACM STOC, pp. 660–670. ACM Press, June 2018. https://doi.org/10.1145/3188745.3188844
Goyal, R., Quach, W., Waters, B., Wichs, D.: Broadcast and trace with \(N^{\varepsilon }\) ciphertext size from standard assumptions. In: Boldyreva, A., Micciancio, D. (eds.) CRYPTO 2019. LNCS, vol. 11694, pp. 826–855. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-26954-8_27
Ishai, Y., Wee, H.: Partial garbling schemes and their applications. In: Esparza, J., Fraigniaud, P., Husfeldt, T., Koutsoupias, E. (eds.) ICALP 2014. LNCS, vol. 8572, pp. 650–662. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-43948-7_54
Karchmer, M., Wigderson, A.: On span programs. In: Proceedings of Structures in Complexity Theory, pp. 102–111 (1993)
Kowalczyk, L., Wee, H.: Compact adaptively secure ABE for NC\(^{1}\) from \(k\)-Lin. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019. LNCS, vol. 11476, pp. 3–33. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-17653-2_1
Lin, H., Luo, J.: Succinct and adaptively secure ABE for ABP from \(k\)-Lin. In: Moriai, S., Wang, H. (eds.) ASIACRYPT 2020. LNCS, vol. 12493, pp. 437–466. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-64840-4_15
Mahloujifar, S., Mahmoody, M.: Can adversarially robust learning leverage computational hardness? CoRR abs/1810.01407 (2018). http://arxiv.org/abs/1810.01407
Shamir, A.: How to share a secret. Commun. Assoc. Comput. Mach. 22(11), 612–613 (1979)
Waters, B.: Dual system encryption: realizing fully secure IBE and HIBE under simple assumptions. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 619–636. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-03356-8_36
Wee, H.: Attribute-hiding predicate encryption in bilinear groups, revisited. In: Kalai, Y., Reyzin, L. (eds.) TCC 2017. LNCS, vol. 10677, pp. 206–233. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70500-2_8
Wee, H.: Functional encryption for quadratic functions from \(k\)-Lin, revisited. In: Pass, R., Pietrzak, K. (eds.) TCC 2020. LNCS, vol. 12550, pp. 210–228. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-64375-1_8
Zhandry, M.: New techniques for traitor tracing: size \(N^{1/3}\) and more from pairings. In: Micciancio, D., Ristenpart, T. (eds.) CRYPTO 2020. LNCS, vol. 12170, pp. 652–682. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-56784-2_22
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2023 International Association for Cryptologic Research
About this paper
Cite this paper
Gong, J., Luo, J., Wee, H. (2023). Traitor Tracing with \(N^{1/3}\)-Size Ciphertexts and O(1)-Size Keys from k-Lin. In: Hazay, C., Stam, M. (eds) Advances in Cryptology – EUROCRYPT 2023. EUROCRYPT 2023. Lecture Notes in Computer Science, vol 14006. Springer, Cham. https://doi.org/10.1007/978-3-031-30620-4_21
Download citation
DOI: https://doi.org/10.1007/978-3-031-30620-4_21
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-30619-8
Online ISBN: 978-3-031-30620-4
eBook Packages: Computer ScienceComputer Science (R0)
