Public-key traitor tracing from efficient decoding and unbounded enrollment: extended abstract
Pages 9 - 18
Abstract
Public-key traitor-tracing schemes is a supporting technology for content distribution that discourages abuse and resale of cryptographic keys used for the distribution. These schemes enable a system manager to maintain a set of subscribers so that any external content provider can use the public key nature of the method and transmit data to the subscribers, while assuring that if a coalition of users generate a pirate deciphering device, they can be identified via a procedure called "traitor tracing."
The usefulness of efficient decoding in this context was exemplified in the work of Boneh and Franklin that showed how a specific family of codes can be combined with ElGamal encryption to produce a public-key traitor tracing scheme that supports non-black-box traitor tracing and recovers all traitors that contributed to the pirate key.
In this work we are motivated by the notion of "Traitor Tracing with unbounded enrollment" that we define here, and we look for proper implementation thereof. To this end, we first generalize the Boneh Franklin approach to arbitrary code families by introducing Extended ElGamal encryption and showing an explicit condition under which the encryption can be transformed to traitor tracing, while also identifying cases where such transformation would not work; the properties are presented in terms of efficient decoding algorithms. The approach sheds light on the superlogarithmic (non-black-box) traceability of the Kurosawa-Desmedt public-key traitor tracing scheme that was only shown to support efficient tracing for a logarithmic number of traitors (in the black-box sense, where it was shown that logarithmic is optimal). Recall that the original non-black-box tracing algorithm of this scheme was found to be insufficient. We also show how to take advantage of list decoding techniques for non-black-box traitor tracing to extend the number of traitors that can be successfully traced. Finally, the Kurosawa Desmedt scheme accompanied with our tracing method is shown to be the first construction to implement traitor tracing with unbounded enrollment for an optimal number of traitors (for such a scheme) in both the non-black-box tracing case and the black-box tracing case.
References
[1]
Elwyn R. Berlekamp and L. Welch, Error Correction of Algebraic Block Codes. U.S. Patent, Number 4, 633, 470 1986.
[2]
Dan Boneh and Matthew Franklin, An Efficient Public Key Traitor Tracing Scheme,CRYPTO 1999, pp. 338--353.
[3]
Dan Boneh and Matthew Franklin, An Efficient Public Key Traitor Tracing Scheme, manuscript, full-version of {2}, 2001.
[4]
Dan Boneh, Amit Sahai and Brent Waters, Fully Collusion Resistant Traitor Tracing with Short Ciphertexts and Private Keys, EUROCRYPT 2006, pp. 573--592.
[5]
Stefan Brands, Rethinking Public Key Infrastructures and Digital Certificates - Building in Privacy, Ph.D. thesis, Technical University of Eindhoven, 1999.
[6]
Benny Chor, Amos Fiat, and Moni Naor, Tracing Traitors,Advances in Cryptology - CRYPTO'94, 14th Annual International Cryptology Conference, Santa Barbara, California, USA, August 21--25, 1994, Proceedings. Lecture Notes in Computer Science 839 Springer 1994, pp. 257--270.
[7]
Benny Chor, Amos Fiat, Moni Naor, and Benny Pinkas, Tracing Traitors,IEEE Transactions on Information Theory, Vol. 46, no. 3, pp. 893--910, 2000.
[8]
J. Daemen and V. Rijmen, The design of Rijndael-AES the advanced encryption standard, Springer Verlag, 2002.
[9]
Yevgeniy Dodis, Nelly Fazio, Public Key Trace and Revoke Scheme Secure against Adaptive Chosen Ciphertext Attack, Public Key Cryptography 2003, pp. 100--115.
[10]
Eli Gafni, Jessica Staddon and Yiqun Lisa Yin, Efficient Methods for Integrating Traceability and Broadcast Encryption,CRYPTO 1999, pp. 372--387.
[11]
Juan A. Garay, Jessica Staddon, Avishai Wool, Long-Lived Broadcast Encryption. CRYPTO 2000: pp. 333--352.
[12]
Venkatesan Guruswami and Madhu Sudan, Improved Decoding of Reed-Solomon and Algebraic-Geometric Codes. In the Proceedings of the 39th Annual Symposium on Foundations of ComputerScience, IEEE Computer Society, pp. 28--39, 1998.
[13]
Dani Halevy, Adi Shamir, The LSD Broadcast Encryption Scheme. CRYPTO 2002, pp. 47--60.
[14]
Nam-Su Jho, Jung Yeon Hwang, Jung Hee Cheon, Myung-Hwan Kim, Dong Hoon Lee, Eun Sun Yoo: One-Way Chain Based Broadcast Encryption Schemes. EUROCRYPT 2005: 559--574.
[15]
Aggelos Kiayias and Moti Yung, Self Protecting Pirates and Black-Box Traitor Tracing, CRYPTO 2001, pp. 63--79.
[16]
Aggelos Kiayias and Moti Yung, Traitor Tracing with Constant Transmission Rate, Eurocrypt 2002.
[17]
Aggelos Kiayias, Moti Yung: On Crafty Pirates and Foxy Tracers. Digital Rights Management Workshop 2001, pp. 22--39.
[18]
Aggelos Kiayias, Polynomial Reconstruction based Cryptography, Ph.D. Thesis, City University of New York, 2002.
[19]
K. Kurosawa and Y. Desmedt, Optimum Traitor Tracing and Asymmetric Schemes,Advances in Cryptology - EUROCRYPT'98, International Conference on the Theory and Application of Cryptographic Techniques, Espoo, Finland, May 31 - June 4, 1998, Proceeding. Lecture Notes in Computer Science 1403 Springer 1998, pp. 145--157.
[20]
K. Kurosawa, M. Burmester and Y. Desmedt, A proven secure tracing algorithm for the optimal KD traitor tracing scheme, DIMACS Workshop on Management of Digital Intellectual Properties April 17--18, 2000.
[21]
Kaoru Kurosawa, Takuya Yoshida, Linear Code Implies Public-Key Traitor Tracing. Public Key Cryptography, 5th International Workshop on Practice and Theory in Public Key Cryptosystems, PKC 2002, Paris, France, February 12--14, 2002, Proceedings. Lecture Notes in Computer Science 2274, pp.172--187.
[22]
F. J. MacWilliams and N. Sloane, The Theory of Error Correcting Codes. North Holland, Amsterdam, 1977.
[23]
Robert J. McEliece, On the Average List Size for the Guruswami-Sudan Decoder, 7th International Symposium on Communications Theory and Applications 2003.
[24]
Dalit Naor, Moni Naor and Jeffrey B. Lotspiech Revocation and Tracing Schemes for Stateless Receivers, Advances in Cryptology - CRYPTO 2001, 21st Annual International Cryptology Conference, Santa Barbara, California, USA, August 19--23, 2001, Proceedings. Lecture Notes in Computer Science 2139 Springer 2001, pp. 41--62.
[25]
Moni Naor and Benny Pinkas, Efficient Trace and Revoke Schemes, Financial Cryptography, 4th International Conference, FC 2000 Anguilla, British West Indies, February 20--24, 2000, Proceedings. Lecture Notes in Computer Science 1962 Springer 2001, pp. 1--20.
[26]
Reinaneh Safavi-Naini and Vu Dong To,Linear Code Implies Public-Key Traitor Tracingwith Revocation. Information Security and Privacy: 9th Australasian Conference, ACISP 2004, Sydney, Australia, July 13--15, 2004. Proceedings. Lecture Notes in Computer Science 3108 Springer 2004, pp.24--35.
[27]
Alice Silverberg, Jessica Staddon, Judy L. Walker, Efficient Traitor Tracing Algorithms Using List Decoding. ASIACRYPT 2001:175--192.
[28]
Douglas Stinson and Ruizhong Wei, Key preassigned traceability schemes for broadcast encryption, In the Proceedings of SAC'98, Lecture Notes in Computer Science 1556, Springer Verlag, pp. 144--856, 1998.
[29]
Douglas R. Stinson and Ruizhong Wei, Combinatorial Properties and Constructions of Traceability Schemes and Frameproof Codes, SIAM J. on Discrete Math, Vol. 11, no. 1, 1998, pp. 41--53.
[30]
Dongvu Tonien, Reihaneh Safavi-Naini: An Efficient Single-Key Pirates Tracing Scheme Using Cover-Free Families. Applied Cryptography and Network Security, 4th International Conference, ACNS 2006, Singapore, June 6--9, 2006, Proceedings. Lecture Notes in Computer Science 3989, pp. 82--97.
Index Terms
- Public-key traitor tracing from efficient decoding and unbounded enrollment: extended abstract
Recommendations
New traitor tracing schemes using bilinear map
DRM '03: Proceedings of the 3rd ACM workshop on Digital rights managementMitsunari et al [15] presented a new traitor tracing scheme which uses Weil pairing in elliptic curves. To the best of our knowledge this is the first scheme that uses bilinear map. The claimed advantage of the scheme is that the ciphertext size is ...
Multiparty Key Exchange, Efficient Traitor Tracing, and More from Indistinguishability Obfuscation
In this work, we show how to use indistinguishability obfuscation to build multiparty key exchange, efficient broadcast encryption, and efficient traitor tracing. Our schemes enjoy several interesting properties that have not been achievable before:Our ...
Further analysis of pairing-based traitor tracing schemes for broadcast encryption
Pairing-based public key systems have recently received much attention because bilinear property contributes to the designs of many cryptographic schemes. In 2002, Mitsunari et al. proposed the first pairing-based traitor tracing scheme with constant-...
Comments
Information & Contributors
Information
Published In
October 2008
102 pages
Copyright © 2008 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 27 October 2008
Check for updates
Author Tags
Qualifiers
- Research-article
Conference
CCS08: 15th ACM Conference on Computer and Communications Security 2008
October 27, 2008
Virginia, Alexandria, USA
Upcoming Conference
CCS '24
- Sponsor:
- sigsac
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 247Total Downloads
- Downloads (Last 12 months)2
- Downloads (Last 6 weeks)0
Reflects downloads up to 03 Oct 2024
Other Metrics
Citations
View Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in