87 research outputs found
Optimal symmetric Tardos traitor tracing schemes
For the Tardos traitor tracing scheme, we show that by combining the
symbol-symmetric accusation function of Skoric et al. with the improved
analysis of Blayer and Tassa we get further improvements. Our construction
gives codes that are up to 4 times shorter than Blayer and Tassa's, and up to 2
times shorter than the codes from Skoric et al. Asymptotically, we achieve the
theoretical optimal codelength for Tardos' distribution function and the
symmetric score function. For large coalitions, our codelengths are
asymptotically about 4.93% of Tardos' original codelengths, which also improves
upon results from Nuida et al.Comment: 16 pages, 1 figur
Optimal sequential fingerprinting: Wald vs. Tardos
We study sequential collusion-resistant fingerprinting, where the
fingerprinting code is generated in advance but accusations may be made between
rounds, and show that in this setting both the dynamic Tardos scheme and
schemes building upon Wald's sequential probability ratio test (SPRT) are
asymptotically optimal. We further compare these two approaches to sequential
fingerprinting, highlighting differences between the two schemes. Based on
these differences, we argue that Wald's scheme should in general be preferred
over the dynamic Tardos scheme, even though both schemes have their merits. As
a side result, we derive an optimal sequential group testing method for the
classical model, which can easily be generalized to different group testing
models.Comment: 12 pages, 10 figure
Gossip Codes for Fingerprinting: Construction, Erasure Analysis and Pirate Tracing
This work presents two new construction techniques for q-ary Gossip codes
from tdesigns and Traceability schemes. These Gossip codes achieve the shortest
code length specified in terms of code parameters and can withstand erasures in
digital fingerprinting applications. This work presents the construction of
embedded Gossip codes for extending an existing Gossip code into a bigger code.
It discusses the construction of concatenated codes and realisation of erasure
model through concatenated codes.Comment: 28 page
Remarks on the Cryptographic Primitive of Attribute-based Encryption
Attribute-based encryption (ABE) which allows users to encrypt and decrypt
messages based on user attributes is a type of one-to-many encryption. Unlike
the conventional one-to-one encryption which has no intention to exclude any
partners of the intended receiver from obtaining the plaintext, an ABE system
tries to exclude some unintended recipients from obtaining the plaintext
whether they are partners of some intended recipients. We remark that this
requirement for ABE is very hard to meet. An ABE system cannot truly exclude
some unintended recipients from decryption because some users can exchange
their decryption keys in order to maximize their own interests. The flaw
discounts the importance of the cryptographic primitive.Comment: 9 pages, 4 figure
Building Efficient Fully Collusion-Resilient Traitor Tracing and Revocation Schemes
In [BSW06,BW06] Boneh et al. presented the first fully collusion-resistant traitor tracing and trace & revoke schemes. These schemes are based on composite order bilinear groups and their security depends on the hardness of the subgroup decision assumption. In this paper we present new, efficient trace & revoke schemes which are based on prime order bilinear groups, and whose security depend on the hardness of the Decisional Linear Assumption or the External Diffie-Hellman (XDH) assumption. This allows our schemes to be flexible and thus much more efficient than existing schemes in terms a variety of parameters including ciphertext size, encryption time, and decryption time. For example, if encryption time was the major parameter of concern, then for the same level of practical security as [BSW06] our scheme encrypts 6 times faster. Decryption is 10 times faster. The ciphertext size in our scheme is 50% less when compared to [BSW06].
We provide the first implementations of efficient fully collusion-resilient traitor tracing and trace & revoke schemes. The ideas used in this paper can be used to make other cryptographic schemes based on composite order bilinear groups efficient as well
A survey on Traitor Tracing Schemes
When intellectual properties are distributed over a broadcast network, the content is usually encrypted in a way such that only authorized users who have a certain set of keys, can decrypt the content. Some authorized users may be willing to disclose their keys in constructing a pirate decoder which allows illegitimate users to access the content. It is desirable to determine the source of the keys in a pirate decoder, once one is captured. Traitor tracing schemes were introduced to help solve this problem. A traitor tracing scheme usually consists of: a scheme to generate and distribute each user's personal key, a cryptosystem used to protect session keys that are used to encrypt/decrypt the actual content, and a tracing algorithm to determine one source of the keys in a pirate decoder. In this thesis, we survey the traitor tracing schemes that have been suggested. We group the schemes into two groups: symmetric in which the session key is encrypted and decrypted using the same key and asymmetric schemes in which the session key is encrypted and decrypted using different keys. We also explore the possibility of a truly public scheme in which the data supplier knows the encryption keys only. A uniform analysisis presented on the efficiency of these schemes using a set of performance parameters
Fully Collusion Resistant Traitor Tracing
We construct the first fully collusion resistant tracing traitors
system with sublinear size ciphertexts and constant size private keys.
More precisely, let be the total number of users. Our system
generates ciphertexts of size and private keys of size
. We build our system by first building a simpler primitive
called private linear broadcast encryption (PLBE). We then show
that any PLBE gives a tracing traitors system with the same
parameters. Our system uses bilinear maps in groups of composite
order
Generic Construction of Trace and Revoke Schemes
Broadcast encryption (BE) is a cryptographic primitive that allows a broadcaster to encrypt digital content to a privileged set of users and in this way prevent revoked users from accessing the content. In BE schemes, a group of users, called traitor s may leak their keys and enable an adversary to receive the content. Such malicious users can be detected through traitor tracing (TT) schemes. The ultimate goal in a content distribution system would be combining traitor tracing and broadcast encryption (resulting in a trace and revoke system) so that any receiver key found to be compromised in a tracing process would be revoked from future transmissions.
In this paper, we propose a generic method to transform a broadcast encryption scheme into a trace and revoke scheme. This transformation involves the utilization of a fingerprinting code over the underlying BE transmission. While fingerprinting codes have been used for constructing traitor tracing schemes in the past, their usage has various shortcomings such as the increase of the public key size with a linear factor in the length of the code. Instead, we propose a novel way to apply fingerprinting codes that allows for efficient parameters while retaining the traceability property. Our approach is based on a new property of fingerprinting codes we introduce, called public samplability.
We have instantiated our generic transformation with the BE schemes of [4, 13, 20] something that enables us to produce trace and revoke schemes with novel properties. Specifically, we show (i) a trace and revoke scheme with constant private key size and short ciphertext size, (ii) the first ID-based trace and revoke scheme, (iii) the first publicly traceable scheme with constant private key size and (iv) the first trace and revoke scheme against pirate rebroadcasting attack in the public key setting
- …