A Traceable Block Cipher

In this paper we propose a new symmetric block cipher with the following paradoxical traceability properties: it is computationally easy to derive many equivalent secret keys providing distinct descriptions of the same instance of the block cipher. But it is computationally difficult, given one or even up to k equivalent keys, to recover the so called meta-key from which they were derived, or to find any additional equivalent key, or more generally to forge any new untraceable description of the same instance of the block cipher. Therefore, if each legitimate user of a digital content distribution system based on encrypted information broadcast (e.g. scrambled pay TV, distribution over the Internet of multimedia content, etc.) is provided with one of the equivalent keys, he can use this personal key to decrypt the content. But it is conjectured infeasible for coalitions of up to k traitors to mix their legitimate personal keys into untraceable keys they might redistribute anonymously to pirate decoders. Thus, the proposed block cipher inherently provides an efficient traitor tracing scheme [4]. The new algorithm can be described as an iterative block cipher belonging to the class of multivariate schemes. It has advantages in terms of performance over existing traitor tracing schemes and furthermore, it allows to restrict overheads to one single block (i.e. typically 80 to 160 bits) per encrypted content payload. Its strength relies upon the difficulty of the “Isomorphism of Polynomials” problem [17], which has been extensively investigated over the past years. An initial security analysis is supplied.

[1]  Adi Shamir,et al.  Cryptanalysis of the HFE Public Key Cryptosystem by Relinearization , 1999, CRYPTO.

[2]  Willi Meier,et al.  Solving Underdefined Systems of Multivariate Quadratic Equations , 2002, Public Key Cryptography.

[3]  Eli Biham,et al.  In How Many Ways Can You Write Rijndael? , 2002, ASIACRYPT.

[4]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[5]  Magnus Daum,et al.  On the Security of HFE, HFEv- and Quartz , 2003, Public Key Cryptography.

[6]  Douglas R. Stinson,et al.  Combinatorial Properties and Constructions of Traceability Schemes and Frameproof Codes , 1998, SIAM J. Discret. Math..

[7]  Antoine Joux,et al.  Algebraic Cryptanalysis of Hidden Field Equation (HFE) Cryptosystems Using Gröbner Bases , 2003, CRYPTO.

[8]  Kazuo Ohta,et al.  Advances in Cryptology — ASIACRYPT’98 , 2002, Lecture Notes in Computer Science.

[9]  Louis Goubin,et al.  Improved Algorithms for Isomorphisms of Polynomials , 1998, EUROCRYPT.

[10]  Hideki Imai,et al.  Public Quadratic Polynominal-Tuples for Efficient Signature-Verification and Message-Encryption , 1988, EUROCRYPT.

[11]  Jacques Patarin,et al.  Cryptanalysis of the Matsumoto and Imai Public Key Scheme of Eurocrypt'88 , 1995, CRYPTO.

[12]  Alex Biryukov,et al.  A Toolbox for Cryptanalysis: Linear and Affine Equivalence Algorithms , 2003, EUROCRYPT.

[13]  Louis Goubin,et al.  C*-+ and HM: Variations Around Two Schemes of T. Matsumoto and H. Imai , 1998, ASIACRYPT.

[14]  Paul C. van Oorschot,et al.  White-Box Cryptography and an AES Implementation , 2002, Selected Areas in Cryptography.

[15]  P. Kocher,et al.  Differential power analysis, advances in cryptology-CRYPTO'99 , 1999 .

[16]  Matthew K. Franklin,et al.  An Efficient Public Key Traitor Tracing Scheme , 1999, CRYPTO.

[17]  Jacques Patarin,et al.  Hidden Fields Equations (HFE) and Isomorphisms of Polynomials (IP): Two New Families of Asymmetric Algorithms , 1996, EUROCRYPT.

[18]  Amos Fiat,et al.  Tracing traitors , 2000, IEEE Trans. Inf. Theory.

[19]  Moni Naor,et al.  Threshold Traitor Tracing , 1998, CRYPTO.

[20]  Adi Shamir,et al.  Efficient Algorithms for Solving Overdefined Systems of Multivariate Polynomial Equations , 2000, EUROCRYPT.