Mitsunari et al [15] presented a new traitor tracing scheme which uses Weil pairing in elliptic curves. To the best of our knowledge this is the first scheme that uses bilinear map. The claimed advantage of the scheme is that the ciphertext size is independent of the number of traitors. It is shown that the problem of constructing a pirate key by k colluders is as hard as the so-called "k-weak Diffie-Hellman problem".In this paper, we show an attack on this scheme in which traitors find a linear combination of their keys to construct a pirate key that can be used to decrypt the ciphertext. We identify a class of schemes, that includes MSK, with the property that correct tracing requires the ciphertext size to depend on the collusion threshold. We derive a lower bound on the size of the ciphertext that depends on the number of colluders.We propose a modification to MSK scheme, Scheme 1, which not only ensures constructing a pirate decoder is hard, but also has a number of significant advantages over the initial proposal. In particular, it is a public key traitor tracing scheme while the original scheme is a secret key traitor tracing scheme; it has a black box tracing algorithm while MSK scheme only has an open box tracing algorithm, and finally its security is provable (semantic secure against passive adversary) while there was no security proof for MSK.We also propose two other schemes based on bilinear pairing. Scheme~2, is a generic scheme and can be used with any linear error correcting code. Scheme~3 uses Shamir's secret sharing scheme and has the added property that the encrypted message can be targeted to a subset of users. This is by including user revocation property and allowing selected users to be revoked from the original set of users. We also give proof of security, similar to Scheme 1, and also a tracing algorithm for the two schemes. Finally we give an efficiency comparison for the three schemes against the most efficient schemes with similar security and traceability properties and show that all three schemes are the most efficient ones of their kind.
[1]
Craig Gentry,et al.
Hierarchical ID-Based Cryptography
,
2002,
ASIACRYPT.
[2]
M. Kasahara,et al.
A New Traitor Tracing
,
2002,
IEICE Trans. Fundam. Electron. Commun. Comput. Sci..
[3]
Aggelos Kiayias,et al.
Scalable public-key tracing and revoking
,
2003,
PODC.
[4]
Aggelos Kiayias,et al.
On Crafty Pirates and Foxy Tracers
,
2001,
Digital Rights Management Workshop.
[5]
Aggelos Kiayias,et al.
Traitor Tracing with Constant Transmission Rate
,
2002,
EUROCRYPT.
[6]
Yvo Desmedt,et al.
Optimum Traitor Tracing and Asymmetric Schemes
,
1998,
EUROCRYPT.
[7]
Wen-Guey Tzeng,et al.
A Public-Key Traitor Tracing Scheme with Revocation Using Dynamic Shares
,
2001,
Des. Codes Cryptogr..
[8]
Dan.
Collusion-Secure Fingerprinting for Digital Data
,
2002
.
[9]
Matthew K. Franklin,et al.
Identity-Based Encryption from the Weil Pairing
,
2001,
CRYPTO.
[10]
Hovav Shacham,et al.
Short Signatures from the Weil Pairing
,
2001,
J. Cryptol..
[11]
Antoine Joux,et al.
A One Round Protocol for Tripartite Diffie–Hellman
,
2000,
Journal of Cryptology.
[12]
Amos Fiat,et al.
Tracing Traitors
,
1994,
CRYPTO.
[13]
Douglas R. Stinson,et al.
Key Preassigned Traceability Schemes for Broadcast Encryption
,
1998,
Selected Areas in Cryptography.
[14]
Aggelos Kiayias,et al.
Self Protecting Pirates and Black-Box Traitor Tracing
,
2001,
CRYPTO.
[15]
Yevgeniy Dodis,et al.
Public Key Trace and Revoke Scheme Secure against Adaptive Chosen Ciphertext Attack
,
2003,
Public Key Cryptography.
[16]
Eric R. Verheul,et al.
Self-Blindable Credential Certificates from the Weil Pairing
,
2001,
ASIACRYPT.
[17]
Kaoru Kurosawa,et al.
Linear Code Implies Public-Key Traitor Tracing
,
2002,
Public Key Cryptography.
[18]
Matthew K. Franklin,et al.
An Efficient Public Key Traitor Tracing Scheme
,
1999,
CRYPTO.