An Attack on A Traitor Tracing Scheme
暂无分享,去创建一个
In Crypto’99, Boneh and Franklin proposed a public key traitor tracing scheme [1], which was believed to be able to catch all traitors while not accusing any innocent users (i.e., full-tracing and errorfree). Assuming that Decision Diffie-Hellman problem is unsolvable in Gq, Boneh and Franklin proved that a decoder cannot distinguish valid ciphertexts from invalid ones that are used for tracing. However, our novel pirate decoder P3 manages to make some invalid ciphertexts distinguishable without violating their assumption, and it can also frame innocent user coalitions to fool the tracer. Neither the single-key nor arbitrary pirate tracing algorithm presented in [1] can identify all keys used by P3 as claimed. Instead, it is possible for both algorithms to catch none of the traitors. We believe that the construction of our novel pirate also demonstrates a simple way to defeat some other black-box traitor tracing schemes in general. Keyword: Security, black-box traitor tracing, copyright protection
[1] Matthew K. Franklin,et al. An Efficient Public Key Traitor Tracing Scheme , 1999, CRYPTO.
[2] Douglas R. Stinson,et al. Combinatorial Properties and Constructions of Traceability Schemes and Frameproof Codes , 1998, SIAM J. Discret. Math..
[3] Moni Naor,et al. Threshold Traitor Tracing , 1998, CRYPTO.
[4] Tatsuaki Okamoto,et al. A New Public-Key Cryptosystem as Secure as Factoring , 1998, EUROCRYPT.
[5] Amos Fiat,et al. Tracing traitors , 2000, IEEE Trans. Inf. Theory.