Generic Construction of Trace and Revoke Schemes

Broadcast encryption (BE) is a cryptographic primitive that allows a broadcaster to encrypt digital content to a privileged set of users and in this way prevent revoked users from accessing the content. In BE schemes, a group of users, called traitors may leak their keys and enable an adversary to receive the content. Such malicious users can be detected through traitor tracing (TT) schemes. The ultimate goal in a content distribution system would be combining traitor tracing and broadcast encryption (resulting in a trace and revoke system) so that any receiver key found to be compromised in a tracing process would be revoked from future transmissions. In this paper, we propose a generic method to transform a broadcast encryption scheme into a trace and revoke scheme. This transformation involves the utilization of a fingerprinting code over the underlying BE transmission. While fingerprinting codes have been used for constructing traitor tracing schemes in the past, their usage has various shortcomings such as the increase of the public key size with a linear factor in the length of the code. Instead, we propose a novel way to apply fingerprinting codes that allows for efficient parameters while retaining the traceability property. Our approach is based on a new property of fingerprinting codes we introduce, called public samplability. We have instantiated our generic transformation with the BE schemes of [4, 13, 20] something that enables us to produce trace and revoke schemes with novel properties. Specifically, we show (i) a trace and revoke scheme with constant private key size and short ciphertext size, (ii) the first ID-based trace and revoke scheme, (iii) the first publicly traceable scheme with constant private key size and (iv) the first trace and revoke scheme against pirate rebroadcasting attack in the public key setting.

[1]  Duong Hieu Phan,et al.  Identity-Based Trace and Revoke Schemes , 2011, ProvSec.

[2]  Hongxia Jin,et al.  Renewable Traitor Tracing: A Trace-Revoke-Trace System For Anonymous Attack , 2007, ESORICS.

[3]  Aggelos Kiayias,et al.  Robust fingerprinting codes: a near optimal construction , 2010, DRM '10.

[4]  Brent Waters,et al.  A fully collusion resistant broadcast, trace, and revoke system , 2006, CCS '06.

[5]  Brent Waters,et al.  Adaptive Security in Broadcast Encryption Systems (with Short Ciphertexts) , 2009, EUROCRYPT.

[6]  Serdar Pehlivanoglu,et al.  Pirate Evolution: How to Make the Most of Your Traitor Keys , 2007, CRYPTO.

[7]  Jun Furukawa,et al.  Identity-Based Broadcast Encryption , 2007, IACR Cryptol. ePrint Arch..

[8]  Alexander W. Dent Adapting the Weaknesses of the Random Oracle Model to the Generic Group Model , 2002, ASIACRYPT.

[9]  Cécile Delerablée,et al.  Identity-Based Broadcast Encryption with Constant Size Ciphertexts and Private Keys , 2007, ASIACRYPT.

[10]  Brent Waters,et al.  Fully Collusion Resistant Traitor Tracing with Short Ciphertexts and Private Keys , 2006, EUROCRYPT.

[11]  Amos Fiat,et al.  Dynamic Traitor Tracing , 2001, Journal of Cryptology.

[12]  Gábor Tardos,et al.  Optimal probabilistic fingerprint codes , 2003, STOC '03.

[13]  MoonShik Lee,et al.  Breaking Two k-Resilient Traitor Tracing Schemes with Sublinear Ciphertext Size , 2009, ACNS.

[14]  Yevgeniy Dodis,et al.  Public Key Trace and Revoke Scheme Secure against Adaptive Chosen Ciphertext Attack , 2003, Public Key Cryptography.

[15]  Serdar Pehlivanoglu,et al.  On the security of a public-key traitor tracing scheme with sublinear ciphertext size , 2009, DRM '09.

[16]  Adi Shamir,et al.  The LSD Broadcast Encryption Scheme , 2002, CRYPTO.

[17]  Moni Naor,et al.  Revocation and Tracing Schemes for Stateless Receivers , 2001, CRYPTO.

[18]  Dan Collusion-Secure Fingerprinting for Digital Data , 2002 .

[19]  Hideki Imai,et al.  A Public-Key Black-Box Traitor Tracing Scheme with Sublinear Ciphertext Size Against Self-Defensive Pirates , 2004, ASIACRYPT.

[20]  Michael T. Goodrich,et al.  Efficient Tree-Based Revocation in Groups of Low-State Devices , 2004, CRYPTO.

[21]  Eugenio Barahona Marciel,et al.  AACS(Advanced Access Content System) , 2005 .

[22]  Amos Fiat,et al.  Broadcast Encryption , 1993, CRYPTO.

[23]  Aggelos Kiayias,et al.  On Crafty Pirates and Foxy Tracers , 2001, Digital Rights Management Workshop.

[24]  David Pointcheval,et al.  Public Traceability in Traitor Tracing Schemes , 2005, EUROCRYPT.

[25]  Duong Hieu Phan,et al.  Traitor Tracing with Optimal Transmission Rate , 2007, ISC.

[26]  Amos Fiat,et al.  Tracing traitors , 2000, IEEE Trans. Inf. Theory.

[27]  Moni Naor,et al.  Traitor tracing with constant size ciphertext , 2008, CCS.

[28]  Ronald Cramer,et al.  Universal Hash Proofs and a Paradigm for Adaptive Chosen Ciphertext Secure Public-Key Encryption , 2001, EUROCRYPT.

[29]  Duong Hieu Phan,et al.  Identity-Based Traitor Tracing , 2007, Public Key Cryptography.

[30]  Serdar Pehlivanoglu,et al.  Tracing and Revoking Pirate Rebroadcasts , 2009, ACNS.

[31]  Dongvu Tonien,et al.  Generic Construction of Hybrid Public Key Traitor Tracing with Full-Public-Traceability , 2006, ICALP.

[32]  Yvo Desmedt,et al.  Optimum Traitor Tracing and Asymmetric Schemes , 1998, EUROCRYPT.

[33]  Matthew K. Franklin,et al.  An Efficient Public Key Traitor Tracing Scheme , 1999, CRYPTO.

[34]  Reihaneh Safavi-Naini,et al.  Sequential Traitor Tracing , 2000, CRYPTO.

[35]  Nuttapong Attrapadung,et al.  Fully Collusion Resistant Black-Box Traitor Revocable Broadcast Encryption with Short Private Keys , 2007, ICALP.

[36]  Serdar Pehlivanoglu,et al.  Improving the Round Complexity of Traitor Tracing Schemes , 2010, ACNS.

[37]  Brent Waters,et al.  Collusion Resistant Broadcast Encryption with Short Ciphertexts and Private Keys , 2005, CRYPTO.

[38]  Moni Naor,et al.  Efficient trace and revoke schemes , 2000, International Journal of Information Security.