Abstract:In order to protect copyrighted material, codes may be embedded in the content or codes may be associated with the keys used to recover the content. Codes can o er protection by providing some form of traceability for pirated data. Several researchers have studied di erent notions of traceability and related concepts in recent years. \Strong" versions of traceability allow at least one member of a coalition that constructs a \pirate decoder" to be traced. Weaker versions of this concept ensure that no coalitio… Show more
“…Our construction makes use of ω-traceable codes [22], in the same vein as the collusion-secure codes proposed by Boneh and Shaw [7] as a method of digital ngerprinting while preventing a collusion of a speci ed size ω from framing a user not in the coalition, but furthermore allowing the traceability of a traitor from a word generated by the coalition. We consider a code C of length on an alphabet T , with #T = t (i.e.…”
Abstract. The notion of key privacy for asymmetric encryption schemes was formally de ned by Bellare, Boldyreva, Desai and Pointcheval in 2001: it states that an eavesdropper in possession of a ciphertext is not able to tell which speci c key, out of a set of known public keys, is the one under which the ciphertext was created. Since anonymity can be misused by dishonest users, some situations could require a tracing authority capable of revoking key privacy when illegal behavior is detected. Prior works on traceable anonymous encryption miss a critical point: an encryption scheme may produce a covert channel which malicious users can use to communicate illegally using ciphertexts that trace back to nobody or, even worse, to some honest user. In this paper, we examine subliminal channels in the context of traceable anonymous encryption and we introduce a new primitive termed mediated traceable anonymous encryption that provides con dentiality and anonymity while preventing malicious users to embed subliminal messages in ciphertexts. In our model, all ciphertexts pass through a mediator (or possibly several successive mediators) and our goal is to design protocols where the absence of covert channels is guaranteed as long as the mediator is honest, while semantic security and key privacy hold even if the mediator is dishonest. We give security de nitions for this new primitive and constructions meeting the formalized requirements. Our generic construction is fairly e cient, with ciphertexts that have logarithmic size in the number of group members, while preventing collusions. The security analysis requires classical complexity assumptions in the standard model.
“…Our construction makes use of ω-traceable codes [22], in the same vein as the collusion-secure codes proposed by Boneh and Shaw [7] as a method of digital ngerprinting while preventing a collusion of a speci ed size ω from framing a user not in the coalition, but furthermore allowing the traceability of a traitor from a word generated by the coalition. We consider a code C of length on an alphabet T , with #T = t (i.e.…”
Abstract. The notion of key privacy for asymmetric encryption schemes was formally de ned by Bellare, Boldyreva, Desai and Pointcheval in 2001: it states that an eavesdropper in possession of a ciphertext is not able to tell which speci c key, out of a set of known public keys, is the one under which the ciphertext was created. Since anonymity can be misused by dishonest users, some situations could require a tracing authority capable of revoking key privacy when illegal behavior is detected. Prior works on traceable anonymous encryption miss a critical point: an encryption scheme may produce a covert channel which malicious users can use to communicate illegally using ciphertexts that trace back to nobody or, even worse, to some honest user. In this paper, we examine subliminal channels in the context of traceable anonymous encryption and we introduce a new primitive termed mediated traceable anonymous encryption that provides con dentiality and anonymity while preventing malicious users to embed subliminal messages in ciphertexts. In our model, all ciphertexts pass through a mediator (or possibly several successive mediators) and our goal is to design protocols where the absence of covert channels is guaranteed as long as the mediator is honest, while semantic security and key privacy hold even if the mediator is dishonest. We give security de nitions for this new primitive and constructions meeting the formalized requirements. Our generic construction is fairly e cient, with ciphertexts that have logarithmic size in the number of group members, while preventing collusions. The security analysis requires classical complexity assumptions in the standard model.
“…Stinson et al [37] discusses relations between these structures. We choose the language of cover-free families since they have found multiple applications in cryptography (see [20,26,36] for examples).…”
Section: Nonadaptive Group Testing With Cover-free Familiesmentioning
We observe that finding invalid signatures in batches of signatures that fail batch verification is an instance of the classical group testing problem. We present and compare new sequential and parallel algorithms for finding invalid signatures based on group testing algorithms. Of the five new algorithms, three show improved performance for many parameter choices, and the performance gains are especially notable when multiple processors are available.
“…Traitor tracing systems generally fall into two categories: combinatorial, as in [9,23,30,31,13,14,10,27,2,29,28,22], and algebraic, as in [20,3,24,19,11,21,33,8]. The broadcaster's key BK in combinatorial systems can be either secret or public.…”
Section: Introductionmentioning
confidence: 99%
“…Combinatorial systems such as [9,23,30,31,13,14,10,27,2,29,28,22] are typically designed for the secret BK settings, but can be made public-key by replacing the underlying ciphers by public key systems.…”
We construct a fully collusion resistant tracing traitors system with sublinear size ciphertexts and constant size private keys. More precisely, let N be the total number of users. Our system generates ciphertexts of size O( √ N ) and private keys of size O(1). We first introduce a simpler primitive we call private linear broadcast encryption (PLBE) and show that any PLBE gives a tracing traitors system with the same parameters. We then show how to build a PLBE system with O( √ N ) size ciphertexts. Our system uses bilinear maps in groups of composite order.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.