Public Traceability in Traitor Tracing Schemes

  • Hervé Chabanne
  • Duong Hieu Phan
  • David Pointcheval
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3494)


Traitor tracing schemes are of major importance for secure distribution of digital content. They indeed aim at protecting content providers from colluding users to build pirate decoders. If such a collusion happens, at least one member of the latter collusion will be detected. Several solutions have already been proposed in the literature, but the most important problem to solve remains having a very good ciphertext/plaintext rate. At Eurocrypt ’02, Kiayias and Yung proposed the first scheme with such a constant rate, but still not optimal. In this paper, granted bilinear maps, we manage to improve it, and get an “almost” optimal scheme, since this rate is asymptotically 1. Furthermore, we introduce a new feature, the “public traceability”, which means that the center can delegate the tracing capability to any “untrusted” person. This is not the first use of bilinear maps for traitor tracing applications, but among the previous proposals, only one has remained unbroken: we present an attack by producing an anonymous pirate decoder. We furthermore explain the flaw in their security analysis. For our scheme, we provide a complete proof, based on new computational assumptions, related to the bilinear Diffie-Hellman ones, in the standard model.


  1. 1.
    Boneh, D., Boyen, X.: Short signatures without random oracles. In: Franklin, M. (ed.) CRYPTO 2004. LNCS, vol. 3152, pp. 56–73. Springer, Heidelberg (2004)Google Scholar
  2. 2.
    Boneh, D., Franklin, M.: An efficient public key traitor tracing scheme. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 338–353. Springer, Heidelberg (1999)Google Scholar
  3. 3.
    Boneh, D., Franklin, M.: Identity-based Encryption from the Weil Pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  4. 4.
    Boneh, D., Shaw, J.: Collusion secure fingerprinting for digital data. IEEE Transactions on Information Theory 44(5), 1897–1905 (1998)MATHCrossRefMathSciNetGoogle Scholar
  5. 5.
    Canetti, R., Dodis, Y., Halevi, S., Kushilevitz, E., Sahai, A.: Exposure-Resilient Functions and All-Or-Nothing Transforms. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 453–469. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  6. 6.
    Chabanne, H., Phan, D.H., Pointcheval, D.: Public Traceability in Traitor Tracing Schemes. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 542–558. Springer, Heidelberg (2005), CrossRefGoogle Scholar
  7. 7.
    Chor, B., Fiat, A., Naor, M.: Tracing traitors. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 257–270. Springer, Heidelberg (1994)Google Scholar
  8. 8.
    Chor, B., Fiat, A., Naor, M., Pinkas, B.: Tracing traitor. IEEE Transactions on Information Theory 46(3), 893–910 (2000)MATHCrossRefGoogle Scholar
  9. 9.
    Dodis, Y., Fazio, N.: Public key trace and revoke scheme secure against adaptive chosen ciphertext attack. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 100–115. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  10. 10.
    Gagni, E., Staddon, J., Yin, Y.L.: Efficient methods for integrating traceability and broadcast encryption. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 372–387. Springer, Heidelberg (1999)Google Scholar
  11. 11.
    Håstad, J., Impagliazzo, R., Levin, L., Luby, M.: A Pseudorandom Generator from any One-Way Function. SIAM Journal of Computing 28(4), 1364–1396 (1999)MATHCrossRefGoogle Scholar
  12. 12.
    Impagliazzo, I., Levin, L., Luby, M.: Pseudo-Random Generation from One-Way Functions. In: Proc. of the 21st STOC, pp. 12–24. ACM Press, New York (1989)Google Scholar
  13. 13.
    Joux, A.: A One-Round Protocol for Tripartite Diffie-Hellman. In: Bosma, W. (ed.) ANTS 2000. LNCS, vol. 1838, pp. 385–394. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  14. 14.
    Kiayias, A., Yung, M.: Traitor tracing with constant transmission rate. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 450–465. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  15. 15.
    Kiayias, A., Yung, M.: Breaking and repairing asymmetric public-key traitor tracing. In: Feigenbaum, J. (ed.) DRM 2002. LNCS, vol. 2696, pp. 32–50. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  16. 16.
    Mitsunari, S., Sakai, R., Kasahara, M.: A new traitor tracing scheme. IEICE Trans. Fundamentals E85-A(2) (2002)Google Scholar
  17. 17.
    Naor, M., Pinkas, B.: Efficient trace and revoke schemes. In: Frankel, Y. (ed.) FC 2000. LNCS, vol. 1962, pp. 1–20. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  18. 18.
    Rivest, R.: All-or-Nothing Encryption and the Package Transform. In: Biham, E. (ed.) FSE 1997. LNCS, vol. 1267, pp. 210–218. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  19. 19.
    To, V.D., Safavi-Naini, R.: Linear code implies public-key traitor tracing with revocation. In: Wang, H. (ed.) ACISP 2004. LNCS, vol. 3108, pp. 24–35. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  20. 20.
    To, V.D., Safavi-Naini, R., Zhang, F.: New traitor tracing schemes using bilinear map. In: Proceedings of the 2003 ACM Workshop on Digital Rights Management, pp. 67–76 (2003)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Hervé Chabanne
    • 1
  • Duong Hieu Phan
    • 2
  • David Pointcheval
    • 2
  1. 1.SAGEMEragnyFrance
  2. 2.Computer Science DepartmentCNRS/ENSParisFrance

Personalised recommendations