An Efficient Public Key Traitor Tracing Scheme
We construct a public key encryption scheme in which there is one public encryption key, but many private decryption keys. If some digital content (e.g., a music clip) is encrypted using the public key and distributed through a broadcast channel, then each legitimate user can decrypt using its own private key. Furthermore, if a coalition of users collude to create a new decryption key then there is an efficient algorithm to trace the new key to its creators. Hence, our system provides a simple and efficient solution to the “traitor tracing problem”. Our tracing algorithm is deterministic, and catches all active traitors while never accusing innocent users, although it is only partially “black box”. A minor modification to the scheme enables it to resist an adaptive chosen ciphertext attack. Our techniques apply error correcting codes to the discrete log representation problem.