An Efficient Public Key Traitor Tracing Scheme

Extended Abstract
  • Dan Boneh
  • Matthew Franklin
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1666)


We construct a public key encryption scheme in which there is one public encryption key, but many private decryption keys. If some digital content (e.g., a music clip) is encrypted using the public key and distributed through a broadcast channel, then each legitimate user can decrypt using its own private key. Furthermore, if a coalition of users collude to create a new decryption key then there is an efficient algorithm to trace the new key to its creators. Hence, our system provides a simple and efficient solution to the “traitor tracing problem”. Our tracing algorithm is deterministic, and catches all active traitors while never accusing innocent users, although it is only partially “black box”. A minor modification to the scheme enables it to resist an adaptive chosen ciphertext attack. Our techniques apply error correcting codes to the discrete log representation problem.


Encryption Scheme Choose Ciphertext Attack Passive Adversary Innocent User Frameproof Code 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    M. Bellare, O. Goldreich, and S. Goldwasser, “Incremental cryptography: The case of hashing and signing”, in proc. Crypto’ 94, 216–233.Google Scholar
  2. 2.
    L. Welch and E. Berlekamp, “Error correction of algebraic block codes”, U.S. Patent No. 4,633,470, issued December 1986.Google Scholar
  3. 3.
    D. Boneh, “The decision Diffe-Hellman problem”, In proc. of the Third Algorithmic Number Theory Symposium (ANTS), LNCS, Vol. 1423, Springer-Verlag, pp. 48–63, 1998.CrossRefGoogle Scholar
  4. 4.
    B. Chor, A. Fiat and M. Naor, “Tracing traitors”, in proc. Crypto’ 94, pp. 257–270.Google Scholar
  5. 5.
    R. Cramer and V. Shoup, “A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack”, in proc. Crypto’ 98, pp. 13–25.Google Scholar
  6. 6.
    C. Dwork, J. Lotspiech and M. Naor, “Digital signets: self-enforcing protection of digital information”, in proc. of STOC’ 96, pp. 489–498, 1996.Google Scholar
  7. 7.
    V. Guruswami and M. Sudan, “Improved decoding of Reed-Solomon and algebraic-geometric codes” in proc. 39th IEEE Symposium on Foundations of Computer Science (FOCS), 1998.Google Scholar
  8. 8.
    K. Kurosawa, and Y. Desmedt, “Optimum traitor tracing and asymmetric schemes”, in proc. of Eurocrypt’ 98, pp. 145–157.Google Scholar
  9. 9.
    A. Menezes, P. van Oorschot and S. Vanstone, Handbook of Applied Cryptography, CRC Press, 1996.Google Scholar
  10. 10.
    M. Naor and B. Pinkas, “Threshold traitor tracing”, in proc. Crypto’ 98, pp. 502–517.Google Scholar
  11. 11.
    T. Okamoto, S. Uchiyama, “A new public key cryptosystem as secure as factoring”, in proc. Eurocrypt’ 98, pp. 308–318.Google Scholar
  12. 12.
    V. Pan, “Faster solution of the key equation for decoding BCH error-correcting codes” in proc. 29th ACM Symposium on Theory of Computation, pp. 168–175, 1997.Google Scholar
  13. 13.
    P. Paillier, “Public-Key Cryptosystems Based on Discrete Logarithm Residues”, in proc. Eurocrypt’ 99, pp. 223–238.Google Scholar
  14. 14.
    B. Pfitzmann, “Trials of traced traitors”, in proc. Information Hiding Workshop, 49–64, 1996.Google Scholar
  15. 15.
    B. Pfitzmann and M. Waidner, “Asymmetric fingerprinting for larger collusions”, in proc. ACM Conference on Computer and Communication Security, 151–160, 1997.Google Scholar
  16. 16.
    D. Stinson and R. Wei, “Combinatorial properties and constructions of traceability schemes and frameproof codes”, SIAM Journal on Discrete Math, 11(1), 41–53, 1998.zbMATHCrossRefMathSciNetGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1999

Authors and Affiliations

  • Dan Boneh
  • Matthew Franklin

There are no affiliations available

Personalised recommendations