Improving the Boneh-Franklin Traitor Tracing Scheme

  • Pascal Junod
  • Alexandre Karlov
  • Arjen K. Lenstra
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5443)

Abstract

Traitor tracing schemes are cryptographically secure broadcast methods that allow identification of conspirators: if a pirate key is generated by k traitors out of a static set of ℓ legitimate users, then all traitors can be identified given the pirate key. In this paper we address three practicality and security issues of the Boneh-Franklin traitor-tracing scheme. In the first place, without changing the original scheme, we modify its tracing procedure in the non-black-box model such that it allows identification of k traitors in time \(\tilde{O}(k^2)\), as opposed to the original tracing complexity \(\tilde{O}(\ell)\). This new tracing procedure works independently of the nature of the Reed-Solomon code used to watermark private keys. As a consequence, in applications with billions of users it takes just a few minutes on a common desktop computer to identify large collusions. Secondly, we exhibit the lack of practical value of list-decoding algorithms to identify more than k traitors. Finally, we show that 2k traitors can derive the keys of all legitimate users and we propose a fix to this security issue.

Keywords

Boneh-Franklin traitor tracing Reed-Solomon codes Berlekamp-Massey algorithm Guruswami-Sudan algorithm 

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Pascal Junod
    • 1
    • 2
  • Alexandre Karlov
    • 1
    • 3
  • Arjen K. Lenstra
    • 3
    • 4
  1. 1.Nagravision SACheseaux-sur-LausanneSwitzerland
  2. 2.University of Applied Sciences Western SwitzerlandYverdon-les-BainsSwitzerland
  3. 3.EPFL IC LACALLausanneSwitzerland
  4. 4.Alcatel-Lucent Bell LaboratoriesUSA

Personalised recommendations