Generic Construction of Hybrid Public Key Traitor Tracing with Full-Public-Traceability
In Eurocrypt 2005, Chabanne, Phan and Pointcheval introduced an interesting property for traitor tracing schemes called public traceability, which makes tracing a black-box public operation. However, their proposed scheme only worked for two users and an open question proposed by authors was to provide this property for multi-user systems.
In this paper, we give a comprehensive solution to this problem by giving a generic construction for a hybrid traitor tracing scheme that provides full-public-traceability. We follow the Tag KEM/DEM paradigm of hybrid encryption systems and extend it to multi-receiver scenario. We define Tag-Broadcast KEM/DEM and construct a secure Tag-BroadcastKEM from a CCA secure PKE and target-collision resistant hash function. We will then use this Tag-Broadcast KEM together with a semantically secure DEM to give a generic construction for Hybrid Public Key Broadcast Encryption. The scheme has a black box tracing algorithm that always correctly identifies a traitor. The hybrid structure makes the system very efficient, both in terms of computation and communication cost. Finally we show a method of reducing the communication cost by using codes with identifiable parent property.
KeywordsHash Function Generic Construction Broadcast Encryption Decryption Oracle Decryption Query
Unable to display preview. Download preview PDF.
- [BS98]Boneh, D., Shaw, J.: Collusion secure fingerprinting for digital data, IEEE Transactions on Information Theory, vol. 44, pp. 1897–1905 (1998)Google Scholar
- [CFN94]Chor, B., Fiat, A., Naor, M.: Tracing traitor. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 257–270. Springer, Heidelberg (1994)Google Scholar
- [PST06]Phan, D.H., Safavi-Naini, R., Tonien, D.: Generic construction of hybrid public key traitor tracing with full-public-traceability. Full version available from http://www.di.ens.fr/users/phan/