Generic Construction of Hybrid Public Key Traitor Tracing with Full-Public-Traceability

  • Duong Hieu Phan
  • Reihaneh Safavi-Naini
  • Dongvu Tonien
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4052)


In Eurocrypt 2005, Chabanne, Phan and Pointcheval introduced an interesting property for traitor tracing schemes called public traceability, which makes tracing a black-box public operation. However, their proposed scheme only worked for two users and an open question proposed by authors was to provide this property for multi-user systems.

In this paper, we give a comprehensive solution to this problem by giving a generic construction for a hybrid traitor tracing scheme that provides full-public-traceability. We follow the Tag KEM/DEM paradigm of hybrid encryption systems and extend it to multi-receiver scenario. We define Tag-Broadcast KEM/DEM and construct a secure Tag-BroadcastKEM from a CCA secure PKE and target-collision resistant hash function. We will then use this Tag-Broadcast KEM together with a semantically secure DEM to give a generic construction for Hybrid Public Key Broadcast Encryption. The scheme has a black box tracing algorithm that always correctly identifies a traitor. The hybrid structure makes the system very efficient, both in terms of computation and communication cost. Finally we show a method of reducing the communication cost by using codes with identifiable parent property.


Hash Function Generic Construction Broadcast Encryption Decryption Oracle Decryption Query 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [AGKS05]
    Kurosawa, K., Gennaro, R., Shoup, V., Abe, M.: Tag-KEM/DEM: A New Framework for Hybrid Encryption and A New Analysis of Kurosawa-Desmedt KEM. In: Cramer, R.J.F. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 128–146. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  2. [BS98]
    Boneh, D., Shaw, J.: Collusion secure fingerprinting for digital data, IEEE Transactions on Information Theory, vol. 44, pp. 1897–1905 (1998)Google Scholar
  3. [CDHKS00]
    Canetti, R., Dodis, Y., Halevi, S., Kushilevitz, E., Sahai, A.: Exposure-resilient functions and all-or-nothing transforms. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 453–469. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  4. [CKN03]
    Canetti, R., Krawczyk, H., Nielsen, J.B.: Relaxing chosen ciphertext security. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 565–582. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  5. [CPP05]
    Chabanne, H., Phan, D.H., Pointcheval, D.: Public traceability in traitor tracing schemes. In: Cramer, R.J.F. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 542–558. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  6. [CFN94]
    Chor, B., Fiat, A., Naor, M.: Tracing traitor. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 257–270. Springer, Heidelberg (1994)Google Scholar
  7. [CS03]
    Cramer, R., Shoup, V.: Design and analysis of practical public-key encryption schemes secure against adaptive chosen ciphertext attack. SIAM J. of Computing 33, 167–226 (2003)MATHCrossRefMathSciNetGoogle Scholar
  8. [KY02]
    Kiayias, A., Yung, M.: Traitor tracing with constant transmission rate. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 450–465. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  9. [PST06]
    Phan, D.H., Safavi-Naini, R., Tonien, D.: Generic construction of hybrid public key traitor tracing with full-public-traceability. Full version available from
  10. [Riv97]
    Rivest, R.L.: All-or-Nothing Encryption and the Package Transform. In: Biham, E. (ed.) FSE 1997. LNCS, vol. 1267, pp. 210–218. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  11. [SSW01]
    Staddon, J.N., Stinson, D.R., Wei, R.: Combinatorial properties of frameproof and traceability codes. IEEE Transactions on Information Theory 47, 1042–1049 (2001)MATHCrossRefMathSciNetGoogle Scholar
  12. [SW98]
    Stinson, D.R., Wei, R.: Combinatorial properties and constructions of traceability schemes and frameproof codes. SIAM Journal on Discrete Mathematics 11, 41–53 (1998)MATHCrossRefMathSciNetGoogle Scholar
  13. [TM05]
    Trung, T.v., Martinosyan, S.: New constructions for IPP codes. Designs, Codes and Cryptography 35, 227–239 (2005)MATHCrossRefGoogle Scholar
  14. [TS06]
    Tonien, D., Safavi-Naini, R.: Recursive constructions of secure codes and hash families using difference function families. J. of Combinatorial Theory A 113(4), 664–674 (2006)MATHCrossRefMathSciNetGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Duong Hieu Phan
    • 1
  • Reihaneh Safavi-Naini
    • 2
  • Dongvu Tonien
    • 2
  1. 1.Adastral Park Postgraduate Research CampusUniversity College LondonIpswichUnited Kingdom
  2. 2.School of Information Technology and Computer ScienceUniversity of Wollongong, AustraliaWollongongAustralia

Personalised recommendations