Traitor tracing is a method for providing personal decryption keys for users, such that (1) there is a single encryption key corresponding to all the decryption keys, and (2) any (illegitimate) decryption key, even one that was generated by a coalition of corrupt users (traitors), identifies personal keys that were used to generate it. The concept of traitor tracing was introduced by Chor et al. .
Tracing the source of illegitimate keys is important if these keys enable access to sensitive data. The data can be encrypted to keep its confidentiality but at some point it must be revealed in the clear to the parties using it, who must therefore have corresponding decryption keys. In some scenarios corrupt parties (the traitors), who have legitimate access to decryption keys, wish to further distribute the decrypted data to other users. In many cases it is ineffective for the traitors to leak the decrypted data, since the economics of scale make it much more expensive for...
- Boneh, D. and M. Franklin (1999). “An efficient public key traitor tracing scheme.” Advances in Cryptology—CRYPTO'99, Lecture Notes in Computer Science, vol. 1666, ed. J. Wiener. Springer-Verlag, Berlin, 338–353.Google Scholar
- Chor, B., A. Fiat, and M. Naor (1994). “Tracing traitors.” Advances in Cryptology—CRYPTO'94, Lecture Notes in Computer Science, vol. 839, ed. Y.G. Desmedt. Springer-Verlag, Berlin, 480–491.Google Scholar
- Naor, M. and B. Pinkas (1998). “Threshold traitor tracing.” Advances in Cryptology—CRYPTO'98, Lecture Notes in Computer Science, vol. 1462, ed. H. Krawczyk. Springer-Verlag, Berlin, 502–517.Google Scholar
- Naor, M. and B. Pinkas (2001). “Efficient trace and revoke schemes.” Proceedings of Financial CRYPTO 2000, Lecture Notes in Computer Science, vol. 1962, ed. Y. Frankel. Springer-Verlag, Berlin.Google Scholar