Improving the boneh-franklin traitor tracing scheme

Traitor tracing schemes are cryptographically secure broadcast methods that allow identification of conspirators: if a pirate key is generated by k traitors out of a static set of l legitimate users, then all traitors can be identified given the pirate key. In this paper we address three practicality and security issues of the Boneh-Franklin traitor- tracing scheme. In the first place, without changing the original scheme, we modify its tracing procedure in the non-black-box model such that it allows identification of k traitors in time O&tilde;(k<sup>2</sup>), as opposed to the original tracing complexity O&tilde;(l). This new tracing procedure works independently of the nature of the Reed-Solomon code used to watermark private keys. As a consequence, in applications with billions of users it takes just a few minutes on a common desktop computer to identify large collusions. Secondly, we exhibit the lack of practical value of list- decoding algorithms to identify more than k traitors. Finally, we show that 2k traitors can derive the keys of all legitimate users and we propose afixtothis security issue. &copy; International Association for Cryptologic Research 2009.

Published in:
Lecture Notes in Computer Science, 5443
Presented at:
Public Key Cryptography - PKC 2009. Proceedings 12th International Conference on Practice and Theory in Public Key Cryptography, Irvine, CA, United states
Springer Verlag

 Record created 2010-06-24, last modified 2018-03-17

Download fulltext

Rate this document:

Rate this document:
(Not yet reviewed)