Trials of Traced Traitors

Traitor tracing schemes as introduced by Chor, Fiat, and Naor at Crypto ’94 are intended for tracing people who abuse a broadcast encryption scheme by allowing additional, illegitimate users to decrypt the data. The schemes should also provide legal evidence for such treachery. We discuss and improve the quality of such evidence, i.e., the security of trials that would be held about supposedly traced traitors. In particular, previous traitor tracing schemes are symmetric in the sense that legitimate users of the broadcast information share all their secrets with the information provider. Thus they cannot offer non-repudiation. We define asymmetric traitor tracing schemes, where the provider, confronted with treachery, obtains information that he could not have produced on his own, and that is therefore much better evidence. Examples of concrete constructions are given. We also discuss the general model of traitor tracing and propose improvements to the symmetric schemes.