Amendment to Trace and Revoke Systems with Short Ciphertexts
نویسنده
چکیده
Traitor tracing is needed because some users in broadcast encryption system may give out their decryption keys to construct pirate decoders. Recently, Liu and Yuan described a trace and revoke systems with short ciphertexts. In this paper, we show that their scheme cannot achieve traitor tracing, since any receiver can decide whether the given ciphertext is well-formed or not so as to decide whether the system is now in normal broadcasting mode or in tracing mode. Thus, any user can construct decoders that will decrypt well-formed ciphertexts (ciphertexts for normal broadcasting) and refuse the badly-formed ciphertexts (ciphertexts for traitor tracing), so that traitors cannot be identified. In such case, innocent users will be framed. We provide an amendment to their scheme and render it useful in traitor tracing against both perfect and imperfect decoders.
منابع مشابه
Generic Construction of Trace and Revoke Schemes
Broadcast encryption (BE) is a cryptographic primitive that allows a broadcaster to encrypt digital content to a privileged set of users and in this way prevent revoked users from accessing the content. In BE schemes, a group of users, called traitors may leak their keys and enable an adversary to receive the content. Such malicious users can be detected through traitor tracing (TT) schemes. Th...
متن کاملEfficient Public Trace and Revoke from Standard Assumptions
We provide e cient constructions for trace-and-revoke systems with public traceability in the black-box con rmation model. Our constructions achieve adaptive security, are based on standard assumptions and achieve signi cant e ciency gains compared to previous constructions. Our constructions rely on a generic transformation from inner product functional encryption (IPFE) schemes to trace-and-r...
متن کاملPirate Evolution: How to Make the Most of Your Traitor Keys
We introduce a novel attack concept against trace and revoke schemes called pirate evolution. In this setting, the attacker, called an evolving pirate, is handed a number of traitor keys and produces a number of generations of pirate decoders that are successively disabled by the trace and revoke system. A trace and revoke scheme is susceptible to pirate evolution when the number of decoders th...
متن کاملLimited-linkable Group Signatures with Distributed-Trust Traceability
Group signatures allow a group member to sign anonymously on behalf of a group. In the dynamic case, a group manager can add and revoke group members. An opening manager can revoke the anonymity of a signature and trace it back to the original group member. We introduce limited-linkable group signatures: two signatures on identical messages by the same group member can be efficiently linked. Fu...
متن کاملAdaptive Security in Broadcast Encryption Systems (with Short Ciphertexts)
We present new techniques for achieving adaptive security in broadcast encryption systems. Previous work on fully collusion resistant broadcast encryption systems with very short ciphertexts was limited to considering only static security. First, we present a new definition of security that we call semi-static security and show a generic “two-key” transformation from semi-statically secure syst...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- I. J. Network Security
دوره 14 شماره
صفحات -
تاریخ انتشار 2012