Resistance to Pirates 2.0: A Method from Leakage Resilient Cryptography

In the classical model of traitor tracing, one assumes that a traitor contributes its entire secret key to build a pirate decoder. However, new practical scenarios of pirate has been considered, namely Pirate Evolution Attacks at Crypto 2007 and Pirates 2.0 at Eurocrypt 2009, in which pirate decoders could be built from sub-keys of users. The key notion in Pirates 2.0 is the anonymity level of traitors: they can rest assured to remain anonymous when each of them only contributes a very small fraction of its secret information. This scenario encourages dishonest users to participate in collusion and the size of collusion could become very large, possibly beyond the considered threshold in the classical model. There are numerous attempts to deal with Pirates 2.0 each of which only considers a particular form of Pirates 2.0. In this paper, we propose a method for fighting Pirates 2.0 in any form. Our method is based on the researches in key-leakage resilience. It thus gives an interesting and rather surprised connection between the rich domain of key-leakage resilient cryptography and Pirates 2.0. We first formalize the notion of key-leakage resilient revoke system and then identify sufficient conditions so that a key-leakage resilient revoke scheme can resist Pirates 2.0 in any form. We finally propose a construction of a secure key-leakage resilient identity-based revoke system that fulfills the required conditions. The main ingredient in the construction relies on the identity-based encryption with wildcards (WIBE) and our construction of key-leakage resilient WIBE could be useful in its own right.