TY - GEN
T1 - Communication optimal tardos-based asymmetric fingerprinting
AU - Kiayias, Aggelos
AU - Leonardos, Nikos
AU - Lipmaa, Helger
AU - Pavlyk, Kateryna
AU - Tang, Qiang
N1 - Publisher Copyright:
© Springer International Publishing Switzerland 2015.
PY - 2015
Y1 - 2015
N2 - Asymmetric fingerprinting schemes — introduced by Pfitzmann and Schunter in Eurocrypt 1996 — enable the transmission of a file stored in a server to a set of users so that each user obtains a variation of the file. The security considerations of these schemes are as follows: if any (appropriately bounded) subset of users collude to produce a “pirate” copy of the file, it is always possible for the server to prove to a third party judge the implication of at least one of them, while a malicious server can never implicate innocent users. Given that asymmetric fingerprinting is supposed to distribute files of substantial size (e.g., media files including video and audio) any communication rate (defined as the size of the file over the total transmission length) less than 1 would render them practically useless. The existence of such schemes is currently open. Building on a rate close to 1 oblivious transfer (constructed from recently proposed rate optimal homomorphic encryption), we present the first asymmetric fingerprinting scheme that is communication optimal, i.e., its communication rate is arbitrarily close to 1 (for sufficiently large files) thus resolving this open question. Our scheme is based on Tardos codes, and we prove our scheme secure in an extended formal security model where we also deal with the important but previously unnoticed (in the context of asymmetric fingerprinting) security considerations of accusation withdrawal and adversarial aborts.
AB - Asymmetric fingerprinting schemes — introduced by Pfitzmann and Schunter in Eurocrypt 1996 — enable the transmission of a file stored in a server to a set of users so that each user obtains a variation of the file. The security considerations of these schemes are as follows: if any (appropriately bounded) subset of users collude to produce a “pirate” copy of the file, it is always possible for the server to prove to a third party judge the implication of at least one of them, while a malicious server can never implicate innocent users. Given that asymmetric fingerprinting is supposed to distribute files of substantial size (e.g., media files including video and audio) any communication rate (defined as the size of the file over the total transmission length) less than 1 would render them practically useless. The existence of such schemes is currently open. Building on a rate close to 1 oblivious transfer (constructed from recently proposed rate optimal homomorphic encryption), we present the first asymmetric fingerprinting scheme that is communication optimal, i.e., its communication rate is arbitrarily close to 1 (for sufficiently large files) thus resolving this open question. Our scheme is based on Tardos codes, and we prove our scheme secure in an extended formal security model where we also deal with the important but previously unnoticed (in the context of asymmetric fingerprinting) security considerations of accusation withdrawal and adversarial aborts.
KW - Asymmetric fingerprinting
KW - Group accusation
KW - Rate optimal
KW - Tardos code
UR - http://www.scopus.com/inward/record.url?scp=84930427033&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84930427033&partnerID=8YFLogxK
U2 - 10.1007/978-3-319-16715-2_25
DO - 10.1007/978-3-319-16715-2_25
M3 - Conference contribution
AN - SCOPUS:84930427033
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 469
EP - 486
BT - Topics in Cryptology - CT-RSA 2015 - The Cryptographers’ Track at the RSA Conference 2015, Proceedings
A2 - Nyberg, Kaisa
PB - Springer Verlag
T2 - RSA Conference Cryptographers’ Track, CT-RSA 2015
Y2 - 21 April 2015 through 24 April 2015
ER -