Traitor Deterring Schemes: Using bitcoin as collateral for digital content

Aggelos Kiayias, Qiang Tang

Research output: Chapter in Book/Report/Conference proceedingConference contribution

22 Scopus citations


We put forth a new cryptographic primitive called a Traitor Deterring Scheme (TDS). A TDS is a multi-recipient public-key encryption scheme where an authority issues decryption keys to a set of users. The distinguishing feature of a TDS is that secret-keys are issued only after the users provide some private information as a form of collateral. The traitor deterring property ensures that if a malicious coalition of users (aka "traitors") produces an unauthorized (aka "pirate") decryption device, any recipient of the device will be able to recover at least one of the traitors' collaterals with only black-box access to the device. On the other hand, honest users' collaterals are guaranteed to remain hidden. In this fashion a TDS deincentivizes malicious behavior among users. We model, construct and analyze TDS's based on various cryptographic assumptions and we show how bitcoin can be used as collateral for real world deployment of TDS's for the distribution of digital content. Along the way, we present cryptographic building blocks that may be of independent interest, namely fuzzy lockers, and comparison predicate encryption schemes for exponentially large domains. We also compare TDS with previous primitives specifically traitor tracing schemes (TTS) introduced by Chor et al. [9] and digital signets for self enforcement introduced by Dwork et al. [12]. A TDS constitutes a strict strengthening of a TTS and, when modeled in what we call the " known ciphertext model", it is a reformulation of digital signets in the public-key, black-box secure setting. In digital signets the adversary attempts to transmit a pirate copy at a favorable " space rate", i.e., without having to send the whole plaintext (and without revealing the traitor collaterals). It is an open question from [12] to construct o(1) space rate schemes under a falsifiable assumption. With our TDS constructions we resolve this open question showing feasibility for space rates O(log λ= λ) and infeasibility for space ratesΩ(log2 λ= λ).

Original languageEnglish (US)
Title of host publicationCCS 2015 - Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security
PublisherAssociation for Computing Machinery
Number of pages12
ISBN (Electronic)9781450338325
StatePublished - Oct 12 2015
Externally publishedYes
Event22nd ACM SIGSAC Conference on Computer and Communications Security, CCS 2015 - Denver, United States
Duration: Oct 12 2015Oct 16 2015

Publication series

NameProceedings of the ACM Conference on Computer and Communications Security
ISSN (Print)1543-7221


Other22nd ACM SIGSAC Conference on Computer and Communications Security, CCS 2015
Country/TerritoryUnited States

All Science Journal Classification (ASJC) codes

  • Software
  • Computer Networks and Communications


  • Bitcoin
  • Digital rights management
  • Key management
  • Public-key cryptography
  • Self-enforcement


Dive into the research topics of 'Traitor Deterring Schemes: Using bitcoin as collateral for digital content'. Together they form a unique fingerprint.

Cite this