TY - GEN
T1 - Traitor Deterring Schemes
T2 - 22nd ACM SIGSAC Conference on Computer and Communications Security, CCS 2015
AU - Kiayias, Aggelos
AU - Tang, Qiang
N1 - Publisher Copyright:
© 2015 ACM.
PY - 2015/10/12
Y1 - 2015/10/12
N2 - We put forth a new cryptographic primitive called a Traitor Deterring Scheme (TDS). A TDS is a multi-recipient public-key encryption scheme where an authority issues decryption keys to a set of users. The distinguishing feature of a TDS is that secret-keys are issued only after the users provide some private information as a form of collateral. The traitor deterring property ensures that if a malicious coalition of users (aka "traitors") produces an unauthorized (aka "pirate") decryption device, any recipient of the device will be able to recover at least one of the traitors' collaterals with only black-box access to the device. On the other hand, honest users' collaterals are guaranteed to remain hidden. In this fashion a TDS deincentivizes malicious behavior among users. We model, construct and analyze TDS's based on various cryptographic assumptions and we show how bitcoin can be used as collateral for real world deployment of TDS's for the distribution of digital content. Along the way, we present cryptographic building blocks that may be of independent interest, namely fuzzy lockers, and comparison predicate encryption schemes for exponentially large domains. We also compare TDS with previous primitives specifically traitor tracing schemes (TTS) introduced by Chor et al. [9] and digital signets for self enforcement introduced by Dwork et al. [12]. A TDS constitutes a strict strengthening of a TTS and, when modeled in what we call the " known ciphertext model", it is a reformulation of digital signets in the public-key, black-box secure setting. In digital signets the adversary attempts to transmit a pirate copy at a favorable " space rate", i.e., without having to send the whole plaintext (and without revealing the traitor collaterals). It is an open question from [12] to construct o(1) space rate schemes under a falsifiable assumption. With our TDS constructions we resolve this open question showing feasibility for space rates O(log λ= λ) and infeasibility for space ratesΩ(log2 λ= λ).
AB - We put forth a new cryptographic primitive called a Traitor Deterring Scheme (TDS). A TDS is a multi-recipient public-key encryption scheme where an authority issues decryption keys to a set of users. The distinguishing feature of a TDS is that secret-keys are issued only after the users provide some private information as a form of collateral. The traitor deterring property ensures that if a malicious coalition of users (aka "traitors") produces an unauthorized (aka "pirate") decryption device, any recipient of the device will be able to recover at least one of the traitors' collaterals with only black-box access to the device. On the other hand, honest users' collaterals are guaranteed to remain hidden. In this fashion a TDS deincentivizes malicious behavior among users. We model, construct and analyze TDS's based on various cryptographic assumptions and we show how bitcoin can be used as collateral for real world deployment of TDS's for the distribution of digital content. Along the way, we present cryptographic building blocks that may be of independent interest, namely fuzzy lockers, and comparison predicate encryption schemes for exponentially large domains. We also compare TDS with previous primitives specifically traitor tracing schemes (TTS) introduced by Chor et al. [9] and digital signets for self enforcement introduced by Dwork et al. [12]. A TDS constitutes a strict strengthening of a TTS and, when modeled in what we call the " known ciphertext model", it is a reformulation of digital signets in the public-key, black-box secure setting. In digital signets the adversary attempts to transmit a pirate copy at a favorable " space rate", i.e., without having to send the whole plaintext (and without revealing the traitor collaterals). It is an open question from [12] to construct o(1) space rate schemes under a falsifiable assumption. With our TDS constructions we resolve this open question showing feasibility for space rates O(log λ= λ) and infeasibility for space ratesΩ(log2 λ= λ).
KW - Bitcoin
KW - Digital rights management
KW - Key management
KW - Public-key cryptography
KW - Self-enforcement
UR - http://www.scopus.com/inward/record.url?scp=84954098252&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84954098252&partnerID=8YFLogxK
U2 - 10.1145/2810103.2813698
DO - 10.1145/2810103.2813698
M3 - Conference contribution
AN - SCOPUS:84954098252
T3 - Proceedings of the ACM Conference on Computer and Communications Security
SP - 231
EP - 242
BT - CCS 2015 - Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security
PB - Association for Computing Machinery
Y2 - 12 October 2015 through 16 October 2015
ER -