International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

An Attack on A Traitor Tracing Scheme

Authors:
Jeff Jianxin Yan
Yongdong Wu
Download:
URL: http://eprint.iacr.org/2001/067
Search ePrint
Search Google
Abstract: In Crypto'99, Boneh and Franklin proposed a public key traitor tracing scheme~\cite{Boneh}, which was believed to be able to catch all traitors while not accusing any innocent users (i.e., full-tracing and error-free). Assuming that Decision Diffie-Hellman problem is unsolvable in $G_{q}$, Boneh and Franklin proved that a decoder cannot distinguish valid ciphertexts from invalid ones that are used for tracing. However, our novel pirate decoder $P_{3}$ manages to make some invalid ciphertexts distinguishable without violating their assumption, and it can also frame innocent users to fool the tracer. Neither the single-key nor arbitrary pirate tracing algorithm presented in~\cite{Boneh} can identify all keys used by $P_{3}$ as claimed. Instead, it is possible for both algorithms to catch none of the traitors. We believe that the construction of our novel pirate also demonstrates a simple way to defeat some other black-box traitor tracing schemes in general.
BibTeX
@misc{eprint-2001-11479,
  title={An Attack on A Traitor Tracing Scheme},
  booktitle={IACR Eprint archive},
  keywords={black-box traitor tracing, copyright protection},
  url={http://eprint.iacr.org/2001/067},
  note={Technical Report No. 518, Computer Laboratory, University of Cambridge, 2001 Jeff.Yan@cl.cam.ac.uk 11556 received 10 Aug 2001, last revised 22 Aug 2001},
  author={Jeff Jianxin Yan and Yongdong Wu},
  year=2001
}