International Association for Cryptologic Research

International Association
for Cryptologic Research


Thomas Sirvent


A Tunable Broadcast Encryption Scheme
David Lubicz Thomas Sirvent
In this paper, we describe yet another broadcast encryption scheme for stateless receivers. The main difference between our scheme and the classical schemes derived from the complete subtree and its subsequent improvements is that in our scheme the group management is based upon a more adaptable data structure. In these classical schemes, users must be spread on a tree structure where each level of the tree is associated to some distinguishing property of the users. The fact that the underlying data structure is a fixed tree is a strong limitation for some applications where an operator wants to select users very dynamically following criterions with changing levels of priority. Our scheme may be thought as if in the complete subtree it would be possible to exchange the different level of the tree in order to make it very efficient to revoke or select a class of users. It is also very efficient in the cases where there exists very unbalanced groups of users. This scheme allows one to select or revoke users by sending ciphertexts of linear size with respect to the number of groups which is in general far less than the number of users. Moreover, by using a specific group repartition, it is possible to recover a tree structure in order to apply the classical methods which guarantee that our scheme is in general as efficient as a usual ones. We prove that our scheme is fully collusion secure in the generic group with pairing model.
Traitor tracing scheme with constant ciphertext rate against powerful pirates
Thomas Sirvent
Traitor tracing schemes are used to fight piracy when distributing securely some data to multiple authorized receivers: if some receivers collude and share their decryption keys to build some pirate decoder, a tracing procedure should be able to find at least one of these ``traitors'' from the pirate decoder. In this paper, we consider powerful pirate decoders, which may sometimes refuse to decrypt, or may try to detect when the tracing procedure is running. Most known traitor tracing schemes are not secure against this kind of pirate decoders: this is in particular the case of the schemes with constant ciphertext rate, which are the most efficient ones. We build then a new scheme, with constant ciphertext rate and security against powerful pirate decoders, using watermarking techniques. This scheme has the interesting feature that a receiver may decrypt the ciphertexts progressively, when it was not possible in previous schemes with constant ratio between ciphertext and plaintext.


David Lubicz (1)