How to construct random functions
Journal of the ACM (JACM)
CRYPTO '93 Proceedings of the 13th annual international cryptology conference on Advances in cryptology
Combinatorial Properties and Constructions of Traceability Schemes and Frameproof Codes
SIAM Journal on Discrete Mathematics
The LSD Broadcast Encryption Scheme
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
CRYPTO '94 Proceedings of the 14th Annual International Cryptology Conference on Advances in Cryptology
CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
Traitor Tracing with Constant Transmission Rate
EUROCRYPT '02 Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology
Efficient Trace and Revoke Schemes
FC '00 Proceedings of the 4th International Conference on Financial Cryptography
Proceedings of the First International Workshop on Information Hiding
Collusion Secure q-ary Fingerprinting for Perceptual Content
DRM '01 Revised Papers from the ACM CCS-8 Workshop on Security and Privacy in Digital Rights Management
On Crafty Pirates and Foxy Tracers
DRM '01 Revised Papers from the ACM CCS-8 Workshop on Security and Privacy in Digital Rights Management
Optimal probabilistic fingerprint codes
Proceedings of the thirty-fifth annual ACM symposium on Theory of computing
Number-theoretic constructions of efficient pseudo-random functions
FOCS '97 Proceedings of the 38th Annual Symposium on Foundations of Computer Science
Scalable public-key tracing and revoking
Proceedings of the twenty-second annual symposium on Principles of distributed computing
Corrupting one vs. corrupting many: the case of broadcast and multicast encryption
ICALP'06 Proceedings of the 33rd international conference on Automata, Languages and Programming - Volume Part II
Generic construction of hybrid public key traitor tracing with full-public-traceability
ICALP'06 Proceedings of the 33rd international conference on Automata, Languages and Programming - Volume Part II
Public traceability in traitor tracing schemes
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
One-Way chain based broadcast encryption schemes
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Fully collusion resistant traitor tracing with short ciphertexts and private keys
EUROCRYPT'06 Proceedings of the 24th annual international conference on The Theory and Applications of Cryptographic Techniques
Collusion-secure fingerprinting for digital data
IEEE Transactions on Information Theory
IEEE Transactions on Information Theory
Combinatorial properties of frameproof and traceability codes
IEEE Transactions on Information Theory
New results on frame-proof codes and traceability schemes
IEEE Transactions on Information Theory
Improving the Boneh-Franklin Traitor Tracing Scheme
Irvine Proceedings of the 12th International Conference on Practice and Theory in Public Key Cryptography: PKC '09
Defending against the Pirate Evolution Attack
ISPEC '09 Proceedings of the 5th International Conference on Information Security Practice and Experience
Traitors Collaborating in Public: Pirates 2.0
EUROCRYPT '09 Proceedings of the 28th Annual International Conference on Advances in Cryptology: the Theory and Applications of Cryptographic Techniques
Tracing and Revoking Pirate Rebroadcasts
ACNS '09 Proceedings of the 7th International Conference on Applied Cryptography and Network Security
Broadcast encryption versus public key cryptography in content protection systems
Proceedings of the nineth ACM workshop on Digital rights management
Defending against the pirate evolution attack
International Journal of Applied Cryptography
Improving the round complexity of traitor tracing schemes
ACNS'10 Proceedings of the 8th international conference on Applied cryptography and network security
Traitor tracing against public collaboration
ISPEC'11 Proceedings of the 7th international conference on Information security practice and experience
On the effects of pirate evolution on the design of digital content distribution systems
IWCC'11 Proceedings of the Third international conference on Coding and cryptology
ACNS'11 Proceedings of the 9th international conference on Applied cryptography and network security
Identity-based trace and revoke schemes
ProvSec'11 Proceedings of the 5th international conference on Provable security
Journal of Computational and Applied Mathematics
Hi-index | 0.00 |
We introduce a novel attack concept against trace and revoke schemes called pirate evolution. In this setting, the attacker, called an evolving pirate, is handed a number of traitor keys and produces a number of generations of pirate decoders that are successively disabled by the trace and revoke system. A trace and revoke scheme is susceptible to pirate evolution when the number of decoders that the evolving pirate produces exceeds the number of traitor keys that were at his possession. Pirate evolution can threaten trace and revoke schemes even in cases where both the revocation and traceability properties are ideally satisfied: this is because pirate evolution may enable an attacker to "magnify" an initial key-leakage incident and exploit the traitor keys available to him to produce a great number of pirate boxes that will take a long time to disable. Even moderately successful pirate evolution affects the economics of deployment for a trace and revoke system and thus it is important that it is quantified prior to deployment. In this work, we formalize the concept of pirate evolution and we demonstrate the susceptibility of the trace and revoke schemes of Naor, Naor and Lotspiech (NNL) from Crypto 2001 to an evolving pirate that can produce up to t ċ log N generations of pirate decoders given an initial set of t traitor keys. This is particularly important in the context of AACS, the new standard for high definition DVDs (HD-DVD and Blue-Ray) that employ the subset difference method of NNL: for example using our attack strategy, a pirate can potentially produce more than 300 pirate decoder generations by using only 10 traitor keys, i.e., key-leakage incidents in AACS can be substantially magnified.