Defending against the Pirate Evolution Attack

  • Hongxia Jin
  • Jeffrey Lotspiech
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5451)


A trace and revoke scheme is an encryption scheme for secure content distribution so that only authorized users can access the copyrighted content. When a clone device is recovered, the ”trace” component detects the pirate users that have compromised the secret keys in their devices and participated in the construction of the clone device. The ”revoke” component excludes the pirate users from accessing the future content. The state-of-art trace-revoke scheme is the very efficient subset difference based NNL scheme [11] which is also deployed in AACS [1], the industry new content protection standard for high definition DVDs. While its revocation and tracing are both very efficient, as pointed out by Kiayias and Pehlivanoglu from Crypto 2007, in its deployment NNL scheme may suffer from a new attack called pirate evolution attack. In this attack attackers reveal the compromised secret keys to the clone decoder very slowly through a number of generations of pirate decoders that will take long time to disable them all. They showed in a system with N users, the attacker can produce up to t*logN generations of pirate decoders given t sets of keys. In AACS context, that means a pirate can produce more than 300 generations of decoders by compromising only 10 devices. If this happens, it will indeed be a nightmare.

In this paper we are interested in practical solutions that can defend well against the pirate evolution attack in practice. In particular we devise an easy and efficient approach for the subset difference based NNL scheme [11] to defend well against the potential pirate evolution attack. Indeed it takes as small as 2 generations to detect and disable a traitor in a coalition. This can be achieved by only negligibly increasing the cipher text header size in an application like AACS. The simplicity, efficiency and practicality of our approach has made AACS to adopt it to defend against the pirate evolution attack.


Traitor Tracing Broadcast Encryption Pirate Evolution Attack 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
  2. 2.
    Kiayias, A., Pehlivanoglu, S.: Pirate evolution: How to make the most of your traitor keys. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 448–465. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  3. 3.
    Fiat, A., Naor, M.: Broadcast encryption. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 480–491. Springer, Heidelberg (1994)CrossRefGoogle Scholar
  4. 4.
    Boneh, D., Gentry, C., Waters, B.: Collusion resistant broadcast encryption with short ciphertexts and private keys. In: Shoup, V. (ed.) CRYPTO 2005. LNCS, vol. 3621, pp. 258–275. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  5. 5.
    Chor, B., Fiat, A., Naor, M.: Tracing traitors. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 257–270. Springer, Heidelberg (1994)Google Scholar
  6. 6.
    Chor, B., Fiat, A., Naor, M., Pinkas, B.: Tracing traitors. IEEE Transactions on Information Theory 46, 893–910 (2000)CrossRefzbMATHGoogle Scholar
  7. 7.
    Naor, M., Pinkas, B.: Efficient trace and revoke schemes. In: Frankel, Y. (ed.) FC 2000. LNCS, vol. 1962, pp. 1–20. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  8. 8.
    Boneh, D., Sahai, A., Waters, B.: Fully collusion resistant traitor tracing with short ciphertexts and private keys. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 573–592. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  9. 9.
    Staddon, J.N., Stinson, D.R., Wei, R.: Combinatorial properties of frameproof and traceability codes. IEEE Transactions on Information Theory 47, 1042–1049 (2001)MathSciNetCrossRefzbMATHGoogle Scholar
  10. 10.
    Jin, H., Lotspiech, J.: Renewable traitor tracing: A trace-revoke-trace system for anonymous attack. In: Biskup, J., López, J. (eds.) ESORICS 2007. LNCS, vol. 4734, pp. 563–577. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  11. 11.
    Naor, D., Naor, M., Lotspiech, J.: Revocation and tracing schemes for stateless receivers. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 41–62. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  12. 12.
    Boneh, D., Waters, B.: A collusion resistant broadcast, trace and revoke system. ACM Communication and Computer Security, 211–220 (2006)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Hongxia Jin
    • 1
  • Jeffrey Lotspiech
    • 1
  1. 1.IBM Almaden Research CenterSan JoseUSA

Personalised recommendations