Breaking Two k-Resilient Traitor Tracing Schemes with Sublinear Ciphertext Size
In 2004, Matsushita and Imai proposed a k-resilient public-key traitor tracing scheme which has sublinear ciphertext size 4k + 2 + (n/2k) with efficient black-box tracing against self-defensive pirates, where n, k are the total number of subscribers and the maximum number of colluders. After that, in 2006, they presented a hierarchical key assignment method to reduce the ciphertext size into 4k + 5 + log(n/2k) by combining a complete binary tree with the former scheme.
In this paper, we show that the proposed schemes are vulnerable to our attack which makes pirate keys able to avoid the black-box tracing. Their schemes are based on multiple polynomials and our attack use a combination between different polynomials. The latter scheme can be broken by other attacks which use secret values of the key generation polynomial or use partial keys.
Keywordscryptanalysis public-key traitor tracing black-box tracing self-defensive pirates linear attack
- 3.Chor, B., Fiat, A., Naor, M.: Tracing traitors. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 257–270. Springer, Heidelberg (1994)Google Scholar