Presentation is loading. Please wait.

Presentation is loading. Please wait.

Broadcast Encryption and Traitor Tracing 2001. 12. 2001507 Jin Kim.

Published byClaribel Pope Modified over 9 years ago

Similar presentations

Presentation on theme: "Broadcast Encryption and Traitor Tracing 2001. 12. 2001507 Jin Kim."— Presentation transcript:

1 Broadcast Encryption and Traitor Tracing 2001. 12. 2001507 Jin Kim

2 2 Contents Introduction Broadcast Encryption Traitor Tracing Traitor Tracing Models Conclusion & Further Work Reference

3 3 Broadcast Encryption Provider transmits encrypted content to a privileged subset of users Pay TV, Online DB. Consider a center and a set of users. The center wishes to broadcast a message to a privileged set of users. Goal: Efficiency of transmission length storage at the user’s end the computation in retrieving the common key.

4 4 Broadcast Encryption Center E(content) I1I1 I2I2 I3I3 InIn U1U1 U2U23U3UUnUn U i Decrypts E(content) using I i

5 5 The Danger Some Users leak their keys to pirates Pirates construct unauthorized decryption devices an d sell them at a discount K 1 K 3 K 8 E(Content) Content Pirate Box

6 6 Stopping Leakage Two non-exclusive approaches: Traitor Tracing Trace and Revoke Trace users who leak their keys Revoke those keys - rendering pirated boxes dysfunctional. Powerful combination! Self Enforcement Goal: discourage users from leaking keys Idea: key should contain sensitive information that user doesn’t w ant to spread. Should be impossible to use without revealing explicitly Example: Credit Card Number Challenge: how to embed the sensitive information in the keys

7 7 Revocation E’(M) Legal Decoder Legal Decoder Pirate Decoder Pirate Decoder M M’ ( decode incorrectly )

8 8 Traitors Traitors are legitimate users who aid a pirate by: Plaintext re-transmission compromised keys

9 9 Traitor Tracing Goal of Traitor Tracing Schemes: Find source of keys of illegal decryption devices If at most t traitors - should identify (one of) them No honest user should be implicated K 1 K 3 K 8 K3K3 Tracer Pirate Box

10 10 Traitor Tracing Fighting Piracy Identify piracy Prevent transmitting information to pirate users Identify the source of such piracy Finding Traitors Consideration Memory and Computation requirements Per authorized user For the data supplier Data redundancy overhead

11 11 Tracing Schemes Some Models of previous schemes: Static Asymmetric Dynamic Sequential Alternative If group members can share exactly the same data, the problem of determining guilt or innocent is unsolvable To find a traitor, Give a slightly different secret to the shares

12 12 Chor-Fiat-Naor Scheme Traitor tracing message : (enabling block, cipher block) Cipher block : symmetric encryption of the actual data Enabling block : user’s key set and enabling block can generate decryption key decrypt Original block User 1 broadcast Personal key User n Cipher block Enabling block Personal key

13 13 Some Schemes Boneh and Franklin Fixed key-length of private key Length of enabling block depends on the # of revocation capability W. Tzeng and Z. Tzeng Enlarged the # of revocation capability to the degree of Shamir polynomail Kim, Lee, and Lim Enlarged the # of revocation capability to the infinity

14 14 Comparison : Some schemes m : # of users, k : revocation capability, H : hash ftn., p, q : prime number, |p|>1024, |q|>160, q|(p-1), z : Shamir degree of polynomial, modulus of n- RSA |n|>1024, p ’, q ’ : prime, |p ’ |>|n|, q ’ |(p ’ -1) CFNP Open 1-level Boneh Franklin Lee, Kim Lim Tzeng Private KeyO(k2logm)*|H||q|2|n|+|Φ(n)|+q ’ |q| Length of Encryption Block O(k4logm)*|H|(2k+1)*|p| 3|n|+|Φ(n)| {O(z) + |p ’ |} O(z)*|p| Compute amount of Encryption O(k4logm)XORs ≈(2k+1) Exps. (mod p) 1 Exp. + 2Mls. (mod n) + {O(z) Exps. (mod p)} O(z) Exps. (mod p) Compute amount of Encryption O(k4logm)XORs ≈(2k+1) Exps. +(2k+1)Mls. (mod p) 2 Exps. + 2Mls. (mod n) + {O(z) Exps. + O(z) Mls. (mod p)} O(z) Exps. + O(z) Mls (mod p) # of Revocation--∞ ≤ z

15 15 Comparison : Threshold schemes PROPERTYSECTION Personal KEY Data Redundancy Decryption Operations Secret 2-levelBest fully-resilient349621270000496 Threshold One-level, min. Data redundancy 4.15300040001 Threshold Two-level, min. Data redundancy 4.2 W=1/2 16601850009 Threshold Two-level Min. key 4.2 Α -> infinity 380129000013 Thresholdtradeoff 4.2 W=1/8 10000545003 Complexity of different Tracing Traitor schemes Using n=10 6, k=1000, q=3/4

16 16 Proposed Schems Based on Lee, Kim and Lim’s Scheme Difference : Enabling Block : by reducing random number r change from to

17 17 Advances in the proposed scheme Proposed scheme is more useful. Because of Provider can more short enabling block. Efficiency of storage at the user’s end With no change of semantic security

18 18 Conclusion Introducing broadcast encryption and their issue – traitor tracing. Dividing enabling block & retrieving block is more efficient than all in one scheme. Proposed method is decreasing the number of each user’s enabling block. Further Works Research about Efficiency of proposed scheme New (Updated) Traitor Tracing Schemes Key Management New (Updated) Broadcast Encryption Scheme And Provably Secure Broadcast Encryption Scheme Study on other problems of Broadcast Scheme

19 19 References 1. S. Berkovits. How to Broadcast a Secret. Advances in Cryptology - Eurocrypt ’91, Lecture Notes in Computer Science 547 (1992), pp. 536-541. 2. A. Fiat and M. Naor. Broadcast Encryption. Advances in Cryptology - Crypto ’93, Lecture Notes in Computer Science 773, (1994), pp. 480–491. 3. M. Just, E. Kranakis, D. Krizanc ans P. van Oorschot. On Key Distribution via True Broadcasting. In Proceedings of 2nd ACM Conference on Computer and Communications Security, November 1994, pp. 81–88. 4. B. Chor, A. Fiat and M.Naor. Tracing traitors. Advances in Cryptology - Crypto ’94, Lecture Notes in Computer Science 839, (1994), pp. 257–270. 5. D. Boneh and M Franklin. An Efficient Public Key Traitor Tracing Scheme. Advances in Cryptology - Crypto ’99, Lecture Notes in Computer Science, (1994), pp. 338–353. 6. D.H. Lee, H.J. Kim and J.I. Lim. Efficient Public-Key Traitor Tracing in Provably Secure Broadcast Encryption with Unlimited Revocation Capability, WISC 2001, WISC 2001 Proceeding, (2001), pp. 31–42

20 Thank you for listening. Any Questions?

Download ppt "Broadcast Encryption and Traitor Tracing 2001. 12. 2001507 Jin Kim."

Similar presentations

Efficient Signature Generation by Smart Cards 20103112 Suk Ki Kim 20103114 Sunyeong Kim.

Efficient Signature Generation by Smart Cards Suk Ki Kim Sunyeong Kim.
1 Efficient Self-Healing Group Key Distribution with Revocation Capability by Donggang Liu, Peng Ning, Kun Sun Presented by Haihui Huang

1 Efficient Self-Healing Group Key Distribution with Revocation Capability by Donggang Liu, Peng Ning, Kun Sun Presented by Haihui Huang
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Secure Content Delivery in Information-Centric Networks: Design, Implementation, and Analyses Computer Science Department New Mexico State University,

Secure Content Delivery in Information-Centric Networks: Design, Implementation, and Analyses Computer Science Department New Mexico State University,
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, 2010. ICWCSC 2010. International.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
Broadcast Encryption – an overview Niv Gilboa – BGU 1.

Broadcast Encryption – an overview Niv Gilboa – BGU 1.
1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.

1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.
Asymmetric-Key Cryptography

Asymmetric-Key Cryptography
BY : Darshana Chaturvedi.  INTRODUCTION  RSA ALGORITHM  EXAMPLES  RSA IS EFFECTIVE  FERMAT’S LITTLE THEOREM  EUCLID’S ALGORITHM  REFERENCES.

BY : Darshana Chaturvedi.  INTRODUCTION  RSA ALGORITHM  EXAMPLES  RSA IS EFFECTIVE  FERMAT’S LITTLE THEOREM  EUCLID’S ALGORITHM  REFERENCES.
1 Asynchronous Broadcast Protocols in Distributed System Oct. 10, 2002 JaeHyrk Park ICU.

1 Asynchronous Broadcast Protocols in Distributed System Oct. 10, 2002 JaeHyrk Park ICU.
Payment Systems 1. Electronic Payment Schemes Schemes for electronic payment are multi-party protocols Payment instrument modeled by electronic coin that.

Payment Systems 1. Electronic Payment Schemes Schemes for electronic payment are multi-party protocols Payment instrument modeled by electronic coin that.
Traitor Tracing Vijay Ramachandran CS 655: E-commerce Foundations October 10, 2000.

Traitor Tracing Vijay Ramachandran CS 655: E-commerce Foundations October 10, 2000.
Traitor Tracing Papers Benny Chor, Amos Fiat and Moni Naor, Tracing Traitors (1994) Moni Naor and Benny Pinkas, Threshold Traitor Tracing (1998) Presented.

Traitor Tracing Papers Benny Chor, Amos Fiat and Moni Naor, Tracing Traitors (1994) Moni Naor and Benny Pinkas, Threshold Traitor Tracing (1998) Presented.
Computer Science 1 Efficient Self-healing Group Key Distribution With Revocation Capability Archana Rajagopal CSC 774 Presentation Based on Original Slides.

Computer Science 1 Efficient Self-healing Group Key Distribution With Revocation Capability Archana Rajagopal CSC 774 Presentation Based on Original Slides.
Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.

Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.
Public-key Cryptography Montclair State University CMPT 109 J.W. Benham Spring, 1998.

Public-key Cryptography Montclair State University CMPT 109 J.W. Benham Spring, 1998.
Content Protection for Recordable Media Florian Pestoni IBM Almaden Research Center.

Content Protection for Recordable Media Florian Pestoni IBM Almaden Research Center.
1 Efficient Conjunctive Keyword Search on Encrypted Data Storage System Author : Jin Wook Byun Dong Hoon Lee Jongin Lim Presentered by Chia Jui Hsu Date.

1 Efficient Conjunctive Keyword Search on Encrypted Data Storage System Author : Jin Wook Byun Dong Hoon Lee Jongin Lim Presentered by Chia Jui Hsu Date.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
Chapter 5 Cryptography Protecting principals communication in systems.

Chapter 5 Cryptography Protecting principals communication in systems.

Similar presentations

Ads by Google