Abstract
We deal with the problem of a center sending a message to a group of users such that some subset of the users is considered revoked and should not be able to obtain the content of the message. We concentrate on the stateless receiver case, where the users do not (necessarily) update their state from session to session. We present a framework called the Subset-Cover framework, which abstracts a variety of revocation schemes including some previously known ones. We provide sufficient conditions that guarantees the security of a revocation algorithm in this class.
We describe two explicit Subset-Cover revocation algorithms; these algorithms are very flexible and work for any number of revoked users. The schemes require storage at the receiver of log N and 1/2 log2 N keys respectively (N is the total number of users), and in order to revoke r users the required message lengths are of r log N and 2r keys respectively. We also provide a general traitor tracing mechanism that can be integrated with any Subset-Cover revocation scheme that satisfies a “bifurcation property”. This mechanism does not need an a priori bound on the number of traitors and does not expand the message length by much compared to the revocation of the same set of traitors.
The main improvements of these methods over previously suggested methods, when adopted to the stateless scenario, are: (1) reducing the message length to O(r) regardless of the coalition size while maintaining a single decryption at the user’s end (2) provide a seamless integration between the revocation and tracing so that the tracing mechanisms does not require any change to the revocation algorithm.
A full version of the paper is available at the IACR Crypto Archive http://eprint.iacr.org/ and at http://www.wisdom.weizmann.ac.il/naor/
Work done while the author was visiting IBM Almaden Research Center and Stanford University. Partially supported by DARPA contract F30602-99-1-0530.
Chapter PDF
Similar content being viewed by others
References
J. Anzai, N. Matsuzaki and T. Matsumoto, A Quick Group Key Distribution Sceheme with “Entity Revocation”, Advances in Cryptology-Asiacrypt’ 99, LNCS 1716, Springer, 1999, pp. 333–347.
O. Berkman, M. Parnas and J. Sgall, Efficient Dynamic Traitor Tracing, Proc. of the 11th ACM-SIAM Symp. on Discrete Algorithms (SODA), pp. 586–595, 2000.
D. Boneh and M. Franklin, An efficient public key traitor tracing scheme, Advances in Cryptology-Crypto’ 99, LNCS 1666, Springer, 1999, pp. 338–353.
D. Boneh, and J. Shaw, Collusion Secure Fingerprinting for Digital Data, IEEE Transactions on Information Theory, Vol 44, No. 5, pp. 1897–1905, 1998.
R. Canetti, J. Garay, G. Itkis, D. Micciancio, M. Naor and B. Pinkas, Multicast Security: A Taxonomy and Some Efficient Constructions, Proc. of INFOCOM’ 99, Vol. 2, pp. 708–716, New York, NY, March 1999.
R. Canetti, T. Malkin, K. Nissim, Efficient Communication-Storage Tradeoffs for Multicast Encryption, Advances in Cryptology-EUROCRYPT’ 99, LNCS 1592, Springer, 1999, pp. 459–474.
R. Cramer and V. Shoup, A Practical Public Key Cryptosystem Provably Secure Against Adaptive Chosen Ciphertext Attack. Advances in Cryptology-CRYPTO 1999, Lecture Notes in Computer Science 1462, Springer, pp. 13–25.
B. Chor, A. Fiat and M. Naor, Tracing traitors, Advances in Cryptology-CRYPTO’ 94, LNCS 839, Springer, pp. 257–270, 1994.
B. Chor, A. Fiat, M. Naor and B. Pinkas, Tracing traitors, IEEE Transactions on Information Theory, Vol. 46, No. 3, May 2000.
Content Protection for Recordable Media. Available: http://www.4centity.com/4centity/tech/cprm
C. Dwork, J. Lotspiech and M. Naor, Digital Signets: Self-Enforcing Protection of Digital Information, 28th Symp. on the Theory of Computing, 1996, pp. 489–498.
A. Fiat and M. Naor, Broadcast Encryption, Advances in Cryptology-CRYPTO’ 93, LNCS 773, Springer, 1994, pp. 480–491.
A. Fiat and T. Tassa, Dynamic Traitor Tracing Advances in Cryptology-CRYPTO’ 99, LNCS 1666, 1999, pp. 354–371.
E. Fujisaki and T. Okamoto, Secure Integration of Asymmetric and Symmetric Encryption Schemes, Advances in Cryptology-CRYPTO 1999, LNCS 1666, 1999, pp. 537–554.
E. Gafni, J. Staddon and Y. L. Yin, Efficient Methods for Integrating Traceability and Broadcast Encryption, Advances in Cryptology-CRYPTO’99, LNCS 1666, Springer, 1999, pp. 372–387.
J.A. Garay, J. Staddon and A. Wool, Long-Lived Broadcast Encryption. Advances in Cryptology-CRYPTO’2000, LNCS 1880, pp. 333–352, 2000.
O. Goldreich, S. Goldwasser and S. Micali, How to Construct Random Functions. JACM 33(4): 792–807 (1986)
R. Kumar, R. Rajagopalan and A. Sahai, Coding Constructions for blacklisting problems without Copmutational Assumptions. Advances in Cryptology-CRYPTO’ 99, LNCS 1666, 1999, pp. 609–623.
M. Luby and J. Staddon, Combinatorial Bounds for Broadcast Encryption. Advances in Cryptology-EUROCRYPT’ 98, LNCS vol 1403, 1998, pp. 512–526.
D. McGrew, A. T. Sherman, Key Establishment in Large Dynamic Groups Using One-Way Function Trees, submitted to IEEE Transactions on Software Engineering (May 20, 1998).
D. Naor, M. Naor, J. Lotspiech, Revocation and Tracing Schemes for Stateless Receivers, full version available at the IACR Crypto Archive http://eprint.iacr.org/.
M. Naor, Tradeoffs in Subset-Cover Revocation Schemes, manuscript, 2001.
M. Naor and B. Pinkas, Threshold traitor tracing, Advances in Cryptology-Crypto’ 98, LNCS 1462, pp. 502–517.
M. Naor and B. Pinkas, Efficient Trace and Revoke Schemes Financial Cryptography’ 2000, LNCS, Springer.
B. Pfitzmann, Trials of Traced Traitors, Information Hiding Workshop, First International Workshop, Cambridge, UK, LNCS 1174, Springer, 1996, pp. 49–64.
R. Safavi-Naini and Y. Wang, Sequential Traitor Tracing, Advances in Cryptology-CRYPTO 2000, LNCS 1880, pp. 316–332, 2000.
V. Shoup and R. Gennaro, Securing threshold cryptosystems against chosen ciphertext attack, Advances in Cryptology-EUROCRYPT’98, LNCS 1403, 1998, pp. 1–16.
D.R. Stinson and R. Wei, Key Preassigned Traceability Schemes for Broadcast Encryption, Proc. Fifth Annual Workshop on Selected Areas in Cryptography, LNCS 1556 (1999), pp. 144–156.
D.M. Wallner, E.J. Harder and R.C. Agee, Key Management for Multicast: Issues and Architectures, Internet Request for Comments 2627, June, 1999. Available: ftp://.ietf.org/rfc/rfc2627.txt
C. K. Wong, M. Gouda and S. Lam, Secure Group Communications Using Key Graphs, Proc. ACM SIGCOMM’98, pp. 68–79.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2001 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Naor, D., Naor, M., Lotspiech, J. (2001). Revocation and Tracing Schemes for Stateless Receivers. In: Kilian, J. (eds) Advances in Cryptology — CRYPTO 2001. CRYPTO 2001. Lecture Notes in Computer Science, vol 2139. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-44647-8_3
Download citation
DOI: https://doi.org/10.1007/3-540-44647-8_3
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-42456-7
Online ISBN: 978-3-540-44647-7
eBook Packages: Springer Book Archive