Professional Documents
Culture Documents
Key words: traceability, sequential traitor tracing, error-correcting codes, trace function.
1. INTRODUCTION
Protecting digital content against illegal copying and redistribution is one
of the key problems facing the owners and distributors of digital content.
1
This research is in part supported by Australian Council Grant Number 227 26 1008.
212 Chapter 16
Dynamic traitor tracing was introduced by Fiat and Tassa [6] to provide
protection against re-broadcasting of the content after it is decoded. Safavi-
Naini and Wang [11] showed that dynamic traitor tracing schemes are
vulnerable to the delayed rebroadcast attack where the colluders rebroadcast
the content after a delay. They proposed a new type of system called
sequential traitor tracing, that is secure against this attack and gave a
construction from error correcting codes whose minimum Hamming distance
satisfy a particular lower bound. It was shown that Reed-Solomon codes and
algebraic geometry codes satisfy this bound and so can be used to construct
sequential tracing schemes.
and
Theorem 2.2 ([1],[2]) For any positive integers p, N, let L=8plog N. Then
there exists a where
overcomes the drawback of the RS-codes and AG-codes, but the traceability
c is not as good as the one given in Theorem 2.2.
When it is clear from the context we will use Tr(x) instead of The
following proposition can be found in [5].
Our construction starts with a basic construction in section 3.1 and it is then
extended in section 3.2.
Note that if k and s satisfy (2) and we have then since we have
and so that is
Theorem 3.1 ([18,19]) Let k and s be integers satisfying (2) and n be such
that Then is given by the following formulae
1. If and then
2. If and then
3. If and then
4. If and then
where and with
Using Theorem 3.1 the following Lemma can be proved for vectors of
the form (3).
if for all
if for all
The value on the right of (4) is the positive zero of the quadratic equation
That is,
and so
Theorem 3.2 For any prime power q and an even integer k, there exists an
in which
1. and
2. D satisfies (1) with c given in (4).
218 Chapter 16
First we recall the concept of quadratic forms and review some results. A
more complete treatment of the quadratic forms can be found in [8].
or
The rank of a quadratic form is the rank of its coefficient matrix, and the
determinant of a quadratic form f, denoted by det(f), is det(A). A quadratic
form f in k indeterminates is called nondegenerate if A is of rank k. Every
non-degenerate quadratic form f over GF(q), q odd, can be written as a form
with a diagonal coefficient matrix
16. A Code for Sequential Traitor Tracing 219
Lemma 3.3 (Lemma 2, [18]) Let k and r be integers such that For an
define a function as follows
It follows that
Theorem 3.3 (Theorem 6.26 and 6.27, [8]) Let q be odd, be the quadratic
character of GF(q). If f is a nondegenerate quadratic form in k
indeterminates over then for any the number of
solutions of the equation in is given by
1. if k is even;
2. if k is odd.
Now consider the code To find the distance between two codewords
we count the number of components where two codewords and
220 Chapter 16
Since
we obtain that
if m is even, and
if m is odd.
16. A Code for Sequential Traitor Tracing 221
The equalities (8) and (9) show that two codewords and
are distinct as long as they are distinct triple. Furthermore, from (8)
and (9) the distance between and satisfies
Then we have
Theorem 3.5 For any prime power and even integer k there exists an
in which
1.
2. D satisfies (1) with c given in (10).
The code proposed in this paper overcomes this situation by allowing the
number of codewords to be determined independent of c. For sufficiently
large q, c is approximately equal to and so is independent of k. The
number of codewords is which increase with an increase in k
and so for a fixed value of q, the number of codewords can be increased
while keeping the level of security unchanged. This is a very important
property and makes the code a flexible construction for a wide range of
parameters.
16. A Code for Sequential Traitor Tracing 223
ACKNOWLEDGEMENT
The authors would like to thanks Takeyuki Uehara for pointing out
mistakes in the manuscript.
REFERENCES
[1] N.Alon and J.Spencer, The probabilistic method, Wiley, 1992.
[2] D.Boneh and M.Franklin, “An efficient public key traitor tracing scheme,” Advances
in Cryptology - CRYPTO'99, LNCS vol.1666, pp.338-353. Springer-Verlag, Berlin,
Heidelberg, New York, 1999.
[3] B.Chor, A.Fiat and M.Naor, “Tracing traitors,” Advances in Cryptology -
CRYPTO'94, LNCS vol.839, pp.257-270. Springer-Verlag, Berlin, Heidelberg, New
York, 1994.
[4] B.Chor, A.Fiat, M.Naor and B.Pinkas, “Tracing traitors,” IEEE Transactions on
Information Theory, Vol.46, No.3:893-910, 2000.
[5] A.J.Menezes (editor), Applications of finite fields, Kluwer Academic Publishers,
1993.
[6] A.Fiat and T.Tassa, “Dynamic traitor tracing,” Advances in Cryptology -
CRYPTO'99, LNCS vol.1666, pp.354-371. Springer-Verlag, Berlin, Heidelberg,
New York, 1999.
[7] K.Kurosawa and Y.Desmedt, “Optimum traitor tracing and asymmetric schemes’”
Advances in Cryptology - EUROCRYPT'98, LNCS vol.1462, pp. 502-517. Springer-
Verlag, Berlin, Heidelberg, New York, 1998.
[8] R.Lidl and H.Niederreiter, Finite fields, Addison-Wesley Publishing Company, 1983.
[9] B.Pfitzmann, “Trials of traced traitors,” Information Hiding, LNCS vol.1174, pp.49-
64. Springer-Verlag, Berlin, Heidelberg, New York, 1996.
[10] H.E. Rose, A Course in Number Theory, Oxford, Clarendon Press, 1994.
[11] R.Safavi-Naini and Y.Wang, “Sequential traitor tracing,” Advances in Cryptology -
CRYPTO 2000, LNCS vol.1880, pp.316-332. Springer-Verlag, Berlin, Heidelberg,
New York, 2000.
[12] R.Safavi-Naini and Y.Wang, “New results on frameproof codes and traceability
schemes,” IEEE Transactions on Information Theory, Vol. 47, No.7:3029-3033,
2001.
[13] R.Safavi-Naini and Y.Wang, “Sequential traitor tracing,” Submitted, 2002.
[14] D.Stinson and R.Wei, “Combinatorial properties and constructions of traceability
schemes and frameproof codes,” SI AM Journal on Discrete Mathematics, 11:41-53,
1998.
[15] D.R.Stinson and R.Wei, “Key preassigned traceability schemes for broadcast
encryption,” Proceedings of SAC'98, LNCS vol.1556, pp. 144-156. Springer-Verlag,
Berlin, Heidelberg, New York, 1999.
224 Chapter 16