some advances in broadcast encryption and traitor tracing
play

Some Advances in Broadcast Encryption and Traitor Tracing Duong - PowerPoint PPT Presentation

Oct 02, 2023 •569 likes •1.23k views

Some Advances in Broadcast Encryption and Traitor Tracing Duong Hieu Phan ( S eminaire LIPN - 18 Novembre 2014 ) Duong Hieu Phan Some Advances in BE&TT S eminaire LIPN 1 / 42 Multi-receiver Encryption From One-to-one to

  1. Some Advances in Broadcast Encryption and Traitor Tracing Duong Hieu Phan ( S´ eminaire LIPN - 18 Novembre 2014 ) Duong Hieu Phan Some Advances in BE&TT S´ eminaire LIPN 1 / 42

  2. Multi-receiver Encryption From “One-to-one” to ‘one-to-many” communications Provide all users with the same key → problems: Impossibility to know the source of the key leakage (traitor) 1 Impossibility to revoke a user, except by resetting the parameters 2 Duong Hieu Phan Some Advances in BE&TT S´ eminaire LIPN 2 / 42

  3. Broadcast Encryption [B91,FN94] & Traitor Tracing [CFN94] BO: 12 32:47 BO: 12 32:47 BO: 12 32:47 BO: 12 32:47 BO: 12 32:47 Desired Properties Tracing traitors from a pirate decoder 1 ◮ White-box tracing ◮ Black-box confirmation, black-box tracing Revoking non-legitimate users 2 Duong Hieu Phan Some Advances in BE&TT S´ eminaire LIPN 3 / 42

  4. Broadcasting & Tracing Composed by G.Allegri (around 1630) for use in the Sistine Chapel on Wednesday and Friday Kept secret by the Vatican Duong Hieu Phan Some Advances in BE&TT S´ eminaire LIPN 4 / 42

  5. Broadcasting & Tracing The piece was revealed in 1771 → Mozart Duong Hieu Phan Some Advances in BE&TT S´ eminaire LIPN 5 / 42

  6. Broadcasting & Tracing The piece was revealed in 1771 → Mozart Only Mozart can do it! Same idea in traitor tracing: identify who is capable of producing the pirate decoder Duong Hieu Phan Some Advances in BE&TT S´ eminaire LIPN 5 / 42

  7. Outline Randomized Exclusive Set System 1 Lattice-based Encryption 2 Extended Models 3 Duong Hieu Phan Some Advances in BE&TT S´ eminaire LIPN 6 / 42

  8. Outline Randomized Exclusive Set System 1 Lattice-based Encryption 2 Extended Models 3 Duong Hieu Phan Some Advances in BE&TT S´ eminaire LIPN 7 / 42

  9. Exclusive Set System (ESS) [ALO98] F is an ( N , ℓ, r , s ) -ESS if: F : a family of ℓ subsets of [ N ] For any R ⊆ [ N ] of size at most r , there exists S 1 , . . . S s ∈ F s.t. s � [ N ] − R = S i i = 1 Duong Hieu Phan Some Advances in BE&TT S´ eminaire LIPN 8 / 42

  10. Exclusive Set System (ESS) [ALO98] F is an ( N , ℓ, r , s ) -ESS if: F : a family of ℓ subsets of [ N ] For any R ⊆ [ N ] of size at most r , there exists S 1 , . . . S s ∈ F s.t. s � [ N ] − R = S i i = 1 From ESS to Revoke System Each S i ∈ F is associated to a key K i User u receives all keys K i that u ∈ S i To revoke a set R ⊆ [ N ] of size at most r : ◮ Find S 1 , . . . S s ∈ F s.t. [ N ] − R = � s i = 1 S i ◮ Encrypt the message with each key K i Duong Hieu Phan Some Advances in BE&TT S´ eminaire LIPN 8 / 42

  11. NNL Schemes viewed as Exclusive Set Systems [NNL01] S 1 S S 2 3 S S S S 5 6 7 4 S S S S S S S S 9 10 11 12 13 14 15 8 u u u u u u u u 2 3 5 1 4 6 7 8 F = { S 1 , S 2 , . . . , S 15 } S i contains all users ( i.e. leaves) in the subtree of node i (e.g. S 2 = { u 1 , u 2 , u 3 , u 4 } ) Revoked set R = { u 4 , u 5 , u 6 } Encrypt with keys at S 4 , S 7 , S 10 Complete-subtree is a ( N , 2 N − 1 , r , r log ( N / r )) -ESS Duong Hieu Phan Some Advances in BE&TT S´ eminaire LIPN 9 / 42

  12. Exclusive Set System under Code’s View u 1 u 2 u 3 u 4 u 5 u 6 u 7 u 8 S 1 1 1 1 1 1 1 1 1 S 2 1 1 1 1 S 3 1 1 1 1 S 4 1 1 S 5 1 1 S 1 S 6 1 1 S S 2 3 S 7 1 1 S S S S 4 5 6 7 S 8 1 1 S S S S S S S S 12 14 9 10 11 13 15 8 S 9 1 u u u u u u u u 2 3 5 1 4 6 7 8 S 10 1 S 11 1 S 12 1 S 13 1 S 14 1 S 15 1 Duong Hieu Phan Some Advances in BE&TT S´ eminaire LIPN 10 / 42

  13. NNL Schemes u 1 u 2 u 3 u 4 u 5 u 6 u 7 u 8 S 1 1 1 1 1 1 1 1 1 S 2 1 1 1 1 S 3 1 1 1 1 S 4 1 1 S 5 1 1 S 1 S 6 1 1 S 7 1 1 S S 2 3 S 8 1 1 S S 9 1 S S S 4 5 6 7 S 10 1 S S S S S S S S S 11 1 9 10 11 12 13 14 15 8 S 12 1 u u u u u u u u 2 3 5 1 4 6 7 8 S 13 1 S 14 1 S 15 1 Tracing Levels for NNL schemes Relaxed level of black-box tracing Black-box tracing for “naive” decoders Duong Hieu Phan Some Advances in BE&TT S´ eminaire LIPN 11 / 42

  14. NNL Schemes u 1 u 2 u 3 u 4 u 5 u 6 u 7 u 8 S 1 1 1 1 1 1 1 1 1 S 2 1 1 1 1 S 3 1 1 1 1 S 4 1 1 S 5 1 1 S 1 S 6 1 1 S 7 1 1 S S 2 3 S 8 1 1 S S 9 1 S S S 4 5 6 7 S 10 1 S S S S S S S S S 11 1 9 10 11 12 13 14 15 8 S 12 1 u u u u u u u u 2 3 5 1 4 6 7 8 S 13 1 S 14 1 S 15 1 Weakness in Black-box Tracing Highly structured matrix Pirate could thus detect “dangerous” queries and refuse to decrypt Duong Hieu Phan Some Advances in BE&TT S´ eminaire LIPN 11 / 42

  15. NNL Schemes u 1 u 2 u 3 u 4 u 5 u 6 u 7 u 8 S 1 1 1 1 1 1 1 1 1 S 2 1 1 1 1 S 3 1 1 1 1 S 4 1 1 S 5 1 1 S 1 S 6 1 1 S 7 1 1 S S 2 3 S 8 1 1 S S 9 1 S S S 4 5 6 7 S 10 1 S S S S S S S S S 11 1 9 10 11 12 13 14 15 8 S 12 1 u u u u u u u u 2 3 5 1 4 6 7 8 S 13 1 S 14 1 S 15 1 In General, Previous Results for ESS Black-box tracing for “naive” decoders (decrypt all ciphertexts without any strategy) c -traceability: a white-box tracing for “imperfect” decoders Duong Hieu Phan Some Advances in BE&TT S´ eminaire LIPN 11 / 42

  16. NNL Schemes u 1 u 2 u 3 u 4 u 5 u 6 u 7 u 8 S 1 1 1 1 1 1 1 1 1 S 2 1 1 1 1 S 3 1 1 1 1 S 4 1 1 S 5 1 1 S 1 S 6 1 1 S 7 1 1 S S 2 3 S 8 1 1 S S 9 1 S S S 4 5 6 7 S 10 1 S S S S S S S S S 11 1 9 10 11 12 13 14 15 8 S 12 1 u u u u u u u u 2 3 5 1 4 6 7 8 S 13 1 S 14 1 S 15 1 Our Objectives Black-box tracing in ESS for “smart” decoders (efficiency comparable to NNL schemes) Duong Hieu Phan Some Advances in BE&TT S´ eminaire LIPN 11 / 42

  17. Randomized ESS Recall 1 row → 1 subset → 1 key 1 column → 1 user → user j has key K i iff M ij = 1 Duong Hieu Phan Some Advances in BE&TT S´ eminaire LIPN 12 / 42

  18. Randomized ESS Recall 1 row → 1 subset → 1 key 1 column → 1 user → user j has key K i iff M ij = 1 Duong Hieu Phan Some Advances in BE&TT S´ eminaire LIPN 12 / 42

  19. Randomized ESS Property Set n = r log 2 ( N 2 e / r ) , b = 4 r With overwhelming probability → ( N , 8 r 2 log N , r , 8 r log N ) -ESS. (complete-subtree is ( N , 2 N − 1 , r , r ( log ( N / r )) -ESS) Duong Hieu Phan Some Advances in BE&TT S´ eminaire LIPN 12 / 42

  20. Tracing for ESS White-box Tracer can open the box → get the pirate word w which is the union of traitors’ codewords Duong Hieu Phan Some Advances in BE&TT S´ eminaire LIPN 13 / 42

  21. White-box Tracing for ESS White-box Tracing ( r , s , N , l ) -ESS is also a r -disjunct matrix, i.e., no column is contained in the union of any r other columns r -disjunct matrix: from the union of at most r columns, one can find back the r columns (the Group Testing technique ) ↔ Given the pirate word w , trace back the traitors Duong Hieu Phan Some Advances in BE&TT S´ eminaire LIPN 14 / 42

  22. White-box Tracing for ESS White-box Tracing ( r , s , N , l ) -ESS is also a r -disjunct matrix, i.e., no column is contained in the union of any r other columns r -disjunct matrix: from the union of at most r columns, one can find back the r columns (the Group Testing technique ) ↔ Given the pirate word w , trace back the traitors Challenge for Black-box Tracing How to find the pirate word w ? Duong Hieu Phan Some Advances in BE&TT S´ eminaire LIPN 14 / 42

  23. Black-box Tracing for ESS Shadow Group Testing Technique[NPP , Algorithmica13] Black-box access to pirate decoder Asking random queries of the same form as broadcasted ciphertexts Duong Hieu Phan Some Advances in BE&TT S´ eminaire LIPN 15 / 42

  24. Black-box Tracing for ESS Shadow Group Testing Technique[NPP , Algorithmica13] Black-box Access to Pirate Decoder Asking random queries of the same form as broadcasted ciphertexts Duong Hieu Phan Some Advances in BE&TT S´ eminaire LIPN 15 / 42

  25. Black-box Tracing for ESS Shadow Group Testing Technique[NPP , Algorithmica13] Test the decryptability of the piarte decoder on the queries → Get “Feedback” vector = union of the columns at position 1 in the pirate word w Duong Hieu Phan Some Advances in BE&TT S´ eminaire LIPN 15 / 42

  26. Black-box Tracing for ESS Shadow Group Testing Technique[NPP , Algorithmica13] We show that the matrix of queries is also an ESS → From “Feedback” vector, get the pirate word w Large number of queries → the tracing is efficient when the number of traitors is O ( log N ) Duong Hieu Phan Some Advances in BE&TT S´ eminaire LIPN 15 / 42

  27. Black-box Tracing for ESS Shadow Group Testing Technique[NPP , Algorithmica13] In brief: We get ( N , 8 r 2 log N , r , 8 r log N ) -ESS Ciphertext: constant factor w.r.t the complete-subtree and a log N factor w.r.t the subset-difference scheme The first black-box tracing ESS against non-naive pirates Duong Hieu Phan Some Advances in BE&TT S´ eminaire LIPN 15 / 42

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Broadcast Encryption and Some Other Primitives Lecture 24 Broadcast Encryption Broadcast

Broadcast Encryption and Some Other Primitives Lecture 24 Broadcast Encryption Broadcast

Broadcast Encryption and Some Other Primitives Lecture 24 Broadcast Encryption Broadcast Encryption Encrypt to a subset of users in the system Broadcast Encryption Encrypt to a subset of users in the system e.g., subscribers who haven t

1.62k views • 113 slides
Multiparty Key Exchange, Efficient Traitor Tracing, and More from Indistinguishability Obfuscation

Multiparty Key Exchange, Efficient Traitor Tracing, and More from Indistinguishability Obfuscation

Multiparty Key Exchange, Efficient Traitor Tracing, and More from Indistinguishability Obfuscation Dan Boneh Mark Zhandry Stanford University {dabo, zhandry}@cs.stanford.edu Abstract In this work, we show how to use indistinguishability

780 views • 49 slides
Risky Traitor Tracing and New Differential Privacy Negative Results Rishab Goyal Venkata Koppula

Risky Traitor Tracing and New Differential Privacy Negative Results Rishab Goyal Venkata Koppula

Risky Traitor Tracing and New Differential Privacy Negative Results Rishab Goyal Venkata Koppula Andrew Russell Brent Waters Hardness of Non-Interactive Differential Privacy from One-Way Functions Lucas Kowalczyk Tal Malkin Jonathan

649 views • 20 slides
Computer Graphics CS 543 Lecture 13 (Part 2) Advances in Graphics Prof Emmanuel Agu Computer

Computer Graphics CS 543 Lecture 13 (Part 2) Advances in Graphics Prof Emmanuel Agu Computer

Computer Graphics CS 543 Lecture 13 (Part 2) Advances in Graphics Prof Emmanuel Agu Computer Science Dept. Worcester Polytechnic Institute (WPI) Recall: Accelerating Ray Tracing To accelerate ray tracing, place grid over scene Test cells

770 views • 47 slides
Broadcast Receiver Why do we need Broadcast Receiver? Broadcast Receivers Broadcast receiver

Broadcast Receiver Why do we need Broadcast Receiver? Broadcast Receivers Broadcast receiver

Broadcast Receiver Why do we need Broadcast Receiver? Broadcast Receivers Broadcast receiver (a BroadcastReceiver subclass) is one of the application's components. Broadcast receivers enable applications to receive intents that are

560 views • 18 slides
Broadcast Receiver Why do we need Broadcast Receiver? Broadcast Receivers Broadcast receiver

Broadcast Receiver Why do we need Broadcast Receiver? Broadcast Receivers Broadcast receiver

Broadcast Receiver Why do we need Broadcast Receiver? Broadcast Receivers Broadcast receiver (a BroadcastReceiver subclass) is one of the application's components. Broadcast receivers enable applications to receive intents that are

597 views • 17 slides
Advanced Ray Tracing 1 2/8/2006 Distributed Ray Tracing Distributed ray tracing is an

Advanced Ray Tracing 1 2/8/2006 Distributed Ray Tracing Distributed ray tracing is an

Advanced Ray Tracing 1 2/8/2006 Distributed Ray Tracing Distributed ray tracing is an elegant technique that tackles many problems at once Stochastic ray tracing: distribute rays stochastically across pixel Distributed ray tracing:

327 views • 8 slides
MIT 6.837 - Ray Tracing Ray Tracing MIT EECS 6.837 Most slides are taken from Frdo Durand and

MIT 6.837 - Ray Tracing Ray Tracing MIT EECS 6.837 Most slides are taken from Frdo Durand and

MIT 6.837 - Ray Tracing Ray Tracing MIT EECS 6.837 Most slides are taken from Frdo Durand and Barb Cutler Some slides courtesy of Leonard McMillan 1 2 Ray Tracing Ray Tracing Ray Tracing kills two birds with one stone: Solves the

327 views • 11 slides
On Symmetric Key Broadcast Encryption Sanjay Bhattacherjee and Palash Sarkar Indian Statistical

On Symmetric Key Broadcast Encryption Sanjay Bhattacherjee and Palash Sarkar Indian Statistical

On Symmetric Key Broadcast Encryption Sanjay Bhattacherjee and Palash Sarkar Indian Statistical Institute, Kolkata Elliptic Curve Cryptography (This is not) 2014 isilogo Bhattacherjee and Sarkar Symmetric Key BE 10th Oct, 2014 1 / 53

1.67k views • 94 slides
BROADCAST RECEIVER SERVICE Broadcast receiver A broadcast receiver is a dormant component of

BROADCAST RECEIVER SERVICE Broadcast receiver A broadcast receiver is a dormant component of

BROADCAST RECEIVER SERVICE Broadcast receiver A broadcast receiver is a dormant component of the Android system. Only an Intent (for which it is registered) can bring it into action. Using a Broadcast Receiver, applications can

951 views • 51 slides
BROADCAST RECEIVER SERVICES Broadcast receiver A broadcast receiver is a dormant component of

BROADCAST RECEIVER SERVICES Broadcast receiver A broadcast receiver is a dormant component of

BROADCAST RECEIVER SERVICES Broadcast receiver A broadcast receiver is a dormant component of the Android system. Only an Intent (for which it is registered) can bring it into action. Using a Broadcast Receiver, applications can

789 views • 50 slides
Ruby Monstas Session 17: Interlude: Encryption Encryption What comes to mind if you think about

Ruby Monstas Session 17: Interlude: Encryption Encryption What comes to mind if you think about

Ruby Monstas Session 17: Interlude: Encryption Encryption What comes to mind if you think about encryption? Encryption Certificates Crypto Currencies Public Key AES Encryption Privacy SSH VPN HTTPS TLS Quantum Digital Signatures

837 views • 46 slides
Ray Tracing 1 Ray Tracing Ray Tracing kills two birds with one stone: Solves the Hidden

Ray Tracing 1 Ray Tracing Ray Tracing kills two birds with one stone: Solves the Hidden

Ray Tracing 1 Ray Tracing Ray Tracing kills two birds with one stone: Solves the Hidden Surface Removal problem Evaluates an improved global illumination model shadows ideal specular reflections ideal specular refractions

586 views • 19 slides
Introduction to Path Tracing Marc Sunet Table of contents From Ray Tracing to Path Tracing The

Introduction to Path Tracing Marc Sunet Table of contents From Ray Tracing to Path Tracing The

Introduction to Path Tracing Marc Sunet Table of contents From Ray Tracing to Path Tracing The Rendering Equation Monte Carlo Integration A Basic Path Tracer Variance Reduction and Optimisation Techniques Additional Resources Plan From Ray

1.08k views • 54 slides
Recent Advances in Adap.ve Sampling and Reconstruc.on for Monte

Recent Advances in Adap.ve Sampling and Reconstruc.on for Monte

Recent Advances in Adap.ve Sampling and Reconstruc.on for Monte Carlo Rendering Deriva've Analysis Wojciech Jarosz wjarosz@disneyresearch.com Thursday, July 16, 15 Path tracing -

1.36k views • 99 slides
Wifi Wireless Encryption Unencrypted WEP WPA-2 Threat Model- Unencrypted Threat

Wifi Wireless Encryption Unencrypted WEP WPA-2 Threat Model- Unencrypted Threat

Wifi Wireless Encryption Unencrypted WEP WPA-2 Threat Model- Unencrypted Threat Model- Unencrypted SSID Hiding SSID - network name LoboGuest eduroam Default broadcast SSID SSID hiding do not broadcast SSID

552 views • 18 slides
Group Signatures [CH91] allow a member to anonymously and accountably sign on behalf of a group.

Group Signatures [CH91] allow a member to anonymously and accountably sign on behalf of a group.

E FFICIENT D ISTRIBUTED T AG -B ASED E NCRYPTION AND ITS A PPLICATION TO G ROUP S IGNATURES WITH E FFICIENT D ISTRIBUTED T RACEABILITY Essam Ghadafi (Presented by Enrique Larraia) ghadafi@cs.bris.ac.uk University of Bristol Latincrypt 2014 E

348 views • 33 slides
Improving Trace Accuracy through Data-Driven Configuration and Composition of Tracing Features

Improving Trace Accuracy through Data-Driven Configuration and Composition of Tracing Features

Improving Trace Accuracy through Data-Driven Configuration and Composition of Tracing Features Barleen Kaur COMP 762 What is traceability? Traces are navigable links between data held in software artifacts (like requirement document, design

757 views • 17 slides
Comparison of complementary statistical analysis approaches in metabolomic food traceability Ral

Comparison of complementary statistical analysis approaches in metabolomic food traceability Ral

Comparison of complementary statistical analysis approaches in metabolomic food traceability Ral Gonzlez-Domnguez 1,2* , Ana Sayago 1,2 , ngeles Fernndez-Recamales 1,2 1 Department of Chemistry, Faculty of Experimental Sciences,

377 views • 13 slides
Scott Hebbard Scott Hebbard Communicatjons Manager at Sparx Systems Over 2 decades of

Scott Hebbard Scott Hebbard Communicatjons Manager at Sparx Systems Over 2 decades of

Scott Hebbard Scott Hebbard Communicatjons Manager at Sparx Systems Over 2 decades of experience in computjng and modeling Sparx Systems Sparx Systems Enterprise Architect: Commercially released in 2000 Based in Creswick, near

848 views • 53 slides
EGI-InSPIRE Cloud Security Implementations/Policies/Certification Sven Gabriel, sveng@nikhef.nl

EGI-InSPIRE Cloud Security Implementations/Policies/Certification Sven Gabriel, sveng@nikhef.nl

EGI-InSPIRE Cloud Security Implementations/Policies/Certification Sven Gabriel, sveng@nikhef.nl Nikhef http://nikhef.nl EGI-CSIRT https://wiki.egi.eu/wiki/EGI CSIRT:Main Page EGI Federated Clouds F2F meeting 13/14 Jan 2014, Oxord, UK 1

716 views • 27 slides
Requirements Engineering Requirem ents Engineering Unit 6: Requirem ents Engineering process

Requirements Engineering Requirem ents Engineering Unit 6: Requirem ents Engineering process

10/ 13/ 2009 | 1 10/ 13/ 2009 | 2 Course outline Requirements Engineering Requirem ents Engineering Unit 6: Requirem ents Engineering process Use case approach for requirements management Requirem ents elicitation Department of

623 views • 25 slides
Formal Methods in Aerospace: Constraints, Assets and Challenges Virginie Wiels ONERA/DTIM

Formal Methods in Aerospace: Constraints, Assets and Challenges Virginie Wiels ONERA/DTIM

Formal Methods in Aerospace: Constraints, Assets and Challenges Virginie Wiels ONERA/DTIM 1 Overview Constraints 1. certification Assets 2. industrial practice of formal methods Challenges 3. research themes at Onera Focus on

589 views • 46 slides
On the traceability in a graph roundtrip On the traceability in a graph roundtrip transformation

On the traceability in a graph roundtrip On the traceability in a graph roundtrip transformation

On the traceability in a graph roundtrip On the traceability in a graph roundtrip transformation system GRoundTram transformation system GRoundTram Soichiro Hidaka National Institute of Informatics Workshop on Bidirectional

449 views • 33 slides

More recommend