Research Of Traitor Tracing Scheme Based On Broadcast Encryption

Traitor tracing is an international intercrossed research direction which rose recently in 1990s. In recent years, traitor tracing has received a quite rapid development, its research personnel has increased very quickly and now it has become a hot research project of information security field. Now traitor tracing has two main research direction : (1) traitor tracing based on broadcast encryption; (2) traitor tracing based on fingerprinting (watermark). This dissertation mainly focuses on traitor tracing based broadcast encryption. Our research has better academic value and applied value.In this dissertation, many research work has been done around some important properties of traitor tracing based on broadcast encryption, some main features of traitor tracing have been studied systematically, which include multi-service, collusion-resistance, asymmetry, adding or revoking subscriber, long-lived subscriber's key, black-box tracing efficiency, security and so on.The main contributions of this dissertation are summarized as follows:1. A traitor tracing scheme based on RSA is analyzed, an obvious bug is founded, and the problem is solved by introducing a random number. A public key traitor tracing scheme based on discrete logarithm problem is analyzed, the scheme is actually limited by the revocable threshold. In addition, a blinded secret key attack model of traitor tracing is proposed.2. An improved traitor tracing scheme of Matsushita is proposed by using OPE(Oblivious Polynomial Evaluation) protocol and service parameter. On the basis of maintaining Matsushita scheme's features such as flexible user revocation, black-box tracing and security, the advantages such as providing multi-service and preventing traitors from repudiation (asymmetry) are added. Furthermore, the whole capabilities of the improved scheme are better than that of Matsushita's. A collusion-resistant asymmetric public-key traitor tracing scheme for multi-channel services is proposed. The proposed scheme has many advantages such as multi-service, collusion-resistance, asymmetry, long-lived subscriber's key and black-box tracing. It is proved to be semantically secure under the DDH (Diffie-Hellman Problem) assumption and its whole capabilities are much better than that of the existing ones. In addition, An improved traitor tracing scheme of To is proposed by using OPE protocol and service parameters. Under the precondition of general sameness capabilities of both To's and improved To's scheme, the proposed scheme adds some advantages such as providing multi-service capability, user' s non-repudiation and data provider's no-framing innocent users. Furthermore, it is also proved to be semantically secure under the DBDH (decisional bilinear Diffie-Hellman problem) assumption.3. A traitor tracing scheme on LIFP(large integer factoring problem) is proposed, the essential idea of which is that an equation based on LIFP is constructed and a parameter is introduced to transfer service private-key. In decryption procedure, the session key can be obtained by the equation and the service private-key. Compared with the existing two traitor tracing schemes, this scheme has many advantages such as collusion-resistance, black-box traitor tracing, ciphertexts of constant size, adding or revoking users, forward-security and backward-security. Furthermore, its whole capabilities are better than that of the existing ones. On the basis of the above scheme, an extended multi-service oriented traitor tracing scheme on LIFP is proposed, the extended scheme adds multi-service(for example, multiple television channel services, multiple database services) except all the advantages of the above scheme.4. Four mixed traitor tracing scheme are proposed, the essential idea of which is the session key S was divided into a sum of S₁ and S₂. S₁ is decrypted by scheme 1, S₂ is scheme 2.0n the basis of a combination of the scheme 1 and scheme 2, a new traitor tracing scheme is formed, which has both advantages of them, meanwhile overcomes their disadvantages. The main contributions of the first mixed scheme is hat it has some good features as follows: it can prevent traitors from collusion attack; DS(Data Supplier) can provide non-repudiation proof to the third party; it does not need to open the pirate decoders and can trace traitors only by request and response manner. Except all the features of the first scheme, the second mixed scheme adds a feature of long-lived subscriber's key, it means that it does not to change the present subscribers' private keys when adding or revoking users. Except all the features of the second scheme, the third mixed scheme adds a feature of multi-service. The fourth mixed scheme has the same features as the third scheme, but their construction method is different and each one has its unique value.5. A buyer-seller watermarking protocol without the third party was proposed, which uses the idea of secret sharing and homomorphic public key cryptosystem. For a transaction, a piece of secret was produced by the buyer and the seller respectively, and the two pieces of secret was mixed into one secret in encrypted domain, which was embedded in a digital product as a watermark. The pirate tracing problem, the customer's problem and other problems can be solved. Meanwhile, the conspiracy problem can be completely avoided because of no the third party.