Broadcast Encryption And Traitor Tracing With The Application In Electronic Commerce

Traitor tracing schemes are very useful tools for preventing piracy in digital content distribution systems. Broadcast encryption assures that only legitimate users will receive the plaintext datum, and traitor tracing enhances the defence against pirates. A traitor tracing procedure allows the system-manager to reveal the identities of the subscribers that were implicated in the construction of a pirate-device that illegally receives the digital content (called traitors). In the area of broadcast encryption and traitor tracing, the author achieves the following main results.(1) A new identity-based public-key traitor tracing scheme is constructed by using the identity-based encryption scheme of Boneh and Franklin. This scheme is the first concrete construction of asymmetric traitor tracing mechanism that does not rely on trusted agents and not use the costly Oblivious Polynomial Evaluation mechanism.(2) An identity-based public-key broadcast encryption scheme is proposed by using the "subset-cover" framework and the identity-based encryption scheme of Boneh and Franklin. With the subset-cover mechanism, the enabling header from the encrypted session key is shorter and the scheme can work for the large-scale broadcast system. The realization of asymmetry and non-repudiation does not rely on trusted agents and the costly Oblivious Polynomial Evaluation mechanism.(3) An asymmetric public-key traitor tracing scheme is proposed based on the bilinear map on elliptic curves. The achievement is the absolute black-box tracing, the perfect revocation property and provable security. The security of the scheme is based on the difficulty of Bilinear Decision Diffie-Hellman (BDDH) problem on elliptic curves.(4) We have an in-depth study on fast public-key cryptosystem NTRU. A new traitor tracing scheme is proposed by using the efficient and computationally inexpensive public key cryptosystem NTRU and the Chinese remainder theorem. The proposed scheme is the first concrete construction of NTRU-based public-key traitor tracing and has the advantages of extremely efficient encryption and decryption, fast and easy key creation, low memory requirements and short enabling header without relation to the number of users.(5) Another broadcast encryption scheme based on the fast public-key cryptosystem NTRU is proposed. Without using the Chinese remainder theorem, this construction avoids the problem of filtrating vast prime numbers. The proposed scheme is also efficient and computationally inexpensive. It takes 0(N²) operations to encrypt or decrypt a session key block of length N , which makes it considerably faster than the previous ones. Furthermore, the key length of the proposed scheme is only O(N). Besides its high efficiency, our scheme contains some other desirable and necessary features, such as traitor tracing. With its complexity only O(log₂n), the tracing algorithm of this system is more efficient than that of the previous ones. We also can revoke some users without redistributing a new secret key to other un-revoked users, which is desirable in broadcast encryption.(6) We also have a study on the fast public-key cryptosystem XTR, and give some elementary idea on the application of XTR in traitor tracing. As a semi finished achievement, we also propose a traitor tracing scheme based on XTR which may become a reference for some investigators.(7) Aiming at the problem that broadcast encryption is faced with in applications, we construct a broadcast encryption that is in favor of monitoring. The proposed scheme shows that the Weil pairing enables us to add a global escrow capability to the traitor tracing system. A single escrow key enables the decryption of ciphertexts encrypted under any public key, which is essential for the system manager to manage the global situation. The authorities can also supervise the entire market and forbid the spread of bad information with the global escrow capability. In addition, with the same security this scheme, whose operations are on elliptic curves, is more efficient than the previous schemes based on the discrete-log problem over the group G.(8) A new multi-service oriented broadcast encryption scheme is proposed. In this novel work, users' memory requirements are without relations to the number of the services they purchase. At subscribing more services, service unsubscription, providing new services and system updating, the users need not renew their decryption keys.