Tatsuyuki Matsushita

A Public-Key Black-Box Traitor Tracing Scheme with Sublinear Ciphertext Size Against Self-Defensive Pirates

We propose a public-key traitor tracing scheme in which (1) the size of a ciphertext is sublinear in the number of receivers and (2) black-box tracing is efficiently achieved against self-defensive pirate decoders. When assuming that a pirate decoder can take some self-defensive reaction (e.g., erasing all of the internal keys and shutting down) to escape from tracing if it detects tracing, it has been an open question to construct a sublinear black-box traitor tracing scheme that can detect efficiently at least one traitor (who builds the pirate decoder) with overwhelming probability, although a tracing algorithm that works successfully against self-defensive pirate decoders itself is known. In this paper, we answer affirmatively the above question by presenting a concrete construction of a public-key black-box tracing scheme in which the known tracing algorithm can be used while keeping the size of a ciphertext sublinear.

Unforgeability of re-encryption keys against collusion attack in proxy re-encryption

Proxy re-encryption (PRE) allows a proxy to convert a ciphertext encrypted for Alice (delegator) into a ciphertext for Bob (delegatee) by using a re-encryption key generated by Alice. In PRE, non-transferability is a desirable property that colluding proxies and delegatees cannot re-delegate decryption rights to a malicious user. However, it seems to be very difficult to directly construct a nontransferable PRE scheme albeit such attempts as in [9,15,8]. In this paper, we discuss the non-transferability and introduce a relaxed notion of the nontransferability, the unforgeability of re-encryption keys against collusion attack (UFReKey-CA), as one approach toward the non-transferability. We then propose two concrete constructions of PRE without random oracles that meet replayable-CCA security and UFReKey-CA assuming the q-wDBDHI and a variant of DHI problems are hard. Although the proposed schemes are partial solutions to non-transferable PRE, we believe that the results are significant steps toward the non-transferability.

Hierarchical key assignment for black-box tracing with efficient ciphertext size

We propose a hierarchical key-assignment method to reduce the ciphertext size in a black-box tracing scheme presented at ASIACRYPT 2004. Applying the proposed method to this scheme, the ciphertext size is reduced from to O(k+log(n/k)) without a substantial increase in the decryption-key size, where k,n denote the maximum number of colluders in a coalition and the total number of receivers respectively. The resulting scheme also supports black-box tracing and enjoys the following properties: Even if a pirate decoder does not respond any further queries when it detects itself being examined, the pirate decoder can be traced back to a person who participated in its construction. A tracers key, which is necessary for black-box tracing, is public.

A Flexible-Revocation Scheme for Efficient Public-Key Black-Box Traitor Tracing*A preliminary version of this paper was presented at Fourth International Conference on Information and Communications Security (ICICS 2002) [1].

We propose a new type of revocation scheme for efficient public-key black-box traitor tracing. Our revocation scheme is flexible and efficient in the sense that (i) any number of subscribers can be revoked in each distribution under an assumption that the number of revoked subscribers who collude in one coalition is limited to a threshold and (ii) both each subscribers storage and the transmission overhead are independent of n, while (i) the maximum number of revoked ones cannot be changed or (ii) they depend on n in previous schemes, where n is the total number of subscribers. The flexibility in revocation is significant since flexible revocation can be integrated with efficient black-box tracing and this integration can be achieved without a substantial increase in the transmission overhead over the previous schemes. In this paper, we present a concrete construction of an efficient public-key black-box traceable and revocable scheme by combining flexible revocation with a known black-box tracing algorithm which works under the same attack model as assumed in the previous schemes. Our scheme achieves that (i) the transmission overhead remains efficient, especially linear only in k in case of bulk revocation and (ii) the tracing algorithm runs in O(log n) time, while the previous ones cannot satisfy both of these properties, where k is the maximum number of traitors in a coalition.

A Flexibly Revocable Key-Distribution Scheme for Efficient Black-Box Tracing

We propose a new type of revocation scheme for efficient public-key black-box traitor tracing. Our revocation scheme is flexible in the sense that any number of subscribers can be revoked in each distribution under an assumption that the number of revoked subscribers who collude in one coalition is limited to a threshold, while the maximum number of revoked ones cannot be changed in previous schemes. The flexibility in revocation is significant since flexible revocation can be integrated with efficient black-box tracing and this integration can be achieved without a substantial increase in the transmission overhead over the previous schemes. In this paper, we present an efficient public-key revocable and black-box-traceable scheme by combining flexible revocation with two known black-box-tracing algorithms.

A peer-to-peer content-distribution scheme resilient to key leakage

We consider a problem of key leakage in peer-to-peer (P2P) content distribution. In content-distribution services, content is encrypted so that only legitimate users can access the content. Users (peers) cannot be fully trusted in a P2P network because malicious ones might leak their decryption keys. If the redistribution of decryption keys occurs, copyright holders may incur great losses caused by free riders who access content without purchasing it. Therefore, it is essential to solve this problem. In this paper, we propose a P2P content-distribution scheme resilient to the key leakage, and show its feasibility by conducting a large-scale experiment in a real network.