Tmm Thijs Laarhoven

Dynamic Tardos Traitor Tracing Schemes

We construct binary dynamic traitor tracing schemes, where the number of watermark bits needed to trace and disconnect any coalition of pirates is quadratic in the number of pirates, and logarithmic in the total number of users and the error probability. Our results improve upon results of Tassa, and our schemes have several other advantages, such as being able to generate all codewords in advance, a simple accusation method, and flexibility when the feedback from the pirate network is delayed.

Dynamic traitor tracing for arbitrary alphabets: Divide and conquer

We give a generic divide-and-conquer approach for constructing collusion-resistant probabilistic dynamic traitor tracing schemes with larger alphabets from schemes with smaller alphabets. This construction offers a linear tradeoff between the alphabet size and the codelength. In particular, we show that applying our results to the binary dynamic Tardos scheme of Laarhoven et al. leads to schemes that are shorter by a factor equal to half the alphabet size. Asymptotically, these codelengths correspond, up to a constant factor, to the fingerprinting capacity for static probabilistic schemes. This gives a hierarchy of probabilistic dynamic traitor tracing schemes, and bridges the gap between the low bandwidth, high codelength scheme of Laarhoven et al. and the high bandwidth, low codelength scheme of Fiat and Tassa.

Asymptotics of Fingerprinting and Group Testing: Tight Bounds From Channel Capacities

In this paper, we consider the large-coalition asymptotics of various fingerprinting and group testing games, and derive explicit expressions for the capacities for each of these models. We do this both for simple (fast but suboptimal) and arbitrary, joint decoders (slow but optimal). For fingerprinting, we show that if the pirate strategy is known, the capacity often decreases linearly with the number of colluders, instead of quadratically as in the uninformed fingerprinting game. For all considered attacks, the joint capacity is shown to be strictly higher than the simple capacity, including the interleaving attack. This last result contradicts the results of Huang and Moulin regarding the joint fingerprinting capacity, which implies that finding the fingerprinting capacity without restrictions on the tracers capabilities remains an open problem. For group testing, we improve upon the previous work about the joint capacities, and derive new explicit asymptotics for the simple capacities of various models. These show that the existing simple group testing algorithms of Chan et al. are suboptimal, and that simple decoders cannot asymptotically be as efficient as joint decoders. For the traditional group testing model, we show that the gap between the simple and joint capacities is a factor log2(e) ≈ 1.44 for large numbers of defectives.

Efficient Ideal Lattice Sieving Using Cross-Polytope LSH

Combining the efficient cross-polytope locality-sensitive hash family of Terasawa and Tanaka with the heuristic lattice sieve algorithm of Micciancio and Voulgaris, we show how to obtain heuristic and practical speedups for solving the shortest vector problem SVP on both arbitrary and ideal lattices. In both cases, the asymptotic time complexity for solving SVP in dimension n is

Faster Sieving for Shortest Lattice Vectors Using Spherical Locality-Sensitive Hashing

2^{0.298n + on}

Discrete distributions in the tardos scheme, revisited

. For any lattice, hashes can be computed in polynomial time, which makes our CPSieve algorithm much more practical than the SphereSieve of Laarhoven and de Weger, while the better asymptotic complexities imply that this algorithm will outperform the GaussSieve of Micciancio and Voulgaris and the HashSieve of Laarhoven in moderate dimensions as well. We performed tests to show this improvement in practice. For ideal lattices, by observing that the hash of a shifted vector is a shift of the hash value of the original vector and constructing rerandomization matrices which preserve this property, we obtain not only a linear decrease in the space complexity, but also a linear speedup of the overall algorithm. We demonstrate the practicability of our cross-polytope ideal lattice sieve ICPSieve by applying the algorithm to cyclotomic ideal lattices from the ideal SVP challenge and to lattices which appear in the cryptanalysis of NTRU.

Dynamic traitor tracing schemes, revisited

Inspired by recent results from collusion-resistant traitor tracing, we provide a framework for constructing efficient probabilistic group testing schemes. In the traditional group testing model, our scheme asymptotically requires T ~ 2K ln N tests to find (with high probability) the correct set of K defectives out of N items. The framework is also applied to several noisy group testing and threshold group testing models, often leading to improvements over previously known results, but we emphasize that this framework can be applied to other variants of the classical model as well, both in adaptive and in non-adaptive settings.

Tuple decoders for traitor tracing schemes

Recently, it was shown that angular locality-sensitive hashing LSH can be used to significantly speed up lattice sieving, leading to a heuristic time complexity for solving the shortest vector problem SVP of