首页> 外文会议>International Conference on the Theory and Application of Cryptology and Information Security >Collusion Resistant Trace-and-Revoke for Arbitrary Identities from Standard Assumptions
【24h】

Collusion Resistant Trace-and-Revoke for Arbitrary Identities from Standard Assumptions

机译:从标准假设的任意身份造成抗坏抵抗和撤销

获取原文

摘要

A traitor tracing scheme is a multi-user public-key encryption scheme where each user in the system holds a decryption key that is associated with the user's identity. Using the public key, a content distributor can encrypt a message to all of the users in the system. At the same time, if a malicious group of users combine their respective decryption keys to build a "pirate decoder," there is an efficient tracing algorithm that the content distributor can use to identify at least one of the keys used to construct the decoder. A trace-and-revoke scheme is an extension of a standard traitor tracing scheme where there is an additional key-revocation mechanism that the content distributor can use to disable the decryption capabilities of compromised keys. Namely, during encryption, the content distributor can encrypt a message with respect to a list of revoked users such that only non-revoked users can decrypt the resulting ciphertext. Trace-and-revoke schemes are challenging to construct. Existing constructions from standard assumptions can only tolerate bounded collusions (i.e., there is an a priori bound on the number of keys an adversary obtains), have system parameters that scale exponentially in the bitlength of the identities, or satisfy weaker notions of traceability that are vulnerable to certain types of "pirate evolution" attacks. In this work, we provide the first construction of a trace-and-revoke scheme that is fully collusion resistant and capable of supporting arbitrary identities (i.e., the identities can be drawn from an exponential-size space). Our scheme supports public encryption and secret tracing, and can be based on the sub-exponential hardness of the LWE problem (with a super-polynomial modulus-to-noise ratio). The ciphertext size in our construction scales logarithmically in the size of the identity space and linearly in the size of the revocation list. Our scheme leverages techniques from both combinatorial and algebraic constructions for traitor tracing.
机译:追踪跟踪方案是一种多用户公共密钥加密方案,其中系统中的每个用户保持与用户的身份相关联的解密密钥。使用公钥,内容分销商可以将消息加密到系统中的所有用户。同时,如果恶意的用户组组合它们各自的解密密钥来构建“海盗解码器”,则存在有效的跟踪算法,即内容分配器可以用于识别用于构造解码器的至少一个密钥。跟踪和撤销方案是标准追踪跟踪方案的扩展,其中存在内容分配器可以用于禁用受损键的解密能力的附加密钥撤销机制。即,在加密期间,内容分发器可以相对于撤销用户的列表加密消息,使得只有未撤销的用户可以解密所产生的密文。跟踪和撤销方案挑战构建。来自标准假设的现有结构只能容忍有界共界(即,钥匙次数的键数上有一个先验的绑定),具有在标识的比特长度中呈指数级级级的系统参数,或满足较弱的可追溯性概念容易受到某些类型的“海盗进化”攻击。在这项工作中,我们提供了一种完全抵抗并且能够支持任意抗坏的痕迹和撤销方案的第一次构造(即,可以从指数尺寸空间中汲取标识)。我们的计划支持公共加密和秘密跟踪,并且可以基于LWE问题的子指数硬度(具有超级多项式模量对噪声比)。我们的施工中的密文大小在身份空间的大小上对数,并在撤销列表的大小中线性地线性。我们的计划利用组合和代数构造的技术进行追踪追踪。

著录项

相似文献

  • 外文文献
  • 中文文献
  • 专利
获取原文

客服邮箱:kefu@zhangqiaokeyan.com

京公网安备:11010802029741号 ICP备案号:京ICP备15016152号-6 六维联合信息科技 (北京) 有限公司©版权所有
  • 客服微信

  • 服务号