TY - GEN
T1 - Efficient trace and revoke schemes
AU - Naor, Moni
AU - Pinkas, Benny
N1 - Publisher Copyright:
© Springer-Verlag Berlin Heidelberg 2001.
PY - 2001
Y1 - 2001
N2 - Our goal is to design encryption schemes for mass distribution of data in which it is possible to (1) deter users from leaking their personal keys, (2) trace which users leaked keys to construct an illegal decryption device, and (3) revoke these keys as to render the device dysfunctional. We start by designing an efficient revocation scheme, based on secret sharing. It can remove up to t parties and is secure against coalitions of size t. The performance of this scheme is more efficient than that of previous schemes with the same properties. We then show how to combine the revocation scheme with traitor tracing and self enforcement schemes. More precisely, how to construct schemes such that (1) Each user’s personal key contains some sensitive information of that user (e.g., the user’s credit card number), and therefore users would be reluctant to disclose their keys. (2) An illegal decryption device discloses the identity of users that contributed keys to construct the device. And, (3) it is possible to revoke the keys of corrupt users. For the last point it is important to be able to do so without publicly disclosing the sensitive information.
AB - Our goal is to design encryption schemes for mass distribution of data in which it is possible to (1) deter users from leaking their personal keys, (2) trace which users leaked keys to construct an illegal decryption device, and (3) revoke these keys as to render the device dysfunctional. We start by designing an efficient revocation scheme, based on secret sharing. It can remove up to t parties and is secure against coalitions of size t. The performance of this scheme is more efficient than that of previous schemes with the same properties. We then show how to combine the revocation scheme with traitor tracing and self enforcement schemes. More precisely, how to construct schemes such that (1) Each user’s personal key contains some sensitive information of that user (e.g., the user’s credit card number), and therefore users would be reluctant to disclose their keys. (2) An illegal decryption device discloses the identity of users that contributed keys to construct the device. And, (3) it is possible to revoke the keys of corrupt users. For the last point it is important to be able to do so without publicly disclosing the sensitive information.
KW - Blacklisting
KW - Broadcast encryption
KW - Copyright protection
KW - Self enforcement
KW - Tracing traitors
KW - User revocation
UR - http://www.scopus.com/inward/record.url?scp=84944319284&partnerID=8YFLogxK
U2 - 10.1007/3-540-45472-1_1
DO - 10.1007/3-540-45472-1_1
M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???
AN - SCOPUS:84944319284
SN - 3540427007
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 1
EP - 20
BT - Financial Cryptography - 4th International Conference, FC 2000, Proceedings
A2 - Frankel, Yair
PB - Springer Verlag
T2 - 4th International Conference on Financial Cryptography, FC 2000
Y2 - 20 February 2000 through 24 February 2000
ER -