Efficient trace and revoke schemes

Moni Naor, Benny Pinkas

Research output: Contribution to journalArticlepeer-review

14 Scopus citations


Our goal is to design encryption schemes for mass distribution of data, which enable to (1) deter users from leaking their personal keys, (2) trace the identities of users whose keys were used to construct illegal decryption devices, and (3) revoke these keys as to render the devices dysfunctional. We start by designing an efficient revocation scheme, based on secret sharing. It can remove up to t parties, is secure against coalitions of up to t users, and is more efficient than previous schemes with the same properties. We then show how to enhance the revocation scheme with traitor tracing and self-enforcement properties. More precisely, how to construct schemes such that (1) each user's personal key contains some sensitive information of that user (e. g., the user's credit card number), in order to make users reluctant to disclose their keys. (2) An illegal decryption device discloses the identity of users that contributed keys to construct the device. And, (3) it is possible to revoke the keys of corrupt users. For the last point, it is important to be able to do so without publicly disclosing the sensitive information.

Original languageEnglish
Pages (from-to)411-424
Number of pages14
JournalInternational Journal of Information Security
Issue number6
StatePublished - Dec 2010
Externally publishedYes


  • Broadcast encryption
  • Copyright protection
  • Self-enforcement
  • Tracing traitors
  • User revocation


Dive into the research topics of 'Efficient trace and revoke schemes'. Together they form a unique fingerprint.

Cite this