一种2——安全码的组合构造

完全安全码是不存在的,这已经从理论上得到证明.任何安全码在某一种情况下,对叛逆者的追踪必定失败.这里用分组设计的方法构造出一种2--安全码.每一个码字对应一个n阶方阵.嵌入到数字产品中的码字长度比相应的矩阵长度要小.当发现盗版产品时,不是通过盗版码字,而是通过盗版码字相应的矩阵确定出共谋者.追踪算法追踪效率很高,而且它要么运行失败,要么输出一个共谋者,也就是说,该追踪算法的一个非常重要的性质是不会冤枉无辜用户.     

一种支持多频道服务的抗共谋的非对称公钥叛逆者追踪方案

该文提出一种新的叛逆者追踪方案,将会话密钥S分解成S1与S2之和。基于离散对数困难问题,引入多频道服务参数和特殊多项式函数来解密S1,利用中国剩余定理来解密S2。新方案具有支持多频道服务、抗共谋、非对称性、用户密钥的耐用性、黑盒子追踪等优点,并且在DDH(Diffie-Hellman Problem)困难问题的假设下证明了新方案是语义上安全的,通过分析表明新方案的整体性能明显好于已有方案。     

一种基于随机序列的公钥叛逆者追踪方案

基于离散对数困难问题,利用随机序列提出一种公钥叛逆者追踪方案。该方案采用多项式与过滤函数来构建,当缴获盗版解码器时,只需通过一次输入输出即可确定叛逆者。若需要撤销或恢复多个叛逆者时,其能在不更新其他合法用户私钥的前提下,实现完全撤销多个叛逆者或完全恢复已撤销用户。性能分析证明,该方案不仅存储、计算和通信开销低,还具有完全抗共谋性、完全撤销性与完全恢复性以及黑盒追踪的特点。     

一种完整的非对称公钥叛逆者追踪方案

利用不经意多项式估值协议,该文提出了一种新的非对称公钥叛逆者追踪方案。当参与共谋的叛逆者数量不超过预先设置的范围时,与现有的非对称公钥追踪方案相比,该方案能够以完全的黑盒子追踪方式准确地确定出全部叛逆者;借助于密钥更新,该方案具有完善的撤销性,能够撤销任意数量的叛逆者。此外,与已有方案相比该方案显著降低了追踪时的计算量并且有着更高的传输效率。     

一种抗共谋的公钥叛逆者追踪方案

利用非奇次线形方程组解的结构,提出了一种新的公钥叛逆者追踪方案.与现有方案相比较,本方案具有完全的黑盒子追踪性和抗共谋能力,即一定数量的叛逆者通过共谋构造一个解密钥时,其成功的概率小于预先设置的概率门限值.此外,本方案没有使用陷门离散对数.     

一种无第三方参与的匿名指纹方案

基于类ElGamal加密体制,本文提出了一种无第三方参与的匿名数字指纹方案.在无第三方参与的情况下,该方案巧妙实现了销售商对匿名用户的身份认证,确保了只有合法注册用户才能得到数字产品;同时,销售商在收缴到盗版拷贝时,无须用户的参与就能够追踪出真正的盗版者.此外,方案还具备不可联系性,防诬陷性.方案的安全是基于解离散对数为困难问题.     

面向多服务的基于大整数分解困难问题的叛逆者追踪方案

该文提出了一种面向多服务的基于大整数分解困难问题的叛逆者追踪方案。该方案的主要思想是基于大整数分解困难问题构造等式,并引进参数传递服务密钥,解密时利用上述等式和服务密钥可获得会话密钥。与现有两种方案相比,新方案具有多服务、黑盒追踪、密文长度是常量、增加用户或撤销用户以及前向安全性和后向安全性等优点,整体性能好于现有两种方案。     

基于RSA的广播加密方案

提出一种基于RSA算法实现的广播加密方案,方案采用的是树形结构,密钥生成和分配过程简介,并且传输开销和存储开销与用户数量以及授权用户数量都没有关系,为常量级。与其它使用计算量较大的双线性映射构造的性能相同的方案相比较,本方案计算量较小。同时非授权用户不能通过共谋构造出一个不同的解密钥,即方案具有抗共谋性。方案能够实现对恶意共享解密钥的叛逆者的追踪。     

免共谋公钥叛逆者追踪方案

当参与共谋的叛逆者不超过某个预先给定的范围时,现有的叛逆者追踪方案都可以追踪出至少一个叛逆者,但是如何阻止共谋的发生还是一个有待解决的问题。提出一种新的叛逆者追踪方案,方案中不同用户间的解密钥是不相关的,这样无论多少个用户都不能通过共谋构造出一个解密钥来,并且能快速准确地追踪出叛逆者,对潜在的不良用户有更好的威慑作用。与现有方案相比,本方案具有更高的传输效率。     

一种新的非对称公钥叛逆者追踪方案

应用不经意多项式估值协议构造了一种非对称的公钥叛逆者追踪方案。该方案具有无需任何可信方和不泄漏用户敏感信息(如信用卡号码或数字签字密钥)的非对称追踪能力,以及自身强化性、直接不可否认性、防诬陷性等特性。更重要的是,数据供应商能够动态地撤销或恢复某个叛逆者解密密钥的解密权限,而无需更新其他用户的解密密钥。     

适应性安全的可追踪叛徒的基于属性加密方案

针对基于属性加密(ABE, attribute-base encryption)机制存在的密钥滥用问题,为每个用户增加唯一的身份标识符,将联合安全编码和叛徒追踪机制引入到ABE方案中,给出适应性安全的可追踪叛徒ABE的定义、安全模型和可追踪模型,提出一种适应性安全的可追踪叛徒的ABTT方案,该方案允许适应性追踪指定策略盗版解码器中的叛徒。基于合数阶群上的子群判定假设和DDH假设,证明所提方案是适应性安全和适应性可追踪的。因此,所提方案不仅可以适应性追查指定策略盗版解码器中的叛徒,而且进一步增强了ABE系统的安全性,具有一定的理论和应用价值。     

Low Bandwidth Dynamic Traitor Tracing Schemes

Dynamic traitor tracing schemes were introduced by Fiat and Tassa in order to combat piracy in active broadcast scenarios. In such settings the data provider supplies access control keys to its legal customers on a periodical basis. A number of users may collude in order to publish those keys via the Internet or any other network. Dynamic traitor tracing schemes rely on the feedback from the pirate network in order to modify their key allocation until they are able either to incriminate and disconnect all traitors or force them to stop their illegal activity. Those schemes are deterministic in the sense that incrimination is always certain. As such deterministic schemes must multiply the critical data by at least p + 1, where p is the number of traitors, they may impose a too large toll on bandwidth. We suggest here probabilistic schemes that enable one to trace all traitors with almost certainty, where the critical data is multiplied by two, regardless of the number of traitors. These techniques are obtained by combining dynamic traitor tracing schemes with binary fingerprinting techniques, such as those proposed by Boneh and Shaw.     

Tracing Precept against Self-Protective Tortious Decoder

Traceability precept is a broadcast encryption technique that content suppliers can trace malicious authorized users who leak the decryption key to an unauthorized user. To protect the data from eavesdropping, the content supplier encrypts the data and broadcast the cryptograph that only its subscribers can decrypt. However, a traitor may clone his decoder and sell the pirate decoders for profits. The traitor can modify the private key and the decryption program inside the pirate decoder to avoid divulging his identity. Furthermore, some traitors may fabricate a new legal private key together that cannot be traced to the creators. So in this paper, a renewed precept is proposed to achieve both revocation at a different level of capacity in each distribution and black-box tracing against self-protective pirate decoders. The rigorous mathematical deduction shows that our algorithm possess security property.     

Dynamic Traitor Tracing

Traitor tracing schemes were introduced to combat the typical piracy scenario whereby pirate decoders (or access control smartcards) are manufactured and sold by pirates to illegal subscribers. Those traitor tracing schemes, however, are ineffective for the currently less common scenario where a pirate publishes the periodical access control keys on the Internet or, alternatively, simply rebroadcasts the content via an independent pirate network. This new piracy scenario may become especially attractive (to pirates) in the context of broadband multicast over the Internet. In this paper we consider the consequences of this type of piracy and offer countermeasures. We introduce the concept of dynamic traitor tracing which is a practical and efficient tool to combat this type of piracy. Received December 1999 and revised November 2000 Online publication 9 April 2001     

Traitor tracing over YouTube video service—proof of concept

The development explained in this article proves that is possible to trace dishonest users who upload videos with sensitive content to the YouTube service. To achieve tracing these traitor users, fingerprint marks are embedded by a watermarking algorithm into each copy of the video before distributing it. Our experiments show that if the watermarking algorithm is carefully configured and the fingerprints are correctly chosen, the traitor, or a member of a set of traitors who have performed a collusion attack, can be found from a pirate video uploaded to the YouTube service.     

Wireless broadcast encryption based on smart cards

Wireless broadcasting is an efficient way to broadcast data to a large number of users. Some commercial applications of wireless broadcasting, such as satellite pay-TV, desire that only those users who have paid for the service can retrieve broadcast data. This is often achieved by broadcast encryption, which allows a station securely to broadcast data to a dynamically changing set of privileged users through open air. Most existing broadcast encryption schemes can only revoke a pre-specified number of users before system re-setup or require high computation, communication and storage overheads in receivers. In this paper, we propose a new broadcast encryption scheme based on smart cards. In our scheme, smart cards are used to prevent users from leaking secret keys. Additionally, once an illegally cloned smart card is captured, our scheme also allows tracing of the compromised smart card by which illegal smart cards are cloned, and can then revoke all cloned smart cards. The new features of our scheme include minimal computation needs of only a few modular multiplications in the smart card, and the capability to revoke up to any number of users in one revocation. Furthermore, our scheme is secure against both passive and active attacks and has better performance than other schemes.     

无可信第三方的离线电子现金匿名性控制

利用可信第三方的电子现金匿名性撤销方案增加了系统负担,并且可信第三方的跟踪是不确定的.最近Kulger等提出了无可信第三方的可审计跟踪的电子现金方案,但需要用户事后审计检查.结合Camenisch等的加标记跟踪及证明方法和Abe等部分盲签名方案,本文提出了一个无可信第三方的电子现金匿名性控制方案.方案中银行只在需要跟踪时要求用户打开标记,从而进行用户和钱币的跟踪,这样跟踪时用户是知道的,因此简便实用地解决了无可信第三方情况下电子现金匿名性控制问题.     

基于EIGamal加密算法的匿名叛逆者追踪方案

基于离散对数的EIGamal加密算法体制，提出一种匿名的叛逆者追踪方案。在此方案中，广播信息通过对称加密算法加密后广播给用户，而加密使用的会话密钥是在注册用户通过匿名身份验证后，通过数据提供商发送的数据头传送给用户。由性能分析可知，该方案不仅具有用户的匿名安全性、可撤销性与可恢复性的特点，还能够抵抗线性组合攻击。