Upload
maryann-goodman
View
216
Download
4
Embed Size (px)
Citation preview
11
Traitor TracingTraitor Tracing
22
OutlineOutline IntroductionIntroduction State of the artState of the art
Traceability schemeTraceability scheme Frameproof codeFrameproof code cc-secure code-secure code Combinatorial propertiesCombinatorial properties Tracing algorithmTracing algorithm Some useful propertiesSome useful properties
RephraseRephrase Encoding schemeEncoding scheme Decoding schemeDecoding scheme Watermarking schemeWatermarking scheme
ConclusionsConclusions
33
IntroductionIntroduction
FingerprintingFingerprinting Embed an unique key for each user to identify the Embed an unique key for each user to identify the
person who acquired a particular copyperson who acquired a particular copy Each user has his own decryption key to recover the Each user has his own decryption key to recover the
contentcontent Collusion attack Collusion attack
A group of malicious users (traitors) can collude by A group of malicious users (traitors) can collude by combining their keys to create a new pirate key (pirate combining their keys to create a new pirate key (pirate decoder)decoder)
Traitor tracing Traitor tracing A traitor tracing algorithm is used to trace at least one A traitor tracing algorithm is used to trace at least one
of the colludersof the colluders
44
State of the artState of the art
Traceability schemeTraceability scheme Frameproof codeFrameproof code cc-secure code-secure code Combinatorial propertiesCombinatorial properties Tracing algorithmTracing algorithm Some useful propertiesSome useful properties
55
State of the art -State of the art - Traceability schemes Traceability schemes
““Tracing Traitors”, B. Chor, A. Fiat, M. Naor, and B. Pinkas, 199Tracing Traitors”, B. Chor, A. Fiat, M. Naor, and B. Pinkas, 1994 (1998, 2000).4 (1998, 2000).
Traceability schemesTraceability schemes<Definition 1.1> Traitor tracing schemes<Definition 1.1> Traitor tracing schemes
A traitor tracing scheme consists of three components:A traitor tracing scheme consists of three components:
traitor.a ofidentity the
determine todecoder, pirate a ofon confiscatiupon used algorithm, tracingA traitor 3.
messages. those
decrypt user toevery by used 1010 scheme decryption a and messages
encrypt osupplier t data by the used1010 scheme encryptionAn 2.
gets. userseach key that personal in the bits ofnumber theis and users possible of
set theis where10 mapping a defines that key -meta a hassupplier
data The users. new add osupplier t data by the used scheme,tion initializauser A 1.
},{},:{D
},{},:{E
s
U},{:UP
*β
**α
sα
66
State of the art -State of the art -Traceability schemes (continue)Traceability schemes (continue)
<Definition 1.2> <Definition 1.2> fully (fully (p,kp,k)-resilient tracing scheme )-resilient tracing scheme Let Let TT be a coalition of at most be a coalition of at most kk users. Let users. Let A A be an adversary that hbe an adversary that has a subset as a subset FF of the keys of the users in of the keys of the users in TT, and that is able to decry, and that is able to decrypt the content sent in the tracing traitors scheme, in time pt the content sent in the tracing traitors scheme, in time tt and with p and with probability greater that robability greater that q’.q’. The scheme is called fully ( The scheme is called fully (p,kp,k)-resilient if it )-resilient if it satisfies the security assumption: one of the following two statementsatisfies the security assumption: one of the following two statements holds.s holds. GGiven iven FF the data supplier is able to trace with probability at least the data supplier is able to trace with probability at least 1-p1-p at l at l
east one of the users in east one of the users in TT.. There exists an adversary There exists an adversary A’A’ which uses which uses AA as a black box and whose in as a black box and whose in
put is only an enabling block and a cipher block of the tracing traitors scput is only an enabling block and a cipher block of the tracing traitors scheme. heme. A’A’ can reveal the content that is encrypted in the cipher block in ti can reveal the content that is encrypted in the cipher block in time which is linear in the length of its input and in me which is linear in the length of its input and in tt, and with probability , and with probability at least at least q’’=q’.q’’=q’.
77
State of the art –State of the art – Traceability schemes (continue)Traceability schemes (continue)
<Definition 1.3> fully <Definition 1.3> fully kk-resilient tracing scheme-resilient tracing schemeA scheme is called fully A scheme is called fully kk-resilient if it satisfies definition -resilient if it satisfies definition 1.2 and it further holds that 1.2 and it further holds that p=0p=0..
<Definition 1.4> <Definition 1.4> qq-threshold (-threshold (p,kp,k)-resilient tracing scheme)-resilient tracing scheme
A scheme is called A scheme is called qq-threshold (-threshold (p,kp,k)-resilient if it satisfies )-resilient if it satisfies definition 1.2 with definition 1.2 with q’’=q’-qq’’=q’-q..
88
State of the art –State of the art – Frameproof codesFrameproof codes
Frameproof codesFrameproof codes ““Collusion-secure fingerprinting for digital data”, Collusion-secure fingerprinting for digital data”, Dan BDan B
onehoneh and and James ShawJames Shaw, 1995 (1998), 1995 (1998) A fingerprint is a collection of marksA fingerprint is a collection of marks
A fingerprint can be thought of as a word of length A fingerprint can be thought of as a word of length LL over an al over an alphabet phabet ΣΣ of size of size ss
A distributor is the sole supplier of fingerprinted objectsA distributor is the sole supplier of fingerprinted objects A user is the registered owner of a fingerprinted objectsA user is the registered owner of a fingerprinted objects The process of fingerprinting an object involves assigning a unThe process of fingerprinting an object involves assigning a un
ique codeword over ique codeword over ΣΣLL to each user to each user
99
State of the art –State of the art – Frameproof codes (continue)Frameproof codes (continue)
<Definition 2.1> (<Definition 2.1> (ll,,nn)-code and codebook)-code and codebook
<Definition 2.2> undetectable positions<Definition 2.2> undetectable positions
codebook. theas in wordsofset therefer to We
.1for ,user toassigned be will codeword The
code.-),(an called be will},...,{set A )(
)()1(
Γ
Σ
niuw
nlwwΓ
ii
ln
.... if leundetectab is position Then
}.,...,{ suppose Formally, position.th in their match in
users toassigned words theif for leundetectab is
position say that we},...,1{For users. ofcoalition
a be and code-),(an be },...,{Let
)()()(
1
)()1(
21 cui
ui
ui
c
n
wwwi
uuCiC
Ci
li
Cnlww
Γ
1010
State of the art –State of the art – Frameproof codes (continue)Frameproof codes (continue)
<Definition 2.3>feasible set<Definition 2.3>feasible set
e.g. A: 3 2 3 1 2e.g. A: 3 2 3 1 2
B: 1 2 2 1 2B: 1 2 2 1 2
).(by );(
denote and omit the e Usually wbits. leundetectab scoalition'
match the which wordsall containsset feasible theThus .in
user somefor } s.t. {?})({);( as ofset
feasible theDefine .for positions leundetectab ofset thebe Let
users. ofcoalition a be and code-),(an be },...,{Let
)(
)()1(
CFCF
Cu
wwwCFC
CR
Cnlww
Ru
Rl
n
212)( ABF
1111
State of the art –State of the art – Frameproof codes (continue)Frameproof codes (continue)
<Definition 2.4> Marking Assumption<Definition 2.4> Marking Assumptionany coalition of any coalition of cc users is only capable of creating users is only capable of creating an object whose fingerprint lies in the feasible set an object whose fingerprint lies in the feasible set of the coalitionof the coalition
<Definition 2.5> c-frameproof<Definition 2.5> c-frameproof
WWFc
W
)( satisfies ,most at size of
,set every if frameproof-c is codeA
1212
State of the art –State of the art – Frameproof codes (continue)Frameproof codes (continue)
Construction of Construction of cc-frameproof codes-frameproof codes(for binary alphabet)(for binary alphabet) <Claim 2.1> <Claim 2.1> 00 is a (is a (nn,,nn)-code which is )-code which is nn-frameproof-frameproof
The length of The length of 00 is linear in the number of use is linear in the number of use
rs and is therefore impracticalrs and is therefore impractical Use Use 00 to construct shorter codes to construct shorter codes
1313
State of the art –State of the art – Frameproof codes (continue)Frameproof codes (continue)
<Definition 2.6> A set <Definition 2.6> A set CC of of NN words of length words of length LL o over an alphabet of p letters is said to be an (ver an alphabet of p letters is said to be an (LL,,NN,,DD)p-ECC, if the Hamming distance between ever)p-ECC, if the Hamming distance between every pair of words in y pair of words in CC is at least is at least DD..
The idea of the construction of n-frameproof codThe idea of the construction of n-frameproof code is to compose the code e is to compose the code 00 (n) with an error-cor (n) with an error-correcting code.recting code.
Let Let ={={ww((11)),…,,…,ww((pp))} be an (} be an (ll,,pp)-code and let )-code and let CC be be an (an (LL,,NN,,DD))pp-ECC.We denote the composition of -ECC.We denote the composition of and and CC by by ’.’.
1414
State of the art –State of the art – Frameproof codes (continue)Frameproof codes (continue)
code-),(an is }|{
||...|||| ... codeword afor )()()(21
21
NlLCvW
wwwWvCvvvv
v
vvvL
L
<Lemma 2.1> Let be a be a cc-frameproof (-frameproof (ll,,pp)-code and C be an ()-code and C be an (LL,,NN,,DD)-ECC. )-ECC. Let Let ’ be the composition of ’ be the composition of and and CC. Then . Then ’ is a ’ is a cc-framepr-frameproof code, provided oof code, provided DD>>LL(1-(1/(1-(1/cc)).)).<proof>
1515
State of the art –State of the art – Frameproof codes (continue)Frameproof codes (continue)
<Lemma 2.2> For any positive integers <Lemma 2.2> For any positive integers pp,,nn let let LL==8p8p log log NN. Then there exists a (. Then there exists a (L,N,L,N,DD))2p2p-ECC where -ECC where DD>>LL((11-(-(11//pp)).)).
<Theorem 2.1> For any integers <Theorem 2.1> For any integers n ,cn ,c>0 let >0 let ll==16c16c22 log log nn. Then there exists an (l, n)-cod. Then there exists an (l, n)-code which is c-frameproof.e which is c-frameproof.<proof><proof>
1616
State of the art –State of the art – cc-secure code-secure code
<Definition 2.7> totally <Definition 2.7> totally cc-secure code-secure code
<Lemma 2.3><Lemma 2.3>
. then worda generates users
most at of coalition a if :condition following thesatisfying
algorithm tracinga exists thereif secure- totally is codeA
CA(x)x
c C
Ac
each. users most at of ,..., coalitions allfor
0)(...)(0...
thencode secure- totally a is If
1
11
cCC
CFCFCC
c
r
rr
1717
State of the art –State of the art – cc-secure code (continue)-secure code (continue)
<Theorem 2.2> For <Theorem 2.2> For cc≥≥22 and and nn≥≥33 there are there are no totally no totally cc-secure (-secure (ll,,nn)-codes)-codes<proof><proof>
→→Unfortunately, when Unfortunately, when cc>1,totally >1,totally cc-secure c-secure codes do not exist.odes do not exist.
→→There is a way out of this trap: There is a way out of this trap: use randomness.use randomness.
1818
State of the art –State of the art – cc-secure code (continue)-secure code (continue)
<Definition 2.8> <Definition 2.8> cc-secure with -secure with -error -error
The tracing algorithm The tracing algorithm A A on input on input xx outputs a outputs a member of the coalition member of the coalition CC that generated the that generated the word word xx with high probability. with high probability.
coalition. by the made choices random theand bits random over the taken isy probabilit thewhere
1])(Pr[
then worda generates users cmost at of coalition a if :condition following the
satisfying algorithm tracinga exists thereiferror - withesecure- is scheme tingfingerprinA
r
CxA
xC
Acr
1919
State of the art –State of the art – cc-secure code (continue)-secure code (continue)
Construction of collusion-secure codesConstruction of collusion-secure codes Construct an (Construct an (l,nl,n)-code which is )-code which is nn-secure with -secure with -error for any -error for any >0 >0 →→length of this code is length of this code is nnOO((11))
→→too large to be practical too large to be practical <Theorem 2.3> <Theorem 2.3> <Algorithm 2.1><Algorithm 2.1>
Use the code to construct Use the code to construct cc-secure codes with -secure codes with -error for -error for nn users whose length is log users whose length is logOO((11))((nn) ) when when cc=O(log =O(log nn).).<Theorem 2.4> <Theorem 2.4> <Algorithm 2.2><Algorithm 2.2>
2020
State of the art –State of the art – cc-secure code (continue)-secure code (continue)
A lower boundA lower bound<Theorem 2.5> Let <Theorem 2.5> Let be an ( be an (l,nl,n) fingerprint) fingerprinting scheme over a binary alphabet. Suppoing scheme over a binary alphabet. Suppose se is is cc-secure with -secure with -error. Then the cod-error. Then the code length is at least e length is at least l l ≥≥11//22((cc--33)log()log(11//cc).).<proof><proof>
2121
State of the art –State of the art – Combinatorial propertiesCombinatorial properties
““Combinatorial properties and constructionCombinatorial properties and constructions of traceability schemes and frameproof cs of traceability schemes and frameproof codes”, D. R. Stinson, R. Wei, 1997(2001)odes”, D. R. Stinson, R. Wei, 1997(2001)
Investigate combinatorial properties and cInvestigate combinatorial properties and constructions of two recent topics of cryptogonstructions of two recent topics of cryptographic interest: raphic interest: frameproof codesframeproof codes traceability schemetraceability scheme
2222
State of the art –State of the art – Combinatorial properties (continue)Combinatorial properties (continue)
<Definition 3.1> c-FPC(v,b)<Definition 3.1> c-FPC(v,b)
<Definition 3.2> c-TS(k,b,v)<Definition 3.2> c-TS(k,b,v)
. a is say that We
. have we, such that
everyfor if, code frameproof-c a called is code-A
c-FPC(v,b)Γ
WΓ F(w)cWΓW
Γ(v,b)
).c-TS(k,b,v
cC CF
CU
by
denoted isit and schemety traceabili-c a called is scheme the
Then . and by produced is decoder pirate awhenever
coalition theofmember a is user exposedany Suppose
2323
State of the art –State of the art – Combinatorial properties (continue)Combinatorial properties (continue)
<Theorem 3.1><Theorem 3.1>
i
d
ii
d
d
BBB
},...,B,B\{BB
,,...,B,BBc db
v,)(c-FPC(v,b)
1
d
1i
21
21
such that block aexist not does there
blocks ofsubset any for and
such that systemset a a
B
BB
XΒX,
2424
State of the art –State of the art – Combinatorial properties (continue)Combinatorial properties (continue)
<Theorem 3.2><Theorem 3.2>
dj for BFBF},...,B,B\{BB
,BFk-
,...,B,BBc d
k b
v,)(b,v)c-TS(k
jd
j
d
j
d
1such that
block aexist not does theresubset
any for and blocks of choiceevery for
hat property t with the,Bevery for B and
such that systemset a , a
21
1
21
B
B
BB
XΒX,
2525
State of the art –State of the art – Combinatorial properties (continue)Combinatorial properties (continue)
<Theorem 3.3>If there exists a c-TS(k,b,v), th<Theorem 3.3>If there exists a c-TS(k,b,v), then there exists a c-FPC(v,b).en there exists a c-FPC(v,b).<proof><proof>
.1Then
.such that block a and
, blocks, exist e then therno; Suppose
. a is that prove We
. a toingcorrespond systemset thebe Let
121
21
dj for BBBB
BB},..., B, B\{BB
,..., B, BBcd
c-FPC(v,b)(
)c-TS(k,b,v)(
j
idid
d
Β
BΒ)X,
ΒX,
2626
State of the art –State of the art – Combinatorial properties (continue)Combinatorial properties (continue)
Constructions using Constructions using tt-designs-designs <Definition> <Definition> tt-(v, k,-(v, k,λλ) design) design
BIBD’s are 2-(v, k,BIBD’s are 2-(v, k,λλ) design) design E.g. 2-(9, 3,1) design E.g. 2-(9, 3,1) design
{0,1,6},{0,2,5},{0,3,4},{1,2,4},{3,5,6},{1,5,7} {0,1,6},{0,2,5},{0,3,4},{1,2,4},{3,5,6},{1,5,7} {5,4,8},{4,6,7},{6,2,8},{2,3,7},{3,1,8},{0,7,8} {5,4,8},{4,6,7},{6,2,8},{2,3,7},{3,1,8},{0,7,8}
.in blocks exactly
in occurs ofsubset -every and ,Bevery for B
, where),( systemset a isdesign )A
B
XB
XBX,
tk
vt-(v,k,λ
2727
State of the art –State of the art – Combinatorial properties (continue)Combinatorial properties (continue)
<Theorem 3.4><Theorem 3.4>
<Theorem 3.5><Theorem 3.5>
))/(t-(k-c)t
k/
t
vc-FPC(v,) t-(v,k, 11 where, adesign 1 a
))/(t-(k-cv)t
k/
t
vc-TS(k) t-(v,k, 11 where,,, adesign 1 a
2828
State of the art –State of the art – Tracing algorithmsTracing algorithms
scenarioscenario The center broadcasts the encrypted content tThe center broadcasts the encrypted content t
o userso users One encryption key and multiple distinct decryOne encryption key and multiple distinct decry
ption keysption keys One cannot compute a new decryption key froOne cannot compute a new decryption key fro
m a given set of keysm a given set of keys
2929
State of the art –State of the art – Tracing algorithms (continue)Tracing algorithms (continue)
Static tracingStatic tracing Used upon confiscation of a pirate decoder, to Used upon confiscation of a pirate decoder, to
determine the identity of a traitordetermine the identity of a traitor Such scheme would be ineffective if the pirate were Such scheme would be ineffective if the pirate were
simply to rebroadcast the original contentsimply to rebroadcast the original content Use watermarking methods to allow the broadcaster Use watermarking methods to allow the broadcaster
to generate different versions of the original contentto generate different versions of the original content Use the watermarks found in the pirate copy to trace Use the watermarks found in the pirate copy to trace
its supporting traitorsits supporting traitors Drawback: requires one copy of content for each user Drawback: requires one copy of content for each user
and so requires very high bandwidthand so requires very high bandwidth
3030
State of the art –State of the art – Tracing algorithms (continue)Tracing algorithms (continue)
Dynamic tracing (Fiat & Tassa, 2001)Dynamic tracing (Fiat & Tassa, 2001) The content is divided into consecutive segmentsThe content is divided into consecutive segments Embed one of the q marks in each segment, hence creating q veEmbed one of the q marks in each segment, hence creating q ve
rsions of the segment rsions of the segment (watermarking method)(watermarking method)
In each interval, the user group is divided into q subsets and eacIn each interval, the user group is divided into q subsets and each subset receives on version of the segmenth subset receives on version of the segment
The subsets are varied in each interval using the rebroadcasted The subsets are varied in each interval using the rebroadcasted contentcontent
Trace all colluders with lower bandwidthTrace all colluders with lower bandwidth Drawback: Drawback:
Vulnerable to a delayed rebroadcast attackVulnerable to a delayed rebroadcast attack High real-time computation for regrouping the users and allocating High real-time computation for regrouping the users and allocating
marks to subsetsmarks to subsets
3131
State of the art –State of the art – Tracing algorithms (continue)Tracing algorithms (continue)
Sequential tracing ( Reihaneh, 2003)Sequential tracing ( Reihaneh, 2003) The channel feedback is only used for tracing The channel feedback is only used for tracing
and not for allocation of marks to usersand not for allocation of marks to users The mark allocation table is predefined and thThe mark allocation table is predefined and th
ere is no need for real-time computation to detere is no need for real-time computation to determine the mark allocation of the next intervalermine the mark allocation of the next interval The need for real-time computation will be minimizThe need for real-time computation will be minimiz
eded Protects against the delayed reboradcast attackProtects against the delayed reboradcast attack
The traitors are identified sequentiallyThe traitors are identified sequentially
3232
State of the art –State of the art – Some useful propertiesSome useful properties
““Application of list decoding to tracing traitors”, A. SilverbApplication of list decoding to tracing traitors”, A. Silverberg, J. Staddon, 2001erg, J. Staddon, 2001
<Definition 3.3> <Definition 3.3> cc-TA (traceability)-TA (traceability)
<Definition 3.4> <Definition 3.4> cc-IPP (identifiable parent property) -IPP (identifiable parent property)
i
ii
i
CCzI(z,w)I(x,w)
Cx)desc(Cwc
CcC
allfor that
such exists e then ther if ,most at
size of coalitions allfor if codeTA - a is codeA
nonempty. is such that most at size of coalitions theof
onintersecti the, allfor if code IPP- a is codeA
)desc(CwcC
(C)descwcC
ii
c
3333
State of the art –State of the art – Some useful properties (continue) Some useful properties (continue)
<Lemma 3.1> Every <Lemma 3.1> Every cc-TA code is a -TA code is a cc-IPP -IPP code.code.
<proof><proof>
code. a a of definition by the s.t. then , if fact,In
.)(
, with any for that,show willWe
code. a of definition by the any for Thus
. allfor s.t. Let
.s.t. where if
code. a is Suppose
w-TAI(x,y)I(x,w)CwCy
CyCdescx
wCCC
w-TACzI(x,z)I(x,y)
CzI(x,z)I(x,y) Cy
)desc(Cxw,CCC(C), descx
w-TAC
jj
jj
jj
ii
iiiw
3434
State of the art –State of the art –Some useful properties (continue)Some useful properties (continue)
<Theorem 5.1><Theorem 5.1>
<Theorem 5.2> A sequential TA code is a <Theorem 5.2> A sequential TA code is a
c-TA code , Reihaneh, 2003c-TA code , Reihaneh, 2003
scheme
sequential a is )(Then function. tracinga is and
1
satisfying ECC-)(an from obtained
tableallocationmark a denote Γ integer,an beLet
112
c-TA
Γ,AA
)L-( D
L,N,D
c
cc
q
3535
State of the art –State of the art –Some useful properties (continue)Some useful properties (continue)
CF-11 a isThen .11
distance minimum having code-)(an is that Suppose2 /w)-(w,C )/w-N(d
N,n,qC
code.TA - wis CThen .11 distance
Hamming minimum having code-)(an is that Suppose2 )/w-N(d
N,n,qC
<Theorem 5.3><Theorem 5.3>
<Theorem 5.4> <Theorem 5.4>
3636
RephraseRephrase--Encoding schemeEncoding scheme
Find c-TA codeFind c-TA code ECCECC
(with D (with Dminmin>xxx , small codelength L and large code>xxx , small codelength L and large code
word number N)word number N) BCH code L=qBCH code L=qmm-1 e.g. GF(2-1 e.g. GF(244): (15,11,3) , (15,5,7)): (15,11,3) , (15,5,7) Reed-Solomon : L=q-1 D=L-k+1 N=qReed-Solomon : L=q-1 D=L-k+1 N=qkk
e.g. GF(256): (255,239) -> (204,188)e.g. GF(256): (255,239) -> (204,188)
Algebraic geometry codes Algebraic geometry codes
BIBD : given a constant k, L=v=O(nBIBD : given a constant k, L=v=O(n1/21/2) ) ……
Find key-assignment policyFind key-assignment policy
1
1
)1(4
1
)1(2
12
k
q
kkc
3737
RephraseRephrase--Decoding (tracing) schemeDecoding (tracing) scheme
ECC decodingECC decoding Minimum distance decodingMinimum distance decoding Syndrome decodingSyndrome decoding Viterbi algorithmViterbi algorithm List decodingList decoding
Tree-structured tracing (Liu, 2003)Tree-structured tracing (Liu, 2003) Tracing algorithms for broadcast environmTracing algorithms for broadcast environm
entent
3838
RephraseRephrase-Watermarking scheme-Watermarking scheme
Message mappingMessage mapping Direct message codingDirect message coding Multi-symbol message codingMulti-symbol message coding
Time and space division multiplexingTime and space division multiplexing Frequency division multiplexingFrequency division multiplexing Code division multiplexingCode division multiplexing
3939
ConclusionConclusion
4040
State of the art –State of the art –
00
<Definition> <Definition> 00
the (n,n)-code containing all n-bit binary wthe (n,n)-code containing all n-bit binary words with exactly one 1ords with exactly one 1
e.g. e.g. 00 (3)={100,010,001} (3)={100,010,001}
4141
State of the art –State of the art –
Lemma 2.1Lemma 2.1
.; of subword a is
)
code frameproof-c a is Γ
let
1 1position a
) 11)( (since
positions than lessin match and words the,1 allfor
derived was which from codeword thebe let
user a tobelongswhich 10 worda contains )( assume
users. ofcoalition a be let
1
min
Γ')F(CWW w
;ΓF(Cw
},...,w{wC
,...,c for all kvs.t. zL)jj(
/c)-L(d
L/cvz,...,ck
Wz
Cu },{WΓC;F
cC
)(z
j)(z
)(v)(vj
kjj
k
lL
j
j
cjj
C
C
4242
State of the art –State of the art –
Theorem 2.1Theorem 2.1 By lemma 2.2 we know that there exists a By lemma 2.2 we know that there exists a
((L,n,LL,n,L((1-1/c1-1/c))))22cc-ECC for -ECC for LL==8c8c log log nn. Combi. Combi
ning this with the code ning this with the code 00((2c2c) and lemma 2.) and lemma 2.
1 we get a 1 we get a cc-frameproof code for -frameproof code for nn users users whose length is whose length is 2cL2cL==16c16c22 log log nn
4343
State of the art –State of the art –
Theorem 2.2Theorem 2.2
secure.-2 not toally is code the2.3, lemmaby
empty. is coalitions theofon intersecti theHowever,
.
coalitions threeallfor feasible is ordmajority w therify that readily vecan One
by ordmajority w thedefine
lyrespective , users toassigned codewordsdistinct threebe let
code-arbitrary an be let
codes. secure-2 totally no are e that thershow enough to isit Clearly,
323121
322
31211
321
321321
Γ
},u},{u,u},{u,u{u
M
wise. other ?,
w if w , w
w or ww if w, w
Mi
),w,wMAJ(wM
,u,uu,w,ww
(l,n)
)(i
)(i
)(i
)(i
)(i
)(i
)(i
)(i
)()()(
)()()(
Γ
4444
State of the art –State of the art –
Theorem 2.3Theorem 2.3
For For nn≥≥33 and and >>00 let let dd==2n2n22 log( log(2n2n/ / ). The ). The fingerprinting scheme fingerprinting scheme 00((n,dn,d) is ) is nn-secure -secure
with with -error.-error.
4545
State of the art –State of the art –
Algorithm 2.1Algorithm 2.1
guilty" is user "output then 2
log22
if
.let :do 1 to2 allfor 3)
guilty" is user "output then if )2
guilty" is 1user "output then 0) if 1)
. producedthat coalition theofsubset a find ,10Given
1
1
1B
snkk
)weight(x
)weight(xkn-s
nd) weight(x
weight(x
x},{x
s-
s
n-
B
B
B
l
4646
State of the art –State of the art –
Theorem 2.4Theorem 2.4
Given integers Given integers N, cN, c, and , and >0 set >0 set nn==2c2c,,LL= = 2c2c log( log(2N2N//), and ), and dd==2n2n22 log(log(4nL4nL/ / ). The). Then, n, ’(’(L,N,n,dL,N,n,d) is a code which is ) is a code which is c-secure with c-secure with -error. The code contains -error. The code contains NN words and has lengthwords and has length
ll==OO((LdnLdn)=)=OO((cc44 log( log(NN//) log() log(11/ / ))))
4747
State of the art –State of the art –
Algorithm 2.2Algorithm 2.2
guilty" is user "output
from derived is codeword user whose thebe Let 3)
y).arbitraritbroken are (tiesposition of
number most in the matches which word theFind 2)
. word theform Next, . and 1between number a is that
Note output.chosen thisbe toSet 1. algorithm of outputs
theof one choosey arbitraril 1component each for
. of components theofeach to1 algorithmApply 1)
. producedthat coalition theofmember a find ,10Given
1
u
Cwu
yCw
...yyyny
y
,...,Li
xL
x},{x
Li
i
l