some advances in broadcast encryption and traitor tracing
play

Some Advances in Broadcast Encryption and Traitor Tracing Duong - PowerPoint PPT Presentation

Oct 02, 2023 •569 likes •1.23k views

Some Advances in Broadcast Encryption and Traitor Tracing Duong Hieu Phan ( S eminaire LIPN - 18 Novembre 2014 ) Duong Hieu Phan Some Advances in BE&TT S eminaire LIPN 1 / 42 Multi-receiver Encryption From One-to-one to

  1. Some Advances in Broadcast Encryption and Traitor Tracing Duong Hieu Phan ( S´ eminaire LIPN - 18 Novembre 2014 ) Duong Hieu Phan Some Advances in BE&TT S´ eminaire LIPN 1 / 42

  2. Multi-receiver Encryption From “One-to-one” to ‘one-to-many” communications Provide all users with the same key → problems: Impossibility to know the source of the key leakage (traitor) 1 Impossibility to revoke a user, except by resetting the parameters 2 Duong Hieu Phan Some Advances in BE&TT S´ eminaire LIPN 2 / 42

  3. Broadcast Encryption [B91,FN94] & Traitor Tracing [CFN94] BO: 12 32:47 BO: 12 32:47 BO: 12 32:47 BO: 12 32:47 BO: 12 32:47 Desired Properties Tracing traitors from a pirate decoder 1 ◮ White-box tracing ◮ Black-box confirmation, black-box tracing Revoking non-legitimate users 2 Duong Hieu Phan Some Advances in BE&TT S´ eminaire LIPN 3 / 42

  4. Broadcasting & Tracing Composed by G.Allegri (around 1630) for use in the Sistine Chapel on Wednesday and Friday Kept secret by the Vatican Duong Hieu Phan Some Advances in BE&TT S´ eminaire LIPN 4 / 42

  5. Broadcasting & Tracing The piece was revealed in 1771 → Mozart Duong Hieu Phan Some Advances in BE&TT S´ eminaire LIPN 5 / 42

  6. Broadcasting & Tracing The piece was revealed in 1771 → Mozart Only Mozart can do it! Same idea in traitor tracing: identify who is capable of producing the pirate decoder Duong Hieu Phan Some Advances in BE&TT S´ eminaire LIPN 5 / 42

  7. Outline Randomized Exclusive Set System 1 Lattice-based Encryption 2 Extended Models 3 Duong Hieu Phan Some Advances in BE&TT S´ eminaire LIPN 6 / 42

  8. Outline Randomized Exclusive Set System 1 Lattice-based Encryption 2 Extended Models 3 Duong Hieu Phan Some Advances in BE&TT S´ eminaire LIPN 7 / 42

  9. Exclusive Set System (ESS) [ALO98] F is an ( N , ℓ, r , s ) -ESS if: F : a family of ℓ subsets of [ N ] For any R ⊆ [ N ] of size at most r , there exists S 1 , . . . S s ∈ F s.t. s � [ N ] − R = S i i = 1 Duong Hieu Phan Some Advances in BE&TT S´ eminaire LIPN 8 / 42

  10. Exclusive Set System (ESS) [ALO98] F is an ( N , ℓ, r , s ) -ESS if: F : a family of ℓ subsets of [ N ] For any R ⊆ [ N ] of size at most r , there exists S 1 , . . . S s ∈ F s.t. s � [ N ] − R = S i i = 1 From ESS to Revoke System Each S i ∈ F is associated to a key K i User u receives all keys K i that u ∈ S i To revoke a set R ⊆ [ N ] of size at most r : ◮ Find S 1 , . . . S s ∈ F s.t. [ N ] − R = � s i = 1 S i ◮ Encrypt the message with each key K i Duong Hieu Phan Some Advances in BE&TT S´ eminaire LIPN 8 / 42

  11. NNL Schemes viewed as Exclusive Set Systems [NNL01] S 1 S S 2 3 S S S S 5 6 7 4 S S S S S S S S 9 10 11 12 13 14 15 8 u u u u u u u u 2 3 5 1 4 6 7 8 F = { S 1 , S 2 , . . . , S 15 } S i contains all users ( i.e. leaves) in the subtree of node i (e.g. S 2 = { u 1 , u 2 , u 3 , u 4 } ) Revoked set R = { u 4 , u 5 , u 6 } Encrypt with keys at S 4 , S 7 , S 10 Complete-subtree is a ( N , 2 N − 1 , r , r log ( N / r )) -ESS Duong Hieu Phan Some Advances in BE&TT S´ eminaire LIPN 9 / 42

  12. Exclusive Set System under Code’s View u 1 u 2 u 3 u 4 u 5 u 6 u 7 u 8 S 1 1 1 1 1 1 1 1 1 S 2 1 1 1 1 S 3 1 1 1 1 S 4 1 1 S 5 1 1 S 1 S 6 1 1 S S 2 3 S 7 1 1 S S S S 4 5 6 7 S 8 1 1 S S S S S S S S 12 14 9 10 11 13 15 8 S 9 1 u u u u u u u u 2 3 5 1 4 6 7 8 S 10 1 S 11 1 S 12 1 S 13 1 S 14 1 S 15 1 Duong Hieu Phan Some Advances in BE&TT S´ eminaire LIPN 10 / 42

  13. NNL Schemes u 1 u 2 u 3 u 4 u 5 u 6 u 7 u 8 S 1 1 1 1 1 1 1 1 1 S 2 1 1 1 1 S 3 1 1 1 1 S 4 1 1 S 5 1 1 S 1 S 6 1 1 S 7 1 1 S S 2 3 S 8 1 1 S S 9 1 S S S 4 5 6 7 S 10 1 S S S S S S S S S 11 1 9 10 11 12 13 14 15 8 S 12 1 u u u u u u u u 2 3 5 1 4 6 7 8 S 13 1 S 14 1 S 15 1 Tracing Levels for NNL schemes Relaxed level of black-box tracing Black-box tracing for “naive” decoders Duong Hieu Phan Some Advances in BE&TT S´ eminaire LIPN 11 / 42

  14. NNL Schemes u 1 u 2 u 3 u 4 u 5 u 6 u 7 u 8 S 1 1 1 1 1 1 1 1 1 S 2 1 1 1 1 S 3 1 1 1 1 S 4 1 1 S 5 1 1 S 1 S 6 1 1 S 7 1 1 S S 2 3 S 8 1 1 S S 9 1 S S S 4 5 6 7 S 10 1 S S S S S S S S S 11 1 9 10 11 12 13 14 15 8 S 12 1 u u u u u u u u 2 3 5 1 4 6 7 8 S 13 1 S 14 1 S 15 1 Weakness in Black-box Tracing Highly structured matrix Pirate could thus detect “dangerous” queries and refuse to decrypt Duong Hieu Phan Some Advances in BE&TT S´ eminaire LIPN 11 / 42

  15. NNL Schemes u 1 u 2 u 3 u 4 u 5 u 6 u 7 u 8 S 1 1 1 1 1 1 1 1 1 S 2 1 1 1 1 S 3 1 1 1 1 S 4 1 1 S 5 1 1 S 1 S 6 1 1 S 7 1 1 S S 2 3 S 8 1 1 S S 9 1 S S S 4 5 6 7 S 10 1 S S S S S S S S S 11 1 9 10 11 12 13 14 15 8 S 12 1 u u u u u u u u 2 3 5 1 4 6 7 8 S 13 1 S 14 1 S 15 1 In General, Previous Results for ESS Black-box tracing for “naive” decoders (decrypt all ciphertexts without any strategy) c -traceability: a white-box tracing for “imperfect” decoders Duong Hieu Phan Some Advances in BE&TT S´ eminaire LIPN 11 / 42

  16. NNL Schemes u 1 u 2 u 3 u 4 u 5 u 6 u 7 u 8 S 1 1 1 1 1 1 1 1 1 S 2 1 1 1 1 S 3 1 1 1 1 S 4 1 1 S 5 1 1 S 1 S 6 1 1 S 7 1 1 S S 2 3 S 8 1 1 S S 9 1 S S S 4 5 6 7 S 10 1 S S S S S S S S S 11 1 9 10 11 12 13 14 15 8 S 12 1 u u u u u u u u 2 3 5 1 4 6 7 8 S 13 1 S 14 1 S 15 1 Our Objectives Black-box tracing in ESS for “smart” decoders (efficiency comparable to NNL schemes) Duong Hieu Phan Some Advances in BE&TT S´ eminaire LIPN 11 / 42

  17. Randomized ESS Recall 1 row → 1 subset → 1 key 1 column → 1 user → user j has key K i iff M ij = 1 Duong Hieu Phan Some Advances in BE&TT S´ eminaire LIPN 12 / 42

  18. Randomized ESS Recall 1 row → 1 subset → 1 key 1 column → 1 user → user j has key K i iff M ij = 1 Duong Hieu Phan Some Advances in BE&TT S´ eminaire LIPN 12 / 42

  19. Randomized ESS Property Set n = r log 2 ( N 2 e / r ) , b = 4 r With overwhelming probability → ( N , 8 r 2 log N , r , 8 r log N ) -ESS. (complete-subtree is ( N , 2 N − 1 , r , r ( log ( N / r )) -ESS) Duong Hieu Phan Some Advances in BE&TT S´ eminaire LIPN 12 / 42

  20. Tracing for ESS White-box Tracer can open the box → get the pirate word w which is the union of traitors’ codewords Duong Hieu Phan Some Advances in BE&TT S´ eminaire LIPN 13 / 42

  21. White-box Tracing for ESS White-box Tracing ( r , s , N , l ) -ESS is also a r -disjunct matrix, i.e., no column is contained in the union of any r other columns r -disjunct matrix: from the union of at most r columns, one can find back the r columns (the Group Testing technique ) ↔ Given the pirate word w , trace back the traitors Duong Hieu Phan Some Advances in BE&TT S´ eminaire LIPN 14 / 42

  22. White-box Tracing for ESS White-box Tracing ( r , s , N , l ) -ESS is also a r -disjunct matrix, i.e., no column is contained in the union of any r other columns r -disjunct matrix: from the union of at most r columns, one can find back the r columns (the Group Testing technique ) ↔ Given the pirate word w , trace back the traitors Challenge for Black-box Tracing How to find the pirate word w ? Duong Hieu Phan Some Advances in BE&TT S´ eminaire LIPN 14 / 42

  23. Black-box Tracing for ESS Shadow Group Testing Technique[NPP , Algorithmica13] Black-box access to pirate decoder Asking random queries of the same form as broadcasted ciphertexts Duong Hieu Phan Some Advances in BE&TT S´ eminaire LIPN 15 / 42

  24. Black-box Tracing for ESS Shadow Group Testing Technique[NPP , Algorithmica13] Black-box Access to Pirate Decoder Asking random queries of the same form as broadcasted ciphertexts Duong Hieu Phan Some Advances in BE&TT S´ eminaire LIPN 15 / 42

  25. Black-box Tracing for ESS Shadow Group Testing Technique[NPP , Algorithmica13] Test the decryptability of the piarte decoder on the queries → Get “Feedback” vector = union of the columns at position 1 in the pirate word w Duong Hieu Phan Some Advances in BE&TT S´ eminaire LIPN 15 / 42

  26. Black-box Tracing for ESS Shadow Group Testing Technique[NPP , Algorithmica13] We show that the matrix of queries is also an ESS → From “Feedback” vector, get the pirate word w Large number of queries → the tracing is efficient when the number of traitors is O ( log N ) Duong Hieu Phan Some Advances in BE&TT S´ eminaire LIPN 15 / 42

  27. Black-box Tracing for ESS Shadow Group Testing Technique[NPP , Algorithmica13] In brief: We get ( N , 8 r 2 log N , r , 8 r log N ) -ESS Ciphertext: constant factor w.r.t the complete-subtree and a log N factor w.r.t the subset-difference scheme The first black-box tracing ESS against non-naive pirates Duong Hieu Phan Some Advances in BE&TT S´ eminaire LIPN 15 / 42

Recommend

Broadcast Encryption and Some Other Primitives Lecture 24 Broadcast Encryption Broadcast

Broadcast Encryption and Some Other Primitives Lecture 24 Broadcast Encryption Broadcast

Broadcast Encryption and Some Other Primitives Lecture 24 Broadcast Encryption Broadcast Encryption Encrypt to a subset of users in the system Broadcast Encryption Encrypt to a subset of users in the system e.g., subscribers who haven t

1.62k views • 113 slides
Multiparty Key Exchange, Efficient Traitor Tracing, and More from Indistinguishability Obfuscation

Multiparty Key Exchange, Efficient Traitor Tracing, and More from Indistinguishability Obfuscation

Multiparty Key Exchange, Efficient Traitor Tracing, and More from Indistinguishability Obfuscation Dan Boneh Mark Zhandry Stanford University {dabo, zhandry}@cs.stanford.edu Abstract In this work, we show how to use indistinguishability

780 views • 49 slides
Risky Traitor Tracing and New Differential Privacy Negative Results Rishab Goyal Venkata Koppula

Risky Traitor Tracing and New Differential Privacy Negative Results Rishab Goyal Venkata Koppula

Risky Traitor Tracing and New Differential Privacy Negative Results Rishab Goyal Venkata Koppula Andrew Russell Brent Waters Hardness of Non-Interactive Differential Privacy from One-Way Functions Lucas Kowalczyk Tal Malkin Jonathan

649 views • 20 slides
Computer Graphics CS 543 Lecture 13 (Part 2) Advances in Graphics Prof Emmanuel Agu Computer

Computer Graphics CS 543 Lecture 13 (Part 2) Advances in Graphics Prof Emmanuel Agu Computer

Computer Graphics CS 543 Lecture 13 (Part 2) Advances in Graphics Prof Emmanuel Agu Computer Science Dept. Worcester Polytechnic Institute (WPI) Recall: Accelerating Ray Tracing To accelerate ray tracing, place grid over scene Test cells

770 views • 47 slides
Broadcast Receiver Why do we need Broadcast Receiver? Broadcast Receivers Broadcast receiver

Broadcast Receiver Why do we need Broadcast Receiver? Broadcast Receivers Broadcast receiver

Broadcast Receiver Why do we need Broadcast Receiver? Broadcast Receivers Broadcast receiver (a BroadcastReceiver subclass) is one of the application's components. Broadcast receivers enable applications to receive intents that are

560 views • 18 slides
Broadcast Receiver Why do we need Broadcast Receiver? Broadcast Receivers Broadcast receiver

Broadcast Receiver Why do we need Broadcast Receiver? Broadcast Receivers Broadcast receiver

Broadcast Receiver Why do we need Broadcast Receiver? Broadcast Receivers Broadcast receiver (a BroadcastReceiver subclass) is one of the application's components. Broadcast receivers enable applications to receive intents that are

597 views • 17 slides
Advanced Ray Tracing 1 2/8/2006 Distributed Ray Tracing Distributed ray tracing is an

Advanced Ray Tracing 1 2/8/2006 Distributed Ray Tracing Distributed ray tracing is an

Advanced Ray Tracing 1 2/8/2006 Distributed Ray Tracing Distributed ray tracing is an elegant technique that tackles many problems at once Stochastic ray tracing: distribute rays stochastically across pixel Distributed ray tracing:

327 views • 8 slides
MIT 6.837 - Ray Tracing Ray Tracing MIT EECS 6.837 Most slides are taken from Frdo Durand and

MIT 6.837 - Ray Tracing Ray Tracing MIT EECS 6.837 Most slides are taken from Frdo Durand and

MIT 6.837 - Ray Tracing Ray Tracing MIT EECS 6.837 Most slides are taken from Frdo Durand and Barb Cutler Some slides courtesy of Leonard McMillan 1 2 Ray Tracing Ray Tracing Ray Tracing kills two birds with one stone: Solves the

327 views • 11 slides
On Symmetric Key Broadcast Encryption Sanjay Bhattacherjee and Palash Sarkar Indian Statistical

On Symmetric Key Broadcast Encryption Sanjay Bhattacherjee and Palash Sarkar Indian Statistical

On Symmetric Key Broadcast Encryption Sanjay Bhattacherjee and Palash Sarkar Indian Statistical Institute, Kolkata Elliptic Curve Cryptography (This is not) 2014 isilogo Bhattacherjee and Sarkar Symmetric Key BE 10th Oct, 2014 1 / 53

1.67k views • 94 slides
BROADCAST RECEIVER SERVICE Broadcast receiver A broadcast receiver is a dormant component of

BROADCAST RECEIVER SERVICE Broadcast receiver A broadcast receiver is a dormant component of

BROADCAST RECEIVER SERVICE Broadcast receiver A broadcast receiver is a dormant component of the Android system. Only an Intent (for which it is registered) can bring it into action. Using a Broadcast Receiver, applications can

951 views • 51 slides
BROADCAST RECEIVER SERVICES Broadcast receiver A broadcast receiver is a dormant component of

BROADCAST RECEIVER SERVICES Broadcast receiver A broadcast receiver is a dormant component of

BROADCAST RECEIVER SERVICES Broadcast receiver A broadcast receiver is a dormant component of the Android system. Only an Intent (for which it is registered) can bring it into action. Using a Broadcast Receiver, applications can

789 views • 50 slides
Ruby Monstas Session 17: Interlude: Encryption Encryption What comes to mind if you think about

Ruby Monstas Session 17: Interlude: Encryption Encryption What comes to mind if you think about

Ruby Monstas Session 17: Interlude: Encryption Encryption What comes to mind if you think about encryption? Encryption Certificates Crypto Currencies Public Key AES Encryption Privacy SSH VPN HTTPS TLS Quantum Digital Signatures

837 views • 46 slides
Ray Tracing 1 Ray Tracing Ray Tracing kills two birds with one stone: Solves the Hidden

Ray Tracing 1 Ray Tracing Ray Tracing kills two birds with one stone: Solves the Hidden

Ray Tracing 1 Ray Tracing Ray Tracing kills two birds with one stone: Solves the Hidden Surface Removal problem Evaluates an improved global illumination model shadows ideal specular reflections ideal specular refractions

586 views • 19 slides
Introduction to Path Tracing Marc Sunet Table of contents From Ray Tracing to Path Tracing The

Introduction to Path Tracing Marc Sunet Table of contents From Ray Tracing to Path Tracing The

Introduction to Path Tracing Marc Sunet Table of contents From Ray Tracing to Path Tracing The Rendering Equation Monte Carlo Integration A Basic Path Tracer Variance Reduction and Optimisation Techniques Additional Resources Plan From Ray

1.08k views • 54 slides
Recent Advances in Adap.ve Sampling and Reconstruc.on for Monte

Recent Advances in Adap.ve Sampling and Reconstruc.on for Monte

Recent Advances in Adap.ve Sampling and Reconstruc.on for Monte Carlo Rendering Deriva've Analysis Wojciech Jarosz wjarosz@disneyresearch.com Thursday, July 16, 15 Path tracing -

1.36k views • 99 slides
Wifi Wireless Encryption Unencrypted WEP WPA-2 Threat Model- Unencrypted Threat

Wifi Wireless Encryption Unencrypted WEP WPA-2 Threat Model- Unencrypted Threat

Wifi Wireless Encryption Unencrypted WEP WPA-2 Threat Model- Unencrypted Threat Model- Unencrypted SSID Hiding SSID - network name LoboGuest eduroam Default broadcast SSID SSID hiding do not broadcast SSID

552 views • 18 slides
Computer Graphics - Ray-Tracing II - Hendrik Lensch Computer Graphics WS07/08 Ray Tracing II

Computer Graphics - Ray-Tracing II - Hendrik Lensch Computer Graphics WS07/08 Ray Tracing II

Computer Graphics - Ray-Tracing II - Hendrik Lensch Computer Graphics WS07/08 Ray Tracing II Overview Last lecture Ray tracing I Basic ray tracing What is possible? Recursive ray tracing algorithm Intersection

873 views • 84 slides
Ray-tracing Acceleration Motivation Distribution Ray Tracing Soft shadows

Ray-tracing Acceleration Motivation Distribution Ray Tracing Soft shadows

Ray-tracing Acceleration Motivation Distribution Ray Tracing Soft shadows Acceleration Data Structures Antialiasing (getting rid of jaggies) for Ray Tracing Glossy reflection Motion blur Depth of field (focus)

940 views • 10 slides
Welcome 1 Ray tracing part I of the course 2 Ray tracing part I of the course Why

Welcome 1 Ray tracing part I of the course 2 Ray tracing part I of the course Why

Graphics (INFOGR), 2018-19, Block IV, lecture 1 Deb Panja Today: Vectors and vector algebra Welcome 1 Ray tracing part I of the course 2 Ray tracing part I of the course Why vectors? you need to shoot a lot of such rays!

594 views • 47 slides
Tracing Shifting Conceptual Vocabularies Through Time 20 November 2016 Gabriel Recchia, Ewan

Tracing Shifting Conceptual Vocabularies Through Time 20 November 2016 Gabriel Recchia, Ewan

Tracing Shifting Conceptual Vocabularies Through Time 20 November 2016 Gabriel Recchia, Ewan Jones, Paul Nulty, John Regan, & Peter de Bolla CRASSH, The Concept Lab, University of Cambridge GLR29@cam.ac.uk @mesotronium broadcast

583 views • 37 slides
Ray Tracing Basics CSE 681 Autumn 11 Han-Wei Shen Forward Ray Tracing We shoot a large

Ray Tracing Basics CSE 681 Autumn 11 Han-Wei Shen Forward Ray Tracing We shoot a large

Ray Tracing Basics CSE 681 Autumn 11 Han-Wei Shen Forward Ray Tracing We shoot a large number of photons Problem? Backward Tracing For every pixel Construct a ray from the eye For every object in the scene Find intersection with the ray

695 views • 55 slides
Knowledge Tracing Machines: Factorization Machines for Knowledge Tracing Jill-Jnn Vie Hisashi

Knowledge Tracing Machines: Factorization Machines for Knowledge Tracing Jill-Jnn Vie Hisashi

Introduction Knowledge Tracing Encoding existing models Knowledge Tracing Machines Results Conclusion Knowledge Tracing Machines: Factorization Machines for Knowledge Tracing Jill-Jnn Vie Hisashi Kashima KJMLW, February 22, 2019

698 views • 51 slides
Usable Encryption Class Presentation for CMSC 818D Wei Bai S Application S Hardware

Usable Encryption Class Presentation for CMSC 818D Wei Bai S Application S Hardware

Usable Encryption Class Presentation for CMSC 818D Wei Bai S Application S Hardware Encryption S Web Encryption S Email Encryption OpenPGP S S/MIME S S Online Social Network Public Key Encryption S Encryption/Decryption

842 views • 26 slides
Advanced Ray Tracing Stochastic ray tracing: distribute rays stochastically across pixel

Advanced Ray Tracing Stochastic ray tracing: distribute rays stochastically across pixel

Distributed Ray Tracing Distributed ray tracing is an elegant technique that tackles many problems at once Advanced Ray Tracing Stochastic ray tracing: distribute rays stochastically across pixel Distributed ray tracing: distribute

263 views • 3 slides

More recommend