A traitor tracing system enables a publisher to trace a pirate decryption box to one of the secret keys used to create the box. We present the first traitor tracing system where ciphertext size is “constant, ” namely independent of the number of users in the system and the collusion bound. A ciphertext in our system consists of only two elements where the length of each element depends only on the security parameter. The down side is that private-key size is quadratic in the collusion bound. Our construction is based on recent constructions for fingerprinting codes. 1

This paper presents our recent works on multimedia fingerprinting, improving both the fingerprinting code and the watermarking scheme. Our first contribution focuses on deriving a better accusation process for the well known Tardos codes. It appears that Tardos orginal decoding is very conservative: its performances are guaranteed whatever the collusion strategy. Indeed, major improvements stem from the knowledge of the collusion strategy. Therefore, the first part of this paper investigates how it is possible to learn and adapt to the collusion strategy. Our solution is based on an iterative algorithm a la EM, where a better estimation of the collusion strategy yields a better tracing of the colluders, which in return yields a better estimation of the collusion strategy etc. The second part of this paper focuses on the multimedia watermarking scheme. In a previous paper, we already used the ‘Broken Arrows ’ technique as the watermarking layer for multimedia fingerprinting. However, a recent paper from A. Westfeld disclosed a flaw in this technique. We present here a counter-measure which blocks this security hole while preserving the robustness of the original technique. Keywords: Watermarking, Proportional embedding, Fingerprinting, Anti-collusion, Tardos code 1.

We present the first identity-based traitor tracing scheme. The scheme is shown to be secure in the standard model, assuming the bilinear decision Diffie-Hellman (DBDH) is hard in the asymmetric bilinear pairing setting, and that the DDH assumption holds in the group defining the first coordinate of the asymmetric pairing. Our traitor tracing system allows adaptive pirates to be traced. The scheme makes use of a two level identity-based encryption scheme with wildcards (WIBE) based on Waters’ identity-based encryption scheme.

ABSTRACT Relational databases watermarking aims at protecting the intellectual or industrial property of a dataset, by applying secret and slight alterations on it. When critical usability constraints of this dataset must be preserved, finding such alterations (watermarks) is a difficult computational task, which is not optimized by the current watermarking systems. This is a critical limitation when considering fingerprinting applications, where several distinct watermarked databases have to be obtained. An important property of the watermark is to be resilient to attacks that try to erase it. Among these attacks, one of the most severe is the collusion attack, that locates the watermark by comparing several distinct watermarked versions of a database. Such an attack has not been taken into account by the existing databases watermarking methods, when usability constraints have to be preserved. In this paper, we present an efficient algorithm for collusionsecure fingerprinting that preserves usability constraints. We identify a class of constraints, namely weight-independent constraints, that can be translated into an integer linear program. Solutions of this program are acceptable watermarks. This representation is computed once and for all and has the following advantages. First, we can rely on state-ofthe-art optimizers to reduce the search space and quickly find a good watermark. Second, for a carefully chosen class of watermarks, producing every new watermark is immediate, compared with the complete recomputation needed by existing watermarking methods. Finally, our algorithm addresses the problem of collusion attacks, by making possible * Work supported by the ACI Sécurité & Informatique grant -TADORNE project (2004) Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. To copy otherwise, to republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. the use of collusion-secure codes while respecting usability constraints. The formalism of this article permits to handle both relational databases and XML documents. The effectiveness of our techniques has been established on our open platform Watermill, that integrates fingerprinting management capabilities to standard relational or XML-native databases systems.

Abstract not found

Dynamic traitor tracing schemes were introduced by Fiat and Tassa in order to combat piracy in active broadcast scenarios. In such settings, the data provider supplies access control keys to its legal customers on a periodical basis. A number of users may collude in order to publish those keys via the Internet or any other network. Dynamic traitor tracing schemes rely on the feedback from the pirate network in order to modify their key allocation until they are able either to incriminate and disconnect all traitors, or force them to stop their illegal activity. Those schemes are deterministic in the sense that incrimination is always certain. As such deterministic schemes must multiply the critical data by at least p + 1, where p is the number of traitors, they may impose a too large toll on bandwidth. We suggest here probabilistic schemes that enable one to trace all traitors with an almost certainty, where the critical data is multiplied by two, regardless of the number of traitors. These techniques are obtained by combining dynamic traitor tracing schemes with binary fingerprinting techniques, such as those proposed by

This paper proposes a major shift in the decoding of probabilistic Tardos traitor tracing code. The goal of the decoder is to accuse colluders but it ignores how they have been mixing their copies in order to forge the pirated content. As originally proposed by Tardos, so far proposed decoders are agnostic and their performances are stable with respect to this unknown collusion attack. However, this stability automatically leads to non-optimality from a detection theory perspective. This is the reason why this paper proposes to estimate the collusion attack in order to approximate the optimal matched decoder. This is done iteratively thanks to the application of the well-known Expectation-Maximization algorithm. We have dropped the stability: the power of our decoding algorithm deeply depends on the collusion attack. Some attacks are worse than others. However, even for the worst collusion channel, our decoder performs better than the original Tardos decoding.

We introduce a new attack model for collusion secure codes, and analyze the collusion resistance of two version of the Tardos code in this model, both for binary and non-binary alphabets. The model allows to consider signal processing and averaging attacks via a set of symbol detection error rates. The false positive rate is represented as a single number; the false negative rate is a function of the false positive rate and of the number of symbols mixed by the colluders. We study two versions of the q-ary Tardos code in which the accusation method has been modified so as to allow for the detection of multiple symbols in the same content segment. The collusion resilience of both variants turns out to be comparable. For realistic attacker strengths the increase in code length is modest, demonstrating that the modified Tardos code is effective in the new model. 1

Abstract not found

Abstract—We investigate alternative suspicion functions for bias-based traitor tracing schemes, and present a practical construction of a simple decoder that attains capacity in the limit of large coalition size c. We derive optimal suspicion functions in both the Restricted-Digit Model and the Combined-Digit Model. These functions depend on information that is usually not available to the tracer – the attack strategy or the tallies of the symbols received by the colluders. We discuss how such results can be used in realistic contexts. We study several combinations of coalition attack strategy versus suspicion function optimized against some attack (another attack or the same). In many of these combinations the usual codelength scaling ℓ ∝ c 2 changes to a lower power of c, e.g. c 3/2. We find that the interleaving strategy is an especially powerful attack. The suspicion function tailored against interleaving is the key ingredient of the capacity-achieving construction. Index Terms—Collusion resistance, traitor tracing. I.