#### DMCA

## Anonymous buyer-seller watermarking protocol with additive homomorphism (2008)

Venue: | In Proc. of International Conference on Signal Processing and Multimedia Applications |

Citations: | 5 - 3 self |

### Citations

3888 | A method for obtaining digital signatures and public-key cryptosystems
- Rivest, Shamir, et al.
- 1978
(Show Context)
Citation Context ...based on ”decisional Diffie-Hellman assumption” (DDH). The strongest security level a privacy homomorphism can reach is IND-CPA, instead of IND-CCA2. For instance, the deterministic RSA cryptosystem (=-=Rivest et al., 1978-=-) and the ElGamal cryptosystem (ElGamal, 1985) are multiplicative privacy homomorphism. In contrast to deterministic RSA, ElGamal is INDCPA. The Goldwasser-Micali cryptosystem (Goldwasser and Micali, ... |

1548 | A public key cryptosystem and a signature scheme based on discrete logarithms
- ElGamal
- 1985
(Show Context)
Citation Context ...H). The strongest security level a privacy homomorphism can reach is IND-CPA, instead of IND-CCA2. For instance, the deterministic RSA cryptosystem (Rivest et al., 1978) and the ElGamal cryptosystem (=-=ElGamal, 1985-=-) are multiplicative privacy homomorphism. In contrast to deterministic RSA, ElGamal is INDCPA. The Goldwasser-Micali cryptosystem (Goldwasser and Micali, 1982), the Paillier cryptosystem (Paillier, 1... |

1229 | Tor: The secondgeneration onion router
- Dingledine, Mathewson, et al.
- 2004
(Show Context)
Citation Context ...some buyer with an anonymous key pk∗B has bought the product X0 but not the identity of B . Besides the proposed protocol, the communication between A and B is over an anonymous channel, such as Tor (=-=Dingledine et al., 2004-=-). B’s privacy is protected against various traffic analysis attacks, depending on the security of the underlying technique. Therefore, B is able to stay anonymous until he is adjudicated to be guilty... |

1099 | Secure Spread Spectrum Watermarking for Multimedia,”
- Cox
- 1997
(Show Context)
Citation Context ... 2002). On the other hand, the literature can also be categorized as as symmetric schemes, asymmetric schemes, and anonymous schemes. In symmetric schemes (Blakley et al., 1985; Boneh and Shaw, 1995; =-=Cox et al., 1997-=-), both the seller and the buyer know the watermark and the watermarked content. As a consequence, it is possible for a malicious seller to frame an innocent buyer, or for an accused buyer to repudiat... |

1006 | Public-Key Cryptosystems Based on Composite Degree Residue Classes
- Paillier
- 1999
(Show Context)
Citation Context ...Gamal, 1985) are multiplicative privacy homomorphism. In contrast to deterministic RSA, ElGamal is INDCPA. The Goldwasser-Micali cryptosystem (Goldwasser and Micali, 1982), the Paillier cryptosystem (=-=Paillier, 1999-=-), and Paillier’s generalization the Damgård-Jurik cryptosystem (Jurik, 2001) are additive privacy homomorphism. 2.2 Group Signature Group signatures (Chaum and van Heyst, 1991; Camenisch and Stadler... |

641 | Group Signatures - Chaum, Heyst - 1991 |

352 | Collision–secure Fingerprinting for Digital Data
- Boneh, Shaw
- 1995
(Show Context)
Citation Context ... the buyer’s information in the distributed content. The literature of fingerprinting research can be categorized as fingerprinting for generic data, e.g. csecure fingerprinting code by Boneh et al. (=-=Boneh and Shaw, 1995-=-), fingerprinting for multimedia data (Wang et al., 2005; Trappe et al., 2003; Liu et al., 2005), and fingerprinting protocols, e.g. the ones based on secure two-party computations (Pittzmann and Schu... |

314 | Efficient group signature schemes for large groups.
- Camenisch, Stadler
- 1997
(Show Context)
Citation Context ...ystem (Paillier, 1999), and Paillier’s generalization the Damgård-Jurik cryptosystem (Jurik, 2001) are additive privacy homomorphism. 2.2 Group Signature Group signatures (Chaum and van Heyst, 1991; =-=Camenisch and Stadler, 1997-=-), enable group members, each with its own private signature key to produce signatures on behalf of the group. Group signature schemes can be either static or dynamic. Dynamic schemes allows to update... |

207 | A New Public-key Cryptosystem as Secure as Factoring.
- Okamoto, Uchiyama
- 1998
(Show Context)
Citation Context ...o Goldwasser-Micali (Goldwasser and Micali, 1982) {0,1} Z∗n lg(n) Benaloh (Benaloh, 1994) Z/rZ (Z/nZ)∗ lg(n)/lg(r) Naccache-Stern (Naccache and Stern, 1998) Z/rZ (Z/nZ)∗ lg(n)/lg(r) Okamoto-Uchiyama (=-=Okamoto and Uchiyama, 1998-=-) Z/pZ Z/p2qZ lg(p2q)/lg(p)> 2 Paillier (Paillier, 1999) Zn Z∗n2 lg(n 2)/lg(n) = 2 Damgård-Jurik (Jurik, 2001) Zns Z∗ns+1 (s+1)/s≤ 2 (s ∈N) 7 CONCLUSIONS We have proposed a new anonymous buyer-seller... |

188 |
Probabilistic encryption & how to play mental poker keeping secret all partial information
- Goldwasser, Micali
- 1982
(Show Context)
Citation Context ...em (Rivest et al., 1978) and the ElGamal cryptosystem (ElGamal, 1985) are multiplicative privacy homomorphism. In contrast to deterministic RSA, ElGamal is INDCPA. The Goldwasser-Micali cryptosystem (=-=Goldwasser and Micali, 1982-=-), the Paillier cryptosystem (Paillier, 1999), and Paillier’s generalization the Damgård-Jurik cryptosystem (Jurik, 2001) are additive privacy homomorphism. 2.2 Group Signature Group signatures (Chau... |

169 | Practical Verifiable Encryption and Decryption of Discrete Logarithms
- Camenisch, Shoup
- 2003
(Show Context)
Citation Context ...ber of the coalition. Non-frameability requires that no adversary can produce a signature in the name of a user unless the latter indeed produced it. 2.3 Verifiable Encryption Verifiable encryptions (=-=Camenisch and Shoup, 2003-=-) can prove that a plaintext satisfies certain properties without compromising the secrecy. The applications include escrow schemes (Young and Yung, 1998; Poupard and Stern, 2000), group signature and... |

131 | Foundations of Group Signatures: The Case of Dynamic Groups.
- Bellare, Shi, et al.
- 2005
(Show Context)
Citation Context ...oup manager is separated as an issuer and an opener. This provides more security with a lower level of trust. The security properties of group signatures are formally proved in (Bellare et al., 2003; =-=Bellare et al., 2005-=-): Anonymity allows group members to create signatures anonymously, such that it is hard for an adversary, not in possession of the group manager’s opening key to recover the identity of the signer. T... |

90 | A new public key cryptosystem based on higher residues
- Naccache, Stern
- 1998
(Show Context)
Citation Context ...ic DCRA-based homomorphic cryptosystems. E :G→ G̃ G G̃ Expansion ratio Goldwasser-Micali (Goldwasser and Micali, 1982) {0,1} Z∗n lg(n) Benaloh (Benaloh, 1994) Z/rZ (Z/nZ)∗ lg(n)/lg(r) Naccache-Stern (=-=Naccache and Stern, 1998-=-) Z/rZ (Z/nZ)∗ lg(n)/lg(r) Okamoto-Uchiyama (Okamoto and Uchiyama, 1998) Z/pZ Z/p2qZ lg(p2q)/lg(p)> 2 Paillier (Paillier, 1999) Zn Z∗n2 lg(n 2)/lg(n) = 2 Damgård-Jurik (Jurik, 2001) Zns Z∗ns+1 (s+1)/... |

78 |
Dense probabilistic encryption
- Benaloh
- 1994
(Show Context)
Citation Context ...xt space, and the expansion ratio of various probabilistic DCRA-based homomorphic cryptosystems. E :G→ G̃ G G̃ Expansion ratio Goldwasser-Micali (Goldwasser and Micali, 1982) {0,1} Z∗n lg(n) Benaloh (=-=Benaloh, 1994-=-) Z/rZ (Z/nZ)∗ lg(n)/lg(r) Naccache-Stern (Naccache and Stern, 1998) Z/rZ (Z/nZ)∗ lg(n)/lg(r) Okamoto-Uchiyama (Okamoto and Uchiyama, 1998) Z/pZ Z/p2qZ lg(p2q)/lg(p)> 2 Paillier (Paillier, 1999) Zn Z∗... |

78 | Identity escrow. In - Kilian, Petrank - 1998 |

75 | Digital payment systems with passive anonymity-revoking trustees,” in
- Camenisch, Maurer, et al.
- 1996
(Show Context)
Citation Context ...ng and Yung, 1998; Poupard and Stern, 2000), group signature and identity escrow (Ateniese et al., 2000; Kilian and Petrank, 1998), and digital payment with revocable anonymity (Frankel et al., 1996; =-=Camenisch et al., 1996-=-). In the proposed protocol, a verifiable encryption is applied for key escrow of the buyer’s private key. 3 MODEL OF ANONYMOUS BUYER-SELLER WATERMARKING PROTOCOLS Let X0 ∈ {0,1}∗ be the cover data, X... |

72 | Anonymous fingerprinting”,
- Pfitzmann, Waidner
- 1997
(Show Context)
Citation Context ...Liu et al., 2005), and fingerprinting protocols, e.g. the ones based on secure two-party computations (Pittzmann and Schunter, 1996; Pfitzmann and Waidner, 1997) or based on coin-based constructions (=-=Pfitzmann and Sadeghi, 1999-=-; Pfitzmann and Sadeghi, 2000; Camenisch, 2000). The shortcoming of these fingerprinting schemes lies in the inefficiency of the implementations (Ju et al., 2002). On the other hand, the literature ca... |

60 | A buyer-seller watermarking protocol,”
- Menon, Wong
- 2001
(Show Context)
Citation Context ...tents are purchased by the same buyer or not. In the literature of buyer-seller watermarking protocols, the first known asymmetric buyer-seller watermarking protocol was introduced by Memon and Wong (=-=Memon and Wong, 2001-=-) by applying privacy homomorphic cryptosystems, and it was extended by Ju et al. (Ju et al., 2002). Since the introduction of the concept, several alternative designs have been proposed (Jae-Gwi Choi... |

52 | Watermarking schemes and protocols for protecting rightful ownership and customer's rights
- Qiao, Nahrstedt
- 1999
(Show Context)
Citation Context ...ble for a malicious seller to frame an innocent buyer, or for an accused buyer to repudiate the guilt. This customer’s rights problem in symmetric schemes was first pointed out by Qiao and Nahrstedt (=-=Qiao and Nahrstedt, 1998-=-), and the problem can be solved by asymmetric schemes (Pittzmann and Schunter, 1996; Pfitzmann and Waidner, 1997; Biehl and Meyer, 1997), where only the buyer can obtain the exact watermarked or fing... |

48 |
A generalization, a simplification and some applications of Paillier’s probabilistic public-key system.
- Damgard, Jurik
- 1992
(Show Context)
Citation Context ...ic RSA, ElGamal is INDCPA. The Goldwasser-Micali cryptosystem (Goldwasser and Micali, 1982), the Paillier cryptosystem (Paillier, 1999), and Paillier’s generalization the Damgård-Jurik cryptosystem (=-=Jurik, 2001-=-) are additive privacy homomorphism. 2.2 Group Signature Group signatures (Chaum and van Heyst, 1991; Camenisch and Stadler, 1997), enable group members, each with its own private signature key to pro... |

40 |
Fingerprinting long forgiving messages
- Blakley, Meadows, et al.
- 1986
(Show Context)
Citation Context ...fficiency of the implementations (Ju et al., 2002). On the other hand, the literature can also be categorized as as symmetric schemes, asymmetric schemes, and anonymous schemes. In symmetric schemes (=-=Blakley et al., 1985-=-; Boneh and Shaw, 1995; Cox et al., 1997), both the seller and the buyer know the watermark and the watermarked content. As a consequence, it is possible for a malicious seller to frame an innocent bu... |

35 | Anti-collusion forensics of multimedia fingerprinting using orthogonal modulation,”
- Wang, Wu, et al.
- 2005
(Show Context)
Citation Context ...rinting research can be categorized as fingerprinting for generic data, e.g. csecure fingerprinting code by Boneh et al. (Boneh and Shaw, 1995), fingerprinting for multimedia data (Wang et al., 2005; =-=Trappe et al., 2003-=-; Liu et al., 2005), and fingerprinting protocols, e.g. the ones based on secure two-party computations (Pittzmann and Schunter, 1996; Pfitzmann and Waidner, 1997) or based on coin-based constructions... |

27 | Fingerprinting protocol for images based on additive homomorphic property,”IEEE
- Kuribayashi, Tanaka
- 2005
(Show Context)
Citation Context ... this section, we provide an example of the proposed protocol and employ the additive homomorphism of Damgård-Jurik cryptosystem (Jurik, 2001) and the watermarking scheme by Kuribayashi and Tanaka. (=-=Kuribayashi and Tanaka, 2005-=-). Note that anti-collusion fingerprintings by Wu et al. (Wang et al., 2005; Trappe et al., 2003; Liu et al., 2005) can be applied for the coding of watermark values, in order to prevent complete remo... |

26 |
Multimedia Fingerprinting Forensics for Traitor Tracing
- Liu, Trappe, et al.
- 2005
(Show Context)
Citation Context ...be categorized as fingerprinting for generic data, e.g. csecure fingerprinting code by Boneh et al. (Boneh and Shaw, 1995), fingerprinting for multimedia data (Wang et al., 2005; Trappe et al., 2003; =-=Liu et al., 2005-=-), and fingerprinting protocols, e.g. the ones based on secure two-party computations (Pittzmann and Schunter, 1996; Pfitzmann and Waidner, 1997) or based on coin-based constructions (Pfitzmann and Sa... |

25 |
Auto-recoverable autocertifiable cryptosystems
- Young, Yung
- 1998
(Show Context)
Citation Context ...fiable Encryption Verifiable encryptions (Camenisch and Shoup, 2003) can prove that a plaintext satisfies certain properties without compromising the secrecy. The applications include escrow schemes (=-=Young and Yung, 1998-=-; Poupard and Stern, 2000), group signature and identity escrow (Ateniese et al., 2000; Kilian and Petrank, 1998), and digital payment with revocable anonymity (Frankel et al., 1996; Camenisch et al.,... |

24 | An efficient and anonymous buyer-seller watermarking protocol.
- Lei, Yu, et al.
- 2004
(Show Context)
Citation Context ...morphic cryptosystems, and it was extended by Ju et al. (Ju et al., 2002). Since the introduction of the concept, several alternative designs have been proposed (Jae-Gwi Choi, 2003; Goi et al., 2004; =-=Lei et al., 2004-=-; Zhang et al., 2006; Ibrahim et al., 2007). Choi et al. (Jae-Gwi Choi, 2003) pointed out the conspiracy problem in (Memon and Wong, 2001; Ju et al., 2002), where a malicious seller can collude with a... |

21 | Fair encryption of RSA keys
- Poupard, Stern
- 2000
(Show Context)
Citation Context ...fiable encryptions (Camenisch and Shoup, 2003) can prove that a plaintext satisfies certain properties without compromising the secrecy. The applications include escrow schemes (Young and Yung, 1998; =-=Poupard and Stern, 2000-=-), group signature and identity escrow (Ateniese et al., 2000; Kilian and Petrank, 1998), and digital payment with revocable anonymity (Frankel et al., 1996; Camenisch et al., 1996). In the proposed p... |

16 | Efficient anonymous fingerprinting with group signatures,” Asiacrypt
- Camenisch
- 2000
(Show Context)
Citation Context ...ones based on secure two-party computations (Pittzmann and Schunter, 1996; Pfitzmann and Waidner, 1997) or based on coin-based constructions (Pfitzmann and Sadeghi, 1999; Pfitzmann and Sadeghi, 2000; =-=Camenisch, 2000-=-). The shortcoming of these fingerprinting schemes lies in the inefficiency of the implementations (Ju et al., 2002). On the other hand, the literature can also be categorized as as symmetric schemes,... |

14 |
Protocols for collusionsecure asymmetric fingerprinting
- Biehl, Meyer
- 1997
(Show Context)
Citation Context ...mmetric schemes was first pointed out by Qiao and Nahrstedt (Qiao and Nahrstedt, 1998), and the problem can be solved by asymmetric schemes (Pittzmann and Schunter, 1996; Pfitzmann and Waidner, 1997; =-=Biehl and Meyer, 1997-=-), where only the buyer can obtain the exact watermarked or fingerprinted copy, and hence the buyer cannot claim that an pirated copy was originated from the seller. When a pirated copy is found, the ... |

13 |
An Anonymous Buyer-Seller Watermarking Protocol with Anonymity
- Ju, Kim, et al.
- 2003
(Show Context)
Citation Context ... coin-based constructions (Pfitzmann and Sadeghi, 1999; Pfitzmann and Sadeghi, 2000; Camenisch, 2000). The shortcoming of these fingerprinting schemes lies in the inefficiency of the implementations (=-=Ju et al., 2002-=-). On the other hand, the literature can also be categorized as as symmetric schemes, asymmetric schemes, and anonymous schemes. In symmetric schemes (Blakley et al., 1985; Boneh and Shaw, 1995; Cox e... |

12 | Anonymous fingerprinting with direct non-repudiation
- Pfitzmann, Sadeghi
- 2000
(Show Context)
Citation Context ...printing protocols, e.g. the ones based on secure two-party computations (Pittzmann and Schunter, 1996; Pfitzmann and Waidner, 1997) or based on coin-based constructions (Pfitzmann and Sadeghi, 1999; =-=Pfitzmann and Sadeghi, 2000-=-; Camenisch, 2000). The shortcoming of these fingerprinting schemes lies in the inefficiency of the implementations (Ju et al., 2002). On the other hand, the literature can also be categorized as as s... |

11 | Verifiable encryption and applications to group signatures and signature sharing
- Camenisch, Damg˚ard
- 1998
(Show Context)
Citation Context ...k from a content without knowing the watermark. As an example, we choose to employ Bellare et al.’s dynamic group signature (Bellare et al., 2005), and Camenisch et al.s verifiable encryption scheme (=-=Camenisch and Damgard, 1998-=-) for the key escrow of the buyers private key at the CA. For consistency, we assume the digital content is a still image, although the protocol can be applied to other data format such as audio or vi... |

11 | Does it need trusted third party? design of buyer-seller watermarking protocol without trusted third party - Choi, Sakurai, et al. - 2003 |

8 |
Indirect disclosure proof: Achieving. efficient fair off-line ecash
- Frankel, Tsiounis, et al.
- 1996
(Show Context)
Citation Context ...de escrow schemes (Young and Yung, 1998; Poupard and Stern, 2000), group signature and identity escrow (Ateniese et al., 2000; Kilian and Petrank, 1998), and digital payment with revocable anonymity (=-=Frankel et al., 1996-=-; Camenisch et al., 1996). In the proposed protocol, a verifiable encryption is applied for key escrow of the buyer’s private key. 3 MODEL OF ANONYMOUS BUYER-SELLER WATERMARKING PROTOCOLS Let X0 ∈ {0,... |

6 |
Watermarking protocol for web context
- Frattolillo
(Show Context)
Citation Context ... end up reducing their commercial value. When applied independently, the second watermark could confuse or discredit the authority of the first watermark, thus acting as an actual ”ambiguity attack” (=-=Frattolillo, 2007-=-). We avoid it by designing a composite watermark, which is composed of the buyer’s secret watermark, the seller’s secret watermark, and a transaction index. Not limited to linear watermark. The propo... |

5 | Cryptanalysis of two anonymous buyer-seller watermarking protocols and an improvement for true anonymity
- Goi, Phan, et al.
- 2004
(Show Context)
Citation Context ...ction, privacy, and security for both the buyer and the seller simultaneously in e-commerce. A buyer-seller watermarking protocol should provide the following security properties (Jae-Gwi Choi, 2003; =-=Goi et al., 2004-=-), as the strategic design principle: Traceability: A copyright violator should be able to be traced and identified. Non-framing: Nobody can accuse an honest buyer. Non-repudiation: A guilty buyer can... |

4 |
Asymmetric fngerprinting
- Pittzmann, Schunter
- 1996
(Show Context)
Citation Context ...neh and Shaw, 1995), fingerprinting for multimedia data (Wang et al., 2005; Trappe et al., 2003; Liu et al., 2005), and fingerprinting protocols, e.g. the ones based on secure two-party computations (=-=Pittzmann and Schunter, 1996-=-; Pfitzmann and Waidner, 1997) or based on coin-based constructions (Pfitzmann and Sadeghi, 1999; Pfitzmann and Sadeghi, 2000; Camenisch, 2000). The shortcoming of these fingerprinting schemes lies in... |