Cryptographic methods for collusionsecure fingerprinting of digital data - PowerPoint PPT Presentation

1 / 18
About This Presentation
Title:

Cryptographic methods for collusionsecure fingerprinting of digital data

Description:

... no means to prove to a third party that a buyer distributed the data illegally ... If an illegally distributed version of the data is found, the merchant is able ... – PowerPoint PPT presentation

Number of Views:75
Avg rating:3.0/5.0
Slides: 19
Provided by: stephen503
Category:

less

Transcript and Presenter's Notes

Title: Cryptographic methods for collusionsecure fingerprinting of digital data


1
Cryptographic methods for collusion-secure
fingerprinting of digital data
  • Ingrid Biehl and Bernd Meyer

2
Overview
  • Definitions
  • Fingerprinting Requirements
  • Symmetric Fingerprinting
  • Model
  • Definition
  • Construction
  • Limitations
  • The Future
  • Questions

3
Definitions
  • Fingerprinting scheme
  • Marks
  • Collusions
  • Code
  • Binary code
  • Marking pattern
  • c-secure

4
Fingerprinting Requirements
  • Guarantee security of the merchants
  • Secure against c-collusions
  • Protection of innocent buyers

5
Symmetric Fingerprinting
  • Model
  • True c-secure does not exist
  • Therefore, c-secure with e-error

6
Symmetric Fingerprinting
  • Definition of a c-secure symmetric fingerprinting
    scheme
  • A pair (G,A) where
  • There are some constants s,t that G(R,r) is a
    function which maps two bit strings R ? 0,1s
    and r ? 0,1t to a codeword in SL
  • For each fixed R the set G(R,r) r ? 0,1t is
    the codebook of G(R)
  • A is the tracing algorithm that traces a
    dishonest buyer with probability at least 1-e

7
Symmetric Fingerprinting
  • Explanation of Definition
  • Each buyer gets a marking pattern mi, may learn
    the value of ri, which was used to compute mi.
  • Only R needs to be kept secret
  • Buyers know that they got marking patterns
    m1,,mk corresponding to some values r1,,rk but
    still dont know what R was used

8
Symmetric Fingerprinting
  • Explanation of Definition
  • The cheaters need to find some marking pattern x
    that cant be used to trace them
  • They can determine the values of R which satisfy
    the condition miG(R,ri) for 1 i k but they
    cant identify the actual R.
  • Merchant will find cheaters with probability 1-e

9
Construction of a symmetric fingerprinting scheme
  • n-secure fingerprinting scheme (with d-error) for
    a small set of n buyers
  • For n 3, d gt 0, let d2n2log(2n/ d)
  • n3, d3/4, d2(32)log((23)/(3/4)) 54
  • Identify the bit strings r ? 0,1log2n1 with
    numbers in 1,,n and the bit strings R ?
    0,1log2((dn)!) 1 with permutations pR of
    the set 1,,dn.
  • r bit strings n3, 2 bits are required
    (00,01,10,11)
  • R bit strings n3, d2, (nd)! 720, 10 bits
    are required (0000000000,,1111111111)
  • Given a string ww1,,wdn ? 0,1dn let
    pR(w)wpR(1),, wpR(dn) be the bit string formed
    by permuting the bits in w according to pR
  • Let er 0dr1d(n-1-r) and F(R,r) pR(er) for
    0rltn

10
Construction of a symmetric fingerprinting scheme
  • Example
  • For d3/4, n3 we have d(2(32)log(2(3)/(3/4))
    54
  • The codebook is constructed by permuting the bits
    in the following strings according to R
    (er0dr1d(n-1-r))
  • e0 111111, e0 0(540)154(3-1-0), so there
    are 108 1s
  • e1 000111, e1 0(541)154(3-1-1), so there
    are 54 1s and 0s
  • e2 000000 e2 0(542)154(3-1-2), so there
    are 108 0s

11
A scheme for a larger set of buyers
  • Let L ? N, 0lte1
  • Let G be a d-secure symmetric fingerprinting
    scheme with n codewords, d-error, codeword length
    ll(n,d,d), and tracing algorithm A.
  • If dc, de/2L, Nn2c, and L4(c-1)log(4N/e),
    then there is a c-secure symmetric fingerprinting
    scheme G with e-error, N codewords, and codeword
    length lLl(n,d,d)

12
A scheme for a larger set of buyers
  • One chooses independently random bit strings
    R1,,RL identically for all users and random bit
    strings r1,,rL individually for each user and
    sets the codeword for the buyer to
  • G(R1,,RL,r1,rL) G(R1,r1)??G(RL,rL)
  • G is called the low-level code of the
    fingerprinting scheme
  • Security is based on the random strings (R)

13
Tracing a dishonest buyer
  • The tracing algorithm A first traces each pair of
    L pieces to a codeword in G(Ri).
  • The result is a sequence of codewords Ww1,,wl
  • High probability of finding traitor with at least
    L/c low-level codewords
  • Low probability (at most e) that W matches an
    innocent person with at least L/c low-level
    codewords

14
Most efficient symmetric fingerprinting scheme
known so far
  • Given N, c is a natural number, Ngtcgt1, 0lte1, let
    n2c, L4(c-1)log(4N/e), and d2n2log(4nL/e)
  • Then there is a c-secure (symmetric)
    fingerprinting scheme with e-error for N buyers
    with marking pattern length
  • l Ldnkc4log(N/e)log(1/e) (for some small
    constant k which does not depend on N,e, and c)

15
Limitations
  • If the merchant finds an illegally distributed
    version of the data he can never decide whether
    it got distributed by some buyer of by one of his
    employees
  • For similar reasons the merchant has no means to
    prove to a third party that a buyer distributed
    the data illegally

16
The Future
  • Asymmetric fingerprinting
  • Built on the symmetric model
  • Merchant and buyer interactively compute a
    fingerprinted version of the data
  • The buyer sees the complete fingerprinted version
    of the data but does not know the places and form
    of the marks
  • The merchant only gets enough information to
    identify a suspicious buyer of the data and to
    convince an arbiter in a protocol in which the
    buyer may be involved in case an illegal copy is
    found

17
The Future
  • Anonymous fingerprinting
  • Takes asymmetric fingerprinting a step further
  • Normal asymmetric techniques allow the merchant
    to know the identity of each buyer, which is
    necessary to trace dishonest buyers
  • To keep privacy, anonymous fingerprinting schemes
    allow the buying of fingerprinted digital data
    without revealing the identity of the buyer to
    the merchant
  • If an illegally distributed version of the data
    is found, the merchant is able to find some
    information in its marking pattern which
    identifies at least one traitor

18
Questions?
Write a Comment
User Comments (0)
About PowerShow.com