Pirate Evolution: How to Make the Most of Your Traitor Keys

Aggelos Kiayias, Serdar Pehlivanoglu

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

We introduce a novel attack concept against trace and revoke schemes called pirate evolution. In this setting, the attacker, called an evolving pirate, is handed a number of traitor keys and produces a number of generations of pirate decoders that are successively disabled by the trace and revoke system. A trace and revoke scheme is susceptible to pirate evolution when the number of decoders that the evolving pirate produces exceeds the number of traitor keys that were at his possession. Pirate evolution can threaten trace and revoke schemes even in cases where both the revocation and traceability properties are ideally satisfied: this is because pirate evolution may enable an attacker to “magnify” an initial key-leakage incident and exploit the traitor keys available to him to produce a great number of pirate boxes that will take a long time to disable. Even moderately successful pirate evolution affects the economics of deployment for a trace and revoke system and thus it is important that it is quantified prior to deployment. In this work, we formalize the concept of pirate evolution and we demonstrate the susceptibility of the trace and revoke schemes of Naor, Naor and Lotspiech (NNL) from Crypto 2001 to an evolving pirate that can produce up to t·logN generations of pirate decoders given an initial set of t traitor keys. This is particularly important in the context of AACS, the new standard for high definition DVDs (HD-DVD and Blue-Ray) that employ the subset difference method of NNL: for example using our attack strategy, a pirate can potentially produce more than 300 pirate decoder generations by using only 10 traitor keys, i.e., key-leakage incidents in AACS can be substantially magnified
Original languageEnglish
Title of host publicationAdvances in Cryptology - CRYPTO 2007
Subtitle of host publication27th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 19-23, 2007. Proceedings
EditorsAlfred Menezes
Place of PublicationBerlin, Heidelberg
PublisherSpringer Berlin Heidelberg
Pages448-465
Number of pages18
ISBN (Electronic)978-3-540-74143-5
ISBN (Print)978-3-540-74142-8
DOIs
Publication statusPublished - 2007

Publication series

NameLecture Notes in Computer Science
PublisherSpringer Berlin Heidelberg
Volume4622
ISSN (Print)0302-9743

Fingerprint

Dive into the research topics of 'Pirate Evolution: How to Make the Most of Your Traitor Keys'. Together they form a unique fingerprint.

Cite this