Traitor Deterring Schemes: Using Bitcoin As Collateral for Digital Content

Aggelos Kiayias, Qiang Tang

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

We put forth a new cryptographic primitive called a Traitor Deterring Scheme (TDS). A TDS is a multi-recipient public-key encryption scheme where an authority issues decryption keys to a set of users. The distinguishing feature of a TDS is that secret-keys are issued only after the users provide some private information as a form of collateral. The traitor deterring property ensures that if a malicious coalition of users (aka "traitors") produces an unauthorized (aka "pirate") decryption device, any recipient of the device will be able to recover at least one of the traitors' collaterals with only black-box access to the device. On the other hand, honest users' collaterals are guaranteed to remain hidden. In this fashion a TDS deincentivizes malicious behavior among users.

We model, construct and analyze TDS's based on various cryptographic assumptions and we show how bitcoin can be used as collateral for real world deployment of TDS's for the distribution of digital content. Along the way, we present cryptographic building blocks that may be of independent interest, namely fuzzy lockers, and comparison predicate encryption schemes for exponentially large domains. We also compare TDS with previous primitives specifically traitor tracing schemes (TTS) introduced by Chor et al. [9] and digital signets for self enforcement introduced by Dwork et al. [12]. A TDS constitutes a strict strengthening of a TTS and, when modeled in what we call the "known ciphertext model", it is a reformulation of digital signets in the public-key, black-box secure setting. In digital signets the adversary attempts to transmit a pirate copy at a favorable "space rate", i.e., without having to send the whole plaintext (and without revealing the traitor collaterals). It is an open question from [12] to construct o(1) space rate schemes under a falsifiable assumption. With our TDS constructions we resolve this open question showing feasibility for space rates O(log λ / λ) and infeasibility for space rates Ω(log2λ/ λ).
Original languageEnglish
Title of host publicationProceedings of the 22Nd ACM SIGSAC Conference on Computer and Communications Security
Place of PublicationNew York, NY, USA
PublisherACM
Pages231-242
Number of pages12
ISBN (Print)978-1-4503-3832-5
DOIs
Publication statusPublished - Oct 2015

Publication series

NameCCS '15
PublisherACM

Fingerprint

Dive into the research topics of 'Traitor Deterring Schemes: Using Bitcoin As Collateral for Digital Content'. Together they form a unique fingerprint.

Cite this