TTS without revocation capability secure against CCA2

Abstract

A traitor tracing scheme (TTS) deters traitors from giving away their secret keys to decrypt the transmitted data by enabling the system manager to trace at least one of the traitors who participated in the construction of a pirate decoder after confiscating it. In an asymmetric scheme, the system manager is also under suspicion, so the system manager must convince a judge of the implication of the traitors. Recently, Kiayias and Yung proposed an asymmetric public key traitor tracing scheme [13]. However, their scheme does not provide CCA2 security even if a single user is a traitor. That is, their scheme is secure against adaptive chosen ciphertext (CCA2) attack only when there is no traitor. In this paper, we first introduce the security notion against CCA2 attack in a traitor tracing scheme with no revocation capability. This notion is somewhat different from the traditional security notion against CCA2 attack in a two-party encryption scheme [5]. To the best of our knowledge, no security notion against CCA2 attack in a traitor tracing scheme with no revocation capability has been presented. In addition, we modify the Kiayias and Yung's scheme to achieve security against CCA2 attack under the decision Diffie-Hellman assumption and the collision-resistant hash function assumption.