Sequential Traitor Tracing

In a static traitor-tracing scheme marks are distributed to the users, then the marks from pirate copies are used to trace the traitors. In the dynamic model there is the potential for feedback from the pirate broadcast to be used in determining the mark distribution, as well as in the tracing. The pirate could attempt to thwart this, however, by delaying the start of the pirate broadcast until the legitimate broadcast containing the mark distribution was completed. This is referred to as the delayed rebroadcast attack, and sequential traitor-tracing schemes were proposed by Safavi-Naini and Wang to counter- act it [13]. In their conception of sequential traitor-tracing schemes the marks are distributed according to a predetermined mark allocation table, and trac- ing commences as soon as information from the pirate broadcast is received; here we restrict our attention to the case in which this occurs after the mark distribution is complete. In constructing sequential traitor-tracing schemes we assume that the pirate coalition has size at most c for some known integer c.

The mark allocation table is an n×l array M = mij
with entries from the

mark alphabet Q, where n is the number of users, and l is the number of time segments needed to implement the scheme. The marks are then distributed

to the users according to this table, with user i receiving the symbol mij at

time j. The rows of the matrix M can be thought of as the words of a q-ary, length l code C and the corresponding pirate broadcast will be a word in Ql

that is a descendent of the set of at most c words belonging to the traitors. In order for a matrix to be the mark allocation table of a sequential traitor- tracing scheme we require that there exists a deterministic algorithm taking as input a pirate broadcast sequence coming from a set of c or fewer traitors and outputting the identity of at least one of those traitors. (Note that in general it is only possible to guarantee the identification of one of the traitors, since the pirate set can always elect to broadcast the versions corresponding to a single traitorous user.) This requirement places a condition on the code C that is equivalent to C being a c-IPP code.

Definition 3.2. Let C _{⊂ Q}l _{be a code. A set S∈ C is a parent set of a word}

x _{∈ Q}l _{if x ∈ desc(S). Denote the set of all parent sets of x of size less than}

or equal to c by _Hc(x); thus Hc(x) ={S ⊆ C||S| ≤ c, x ∈ desc(S)}. We say

that the code C is a c-IPP code if for all words x_{∈ Q}l _{either H}

c(x) =∅, or

\

S_∈Hc(x)

S _{6= ∅.}

If a mark allocation table is a c-IPP code then given any pirate broadcast Ξ there exists at least one user u who is a member of every set of c or fewer users capable of producing Ξ, which implies that u is necessarily a traitor. If, however, the code does not have the c-IPP property then there exists a potential pirate broadcast x ∈ Ql _{that will not allow us to trace any traitor,}

since for each user u capable of having contributed to x there exists a pirate set T ⊂ U \ {u} of size at most c that could also have produced x.

Theorem 3.3. [14] Every c-TA code is a c-IPP code.

Proof. Let C _{⊂ Q}l _{be a c-TA code. If x∈ desc(S) for some S ⊂ C containing}

at most c words (i.e. if _Hc(x)6= ∅) then the (nonempty) set Y of codewords

closest to x is contained in S. As this is true for any parent S of x, so Y is contained in the intersection of all parent sets S with _{|S| ≤ c, hence this} intersection is nonempty. Therefore C satisfies the c-IPP property.  There exist c-IPP codes that are not c-TA codes (see, for example, [14]). What the c-TA property provides, however, is a natural algorithm for finding a parent: simply take the closest codeword(s). Using a c-TA code as a mark allocation table thus yields a scheme capable of tracing at least one traitor.

Once one traitor has been traced and disconnected, a similar scheme as- suming the existence of at most c_{− 1 traitors can be run in order to catch} another traitor and so on in sequence, hence the name sequential.

As the mark allocation table of a sequential traitor-tracing scheme corre- sponds to a c-IPP code any bounds on the number of words in such a code will serve to bound the number of users that can be accommodated by a sequential traitor-tracing scheme. The following bound is due to Alon and Stav [1]. Theorem 3.4. [1] Define s(c) = (_c2 4 + c when c is even, c2 4 + c− 1 4 when c is odd.

A q-ary, length l, c-IPP code has at most s(c)q⌈s(c)l ⌉ codewords.

This allows us to bound the minimum l for which there exists a sequential traitor-tracing scheme that supports n users and uses l segments.

Corollary 3.5. A sequential traitor-tracing scheme that supports n users and assumes the existence of at most c traitors requires the use of at least

s(c) logq _s(c)n − s(c) + 1 segments for its implementation.

Proof. We know that the words of the mark allocation table form a c-IPP code, and therefore by Theorem 3.4 we have n _{≤ s(c)q⌈}s(c)l ⌉. From this we

deduce that logq n s(c) ≤  l s(c)  . Therefore s(c) logq n s(c) ≤ s(c)  l s(c)  ≤ l + s(c) − 1.

The result follows directly.  We see therefore that to implement a sequential traitor-tracing scheme requires around c2

4 logq4nc2 or more segments to catch one traitor; when c = 2,

for instance, this is approximately logqn.