Computer Laboratory

Technical reports

An attack on a traitor tracing scheme

Jeff Jianxin Yan, Yongdong Wu

July 2001, 14 pages


In Crypto’99, Boneh and Franklin proposed a public key traitor tracing scheme, which was believed to be able to catch all traitors while not accusing any innocent users (i.e., full-tracing and error-free). Assuming that Decision Diffie-Hellman problem is unsolvable in Gq, Boneh and Franklin proved that a decoder cannot distinguish valid ciphertexts from invalid ones that are used for tracing. However, our novel pirate decoder P3 manages to make some invalid ciphertexts distinguishable without violating their assumption, and it can also frame innocent user coalitions to fool the tracer. Neither the single-key nor arbitrary pirate tracing algorithm presented in [1] can identify all keys used by P3 as claimed. Instead, it is possible for both algorithms to catch none of the traitors. We believe that the construction of our novel pirate also demonstrates a simple way to defeat some other black-box traitor tracing schemes in general.

Full text

PDF (0.2 MB)

BibTeX record

  author =	 {Yan, Jeff Jianxin and Wu, Yongdong},
  title = 	 {{An attack on a traitor tracing scheme}},
  year = 	 2001,
  month = 	 jul,
  url = 	 {},
  institution =  {University of Cambridge, Computer Laboratory},
  number = 	 {UCAM-CL-TR-518}