White-Box Traitor-Tracing from Tardos Probabilistic Codes.

In this paper, we address the problem of tracing traitors in the white-box model. A traitor tracing system generally comes with a broadcast encryption scheme where each user is equipped with a secret that allows him to decrypt broadcast data. When a broadcast encryption scheme is provided with a tracing procedure, the user’s key is used to uniquely identify him. A white-box model refers to a context where an attacker shares the host with a software implementation of a cryptographic algorithm and controls the execution environment. Thus, a traditional broadcast encryption scheme will fail in this context since an adversary may steal the user’s decryption key and illegally decrypts broadcast contents. In this work, we describe a traitor tracing system where each user is provided with a distinct key generation function instead of a secret key. The key generator is made user-specific and enables to generate a content key which is used to decrypt the encrypted content. We use techniques of White-Box Cryptography to build the key generation function and use a collusion-secure code to derive the user-specific key generators. Finally, we prove that the system is collusion-resilient.