Key-leakage resilient revoke scheme resisting pirates 2.0 in bounded leakage model

Abstract

Trace and revoke schemes have been widely studied in theory and implemented in practice. In the first part of the paper, we construct a fully secure key-leakage resilient identity-based revoke scheme. In order to achieve this goal, we first employ the dual system encryption technique to directly prove the security of a variant of the BBG - WIBE scheme under known assumptions (and thus avoid a loss of an exponential factor in hierarchical depth in the classical method of reducing the adaptive security of WIBE to the adaptive security of the underlying HIBE). We then modify this scheme to achieve a fully secure key-leakage resilient WIBE scheme. Finally, by using a transformation from a WIBE scheme to a revoke scheme, we propose the first fully secure key-leakage resilient identity-based revoke scheme. In the classical model of traitor tracing, one assumes that a traitor contributes its entire secret key to build a pirate decoder. However, new practical scenarios of pirate has been considered, namely Pirate Evolution Attacks at Crypto 2007 and Pirates 2.0 at Eurocrypt 2009, in which pirate decoders could be built from sub-keys of users. The key notion in Pirates 2.0 is the anonymity level of traitors: they can rest assured to remain anonymous when each of them only contributes a very small fraction of its secret key by using a public extraction function. This scenario encourages dishonest users to participate in collusion and the size of collusion could become very large, possibly beyond the considered threshold in the classical model. In the second part of the paper, we show that our key-leakage resilient identity-based revoke scheme is immune to Pirates 2.0 in some special forms in bounded leakage model. It thus gives an interesting and rather surprised connection between the rich domain of key-leakage resilient cryptography and Pirates 2.0. © 2013 Springer-Verlag Berlin Heidelberg.