Cryptography Reference
In-Depth Information
r hA,T i where r hA,T i is the maximum number of rounds needed to win the game;
note that rvover[ RG B ψ ,T ] is a function of t,σ and possibly of other parameters
as well.
As in the case of traitor tracing we will consider a number of variations
for the revocation game:
1. Stateful revocation. Similarly to the case of stateful tracing in stateful re-
vocation the tracer has to choose its queries in a way that is dependent
with the history of previous queries from a set Q Encrypt
ψ,h . Similarly, the
adversary also has to oblige and satisfy the R Encrypt predicate that now
also takes the history of the queries into account while producing a result.
As in the case of tracing, stateful revocation is a mechanism to place a
further restriction on the tracer's side as it drops any compliance require-
ments on the part of the adversary when the tracer becomes inconsistent
with the query history.
2. Alfresco revocation. As in the case of tracing alfresco, the tracer needs
to form every query he makes statistically indistinguishable from mem-
bers of Q Encrypt
ψ
(or from Q Encrypt
ψ,h in case of stateful revocation). More
specifically, when the tracer has submitted a history of h = hq 1 ,...,q i−1 i
queries, in the i-th round it must choose a query that is statistically in-
distinguishable from a member of Q Encrypt
ψ
(from a member of Q Encrypt
h,ψ
in case of stateful revocation).
3. Revocation with resetting. The adversary A is not allowed to maintain
state from one round to the next, i.e., in each round the tracer can “reset”
the adversary. As in the case of tracing the decoder can be in software and
thus it can be tested independently across rounds till the tracer produces
the revocation instruction that is better with respect to the partial order.
When the adversary maintains state across rounds we can also say that
we are performing revocation against history-recording decoders.
The following observations are in place for the above definition. Concep-
tually, the revocation game becomes an extension of the revocation algorithm
starting with the encoding ψ as the initial point: the tracer through interact-
ing with the adversary produces a new encoding ψ 0 that is then used as the
advice to the algorithm of encryption to produce a ciphertext that all honest
users can decode correctly, while on the other hand, ψ 0 is intended to reveal
some more information on the identities of the traitors compared to the orig-
inal encoding ψ (this gradual improvement is relying on the properties of the
ordering ).
The perspective here is to view the revocation game as a step towards the
goal of disabling of the decryption algorithm represented by the adversary. The
idea is to repeatitively play the revocation game. The tracer should be able to
win the game for each encoding that is the result of the previous game. At some
point, it will happen that the tracer-adversary pair would be no σ-admissible
any more; the resulting revocation game for which σ admissibility fails points
Search WWH ::




Custom Search