Cryptography Reference
In-Depth Information
5
Pirate Evolution
In Chapter
4
we put forth the notion of winnable revocation games. Winning a
sequence of such games implies that the adversary can be eventually disabled
by the tracer. Nevertheless, the fact that the adversary can be disabled does
not necessarily imply that a certain leaking incident, i.e., an incident where
some key material of some users are exposed to the adversary, can be simul-
taneously contained. This is due to the fact that a leaking incident enables
possibly the creation of a sequence of adversaries that may have to be succes-
sively revoked (in a succession of many revocation games). This gives rise to
the notion of an evolving adversary which is the subject of this chapter.
Specifically, pirate evolution is an attack concept against a trace and revoke
scheme that exploits the properties of the combined functionality of tracing
and revocation in such a scheme. In a pirate evolution attack, a pirate obtains
a set of traitor keys through a “key-leaking” incident. Using this set of keys
the pirate produces an initial pirate decoder. When this pirate decoder is cap-
tured and revoked by the transmission system using the tracing mechanism,
the pirate “evolves” the first pirate decoder by issuing a second version that
succeeds in decrypting ciphertexts that the first version fails. The same step is
repeated again and the pirate continues to evolve a new version of the previ-
ous decoder whenever the current version of pirate decoder becomes disabled
from the system. Each version of the pirate decoder in this sense will be called
a “generation” of pirate decoders (since many copies of the same decoder can
be spread by the pirate).
It is worth noting that this is a different attack concept from the ones
that were discussed in Chapter
2
and
3
. The adversary here is not trying to
evade the revocation or the traceability component. Instead it tries to remain
active in the system for as long as possible in spite of the efforts of the system
administrators.
In this chapter, we study pirate evolution in the subset cover framework of
stateless receivers (cf. Section
2.2.2
). We first formalize the concept of pirate
evolution through the means of an attack game played between the evolv-
ing pirate and a challenger that verifies certain properties about the pirate
