Combinatorial properties of frameproof and traceability codes

Combinatorial properties of frameproof and traceability codes J. N. Staddon, D. R. Stinson, R. Wei September 8,2000 B88506010 楊一軒 B88506015 李國禎 B88506025 謝名凱 R91922039 官順暉

Outline • 1. Introduction • Back ground • Definitions • Fundamental results • 2. Hash Families and Traceability Codes • 3. Necessary Conditions: Cover Free Families • 4. Sufficient Conditions: Cover Free Codes

Introduction • Target: tracing of illegally “pirated” data. • Scenario: 1. broadcast messages 2. variants of pay-per-view movies

Basic terms • N-key (length) • q possible values (alphabet size) • Codeword: N-tuple(x1, x2, …, xN) • where 1xi q for 1iN • Pirate decoder: created by a coalition for each 1iN, the ith key is selected from one of the decoder boxes held by the coalition.

An example for pirate decoder • N=5, q=10, • Codewords: • A: 84092 • B: 30293 • C:29304 • D: 99492 • E: 93849 A pirate code created by a coalition {C, D, E} -- 29892 C, D, E are called traitors

Definitions • A codeword set C of length N on an alphabet Q with |Q| = q • C  QN is called an (N, n, q)-codeif|C|=n, (N, n, q)-code • The elements of C are called codewords, and each codeword has the form • X = (x1, x2, …, xN) where xiQ, 1iN

desc(C0) • For any subset C0 C, define the set of descendants of C0, denoted desc(C0) • desc(C0) = {xQN : xi {ai:a C0}, 1iN} • 白話：The set desc(C0) consists of the N-tuple that could be produced by a coalition holding the codewords in the set C0 • C0 = {123,156} • desc(C0) = {123, 126, 153, 156} • Observation: C0  desc(C0)

descw(C) • w: a positive integer • For a code C, define w-descendant code of C denoted as descw(C): • descw(C) =  desc(C0) • 白話：The set descw(C) consists of the N-tuple that could be produced by some coalition of size at most w. C0C,|C0|w

descw(C) Descw(C) C Desc(C0) C0  C’0 Desc(C’0)

code withdN(11/w2) (w, 11/w)-CF w-TA (w2)2/4-PHF w-IPP (w1)-PHF (w, w)-SHF w-SFP w-FP (w1)-SHF w-CFF

w-FP, w-SFP, w-IPP, w-TA • C is an (N,n,q)-code w2 is an integer. • Ci  C, i=1, 2, …, t be all the subsets of C s.t. |Ci|  w • t = j=1 to w (nj)

w-FP • FP stands for frameproof • For all xdescw(C) xdesc(Ci) C implies xCi C x desc(Ci) Ci If x is in C, then it is definitely in Ci

w-FP • Observation: desc(Ci)  C = Ci • No coalition can frame another user not in the coalition. (不會有無辜的受害者被恰好組合而成)

w-SFP • SFP stands for secure-frameproof • For all xdescw(C), i  j • x  desc(Ci)  desc(Cj) implies Ci  Cj   Descw(C) C Desc(Ci) Ci Cj Desc(Cj) x Non-empty

w-SFP • No coalition of size at most w can frame a disjoint coalition of size at most w by producing an N-tuple that could have been produced by the second coalition. • 查到一個pirate codeword時，不會同時有兩組disjoint 的 candidate coalition 均可產生此pirate code

w-IPP • IPP stands for identifiable parent property • For all xdescw(C), it holds that  Ci {i:xdesc(Ci)} desc(c) C x Non-empty

w-IPP • Observation: Ci =   desc(Ci) =  • No coalition can produce an N-tuple that cannot be traced back to at least one member of the coalition. • 至少可以找得到一個絕對有嫌疑的code (identifiable parent)

I(x,y) • For x,yQN, define I(x,y) = {i: xi=yi} • x=abcd y=abad, then • I(x,y)={1, 2, 4} • |I(x,y)|=3

w-TA • TA stands for traceability • i, xdesc(Ci), zC\Ci  a codeword y Ci s.t. |I(x,y)| > |I(x,z)| C desc(Ci) x yCi  z

w-TA • w-TA property is that it allows an efficient (e.e., linear-time algorithm to determine an identifiable parent. • 只要search一遍，距離pirate code最近的那個必定是coalition的其中之一

(5, 16, 4) 2-TA code • c1 = 1 1 1 1 1 • c2 = 1 2 2 2 2 • c3 = 1 3 3 3 3 • c4 = 1 4 4 4 4 • c5 = 2 1 2 3 4 • c6 = 2 2 1 4 3 • c7 = 2 3 4 1 2 • c8 = 2 4 3 2 1 • c9 = 3 1 4 2 3 • c10 = 3 2 3 1 4 • c11 = 3 3 2 4 1 • c12 = 3 4 1 3 2 • c13 = 4 1 3 4 2 • c14 = 4 2 4 3 1 • c15 = 4 3 1 2 4 • c16 = 4 4 2 1 3

w-TA implies w-IPP (1) • Suppose C is a w-TA code, xdescw(C) C desc(Ci) yCi x Because of the property of w-TA, there is a codeword y s.t. |I(x,y)| > |I(x,z)| for any zC\Ci

w-TA implies w-IPP (2) • If C is not w-IPP desc(Ci) C yCi desc(Cj) x wCj Because of the property of w-TA, there is a codeword w s.t. |I(x,w)| > |I(x,z)| for any zC\Ci

w-TA implies w-IPP (3) •  a contradiction •  Ci can’t be disjoint, so C is w-IPP Xdesc(Ci)

w-IPP implies w-SFP • By the w-IPP definition,  xdescw(C)  Ci  x  desc(Ci)  desc(Cj) implies Ci  Cj   w-SFP是指任兩個，而w-IPP則限定所有交集皆非空集合 {i:xdesc(Ci)}

w-SFP implies w-FP(1) • Strategy: a code C is not a w-FP then it is not a w-SFP desc(C0) C C0 x x C is not w-FP

w-SFP implies w-FP(2) desc(C0) C C0 x x xdesc({x}) xdesc({x}) and x desc(C0) But C0  {x} =   C is not w-SFP

Example • 4-IPP (3,4,4)-code but not 2-TA code • C = {011, 123, 211, 332} • All the first place are distinct so C is 4-IPP • Not 2-TA • x=111, x desc({123,011}) • |I(x,123)| =1, |I(x,011)| =2 • |I(x,211)|=2

Lemma • We cannot expect to identify all the traitors, except for certain “trivial” codes. • Suppose C is any (N,n,q)-code with n>q. then there exist three codewords y, z, z’ and x QN s.t. x desc({y,z}) desc({y,z’}) desc({z,y}) z y x desc({y,z’}) Z’

proof • n>q, so by鴿籠原理 we can find y, z, z’ such that z1 = z’1 y1 • Define x : • x1 = z1 (= z’1) • xi = yi for 2 iN • x  desc({y,z}) desc({y,z’}) z’          y Φτ∕♂η± ㄅ % ㄓ x τ∕♂η±ㄅㄓ z        

Trivial codes • There is a trivial (N,q,q) code which is “totally traceable” • (1,1,1,1,1,…,1), (2,2,2,2,2,…,2), (3,3,3,3,3,…,3) … • So there should be a bound with n > q

w-IPP condition check(1) • Suppose C is any (N,n,q) code, and n-1 wq. Then C is not a w-IPP code. • Proof: • Let A={z1, z2,…, zw+1 : ziC,1 iw+1} • Ci = A\{zi}  1 iw+1Ci= Cw+1 C1 C2 ．．． cw w codewords

w-IPP condition check(2) • z1, z2,…, zw+1C. • For 1 iN, let yi be chosen such that |{j:zij=yi}| 2 any i-th position a 1 b w+1 codewords w+1>q c By Pigeon hole theorem, for any index i, there exist two codewords such that their i-th bits are the same. d f e c c represents yi here.

w-IPP condition check(3) • Observation: The codeword (y1,y2,…,yN) is contained in desc({z1, z2,…, zw+1} \{zj}) for any j, 1 jw+1, • 1 iw+1, (y1,y2,…,yN)desc(Ci)and Ci=  C is not w-IPP. any i-th position a Cw+1 b w+1 codewords w+1>q C1 c w C2 d ．．． f e cw c w codewords c represents yi here.

Hash Families and Traceability Codes

Hash Families There are 3 kinds of definition here: • HF (Hash Family) • PHF (Perfect Hash Family) • SHF (Separating Hash Family)

n n N Hash Family (HF) • Definition: • (n, m)-hash function is a function h :A→B, where |A| = n, |B| = m, and n  m • (N; n, m)-hash family is a finite set H of (n, m)-hash functions s.t. h :A→B for each h H, where |H| = N b1 b1 B, and b1 has m possible values b11 b11 B, and b11 has m possible values

n N Perfect Hash Family (PHF) • Definition: (N; n, m, w)-perfect hash family, where n  m  w  2 • is an (N; n, m)-hash family, H, where |H| = N • for any X A with |X|= w, there exist at least one h  H, s.t. h|X is injective(1-1) 白話: 取w個index,至少能找到一個hash function,可以對應到w個相異的code w= 5 a b c d e

n N Separating Hash Family (SHF) • Definition: (N; n, m, w1, w2)-separating hash family, where n  m • is an (N; n, m)-hash family, H • for any X1, X2 A,X1 X2 = ,with |X1| = w1, |X2| = w2 • there exist at least one h  H, s.t. {h(x) : x  X1}  {h(x) : x  X2} =  白話: 任取兩組互斥的index必產生兩組相異的code w1= 4, w2 = 3 a a b c d e e

N Code vs. Hash Family • For a (N; n, q)-code C • Suppose C= {x1, x2, …, xn}, wherexi=a1a2…aN, 1  i  n • we could define the hash family H (C ) like this: ← x1 hj(i) = xji i n ← xi hj() xji xji ← xn j

w-FP  (w,1)-SHF • Theorem: • A (N,n,q)-code, C, is a w-FP code if and only if H(C) is an SHF(N;n,q,w,1). • ”” C C i-th bit X1 X1 desc(X1) desc(X2)= i.e.i s.t.  X2 X2 The i-th bits are all different. So there exists a hash function evaluated by i-th bit.

w-FP  (w,1)-SHF • Theorem: • A (N,n,q)-code, C, is a w-FP code if and only if H(C) is an SHF(N;n,q,w,1). • ”” desc(X1) i-th bit X1 X2 desc(X2) desc(X1)desc(X2)=

w-SFP  (w, w)-SHF • Theorem: • A (N;n,q)-code, C, is a w-SFP code if and only if H(C) is an SHF(N;n,q,w,w). n2w • “” C C i-th bit X1 X1 desc(X1) desc(X2)= i.e.i s.t.  X2 X2 The i-th bits are all different. So there exists a hash function evaluated by i-th bit.

w-SFP  (w, w)-SHF • Theorem: • A (N;n,q)-code, C, is a w-SFP code if and only if H(C) is an SHF(N;n,q,w,w). n2w • “” desc(X1) i-th bit X1 desc(X2) X2 X2 desc(X1)desc(X2)=

Combinatorial properties of frameproof and traceability codes

Combinatorial properties of frameproof and traceability codes

Presentation Transcript

Product Information and Traceability

Traceability

Traceability

Combinatorial Designs and Related Discrete Combinatorial Structures

On Boltzmann samplers and properties of combinatorial structures

Traceability

COMBINATORIAL CHEMISTRY AND DYNAMIC COMBINATORIAL CHEMISTRY

Combinatorial Designs and related Discrete Combinatorial Structures

Combinatorial Designs and Related Discrete Combinatorial Structures

Traceability

Optimal Three-Dimensional Optical Orthogonal Codes and Related Combinatorial Designs

Traceability and risk assessment of FCM

Traceability and Legal Metrology

Statistical properties of Tardos codes

15.1 General Properties of Prime-Length Composite Codes

Traceability

Recall and Traceability

Certification and Traceability of organic products

Identification of Traitors in Algebraic-Geometric Traceability Codes