We construct binary dynamic traitor tracing schemes, where the number of watermark bits needed to trace and disconnect any coalition of pirates is quadratic in the number of pirates, and logarithmic in the total number of users and the error probability. Our results improve upon results of Tassa, and our schemes have several other advantages, such as being able to generate all codewords in advance, a simple accusation method, and flexibility when the feedback from the pirate network is delayed.
To protect digital content from unauthorized redistribution, distributors embed watermarks in the content such that, if a customer distributes his copy of the content, the distributor can see this copy, extract the watermark and see which user it belongs to. By embedding a unique watermark for each different user, the distributor can always determine from the detected watermark which of the customers is guilty. However, several users could cooperate to form a coalition, and compare their differently watermarked copies to look for the watermark. Assuming that the original data is the same for all users, the differences they detect are differences in their watermarks. The colluders can then distort this watermark, and distribute a copy which matches all their copies on the positions where they detected no differences, and has some possibly non-deterministic output on the detected watermark positions. Since the watermark does not match any user's watermark exactly, finding the guilty users is non-trivial.
In this paper we focus on the problem of constructing efficient collusion-resistant schemes for tracing pirates, which involves finding a way to choose watermark symbols for each user (the traitor tracing code) and a way to trace a detected copy back to the guilty users (an accusation algorithm). In particular, we will focus on the application of such schemes in the dynamic setting, where the pirate output is detected in real-time, before the next watermark symbols are embedded in consecutive segments of the content. We will show that by building upon the (static) Tardos scheme [10], we can construct efficient and flexible dynamic traitor tracing schemes. The number of watermark symbols needed in our schemes is a significant improvement compared to the scheme of Tassa [11], and our schemes can
Let us first formally describe the mathematical model for the problem discussed in this paper. First, some entity called the distributor controls the database of watermarks and distributes the content. The recipients, each receiving a watermarked copy of the content, are referred to as users. We write U = {1, . . . , n} for the set of all users, and we commonly use the symbol j for indexing these users. For the watermarks, we refer to the sequence of watermarking symbols assigned to a user j by the vector X j , which is also called a codeword. We write ℓ for the total number of watermark symbols in a codeword, so that each codeword X j has length ℓ, and we commonly use the symbol i to index the watermark positions. We write X for the algorithm used to generate the codewords X j . In this paper we only focus on watermark symbols from a binary alphabet, so that ( X j ) i ∈ {0, 1} for all i, j. A common way to represent the traitor tracing code is by putting all codewords X j as rows in a matrix X, so that X j,i = ( X j ) i is the symbol on position i of user j.
After assigning a codeword to each user, the codewords are embedded in the data as watermarks. The watermarked copies are sent to the users, and some of the users (called the pirates or colluders) collude to create a pirate copy. The pirates form a subset C ⊆ U, and we use c = |C| for the number of pirates in the coalition. The pirate copy has some distorted watermark, denoted by y. We assume that if on some position i all pirates see the same symbol, they output this symbol. This assumption is known in the literature as the marking assumption. On other positions we assume pirates simply choose one of the two symbols to output. This choice of pirate symbols can be formalized by denoting a pirate strategy by a (probabilistic) function ρ, which maps a code matrix X (or the part of the matrix visible to them) to a forgery y. After the coalition generates a pirate copy, we assume the distributor detects it and uses some accusation algorithm σ to map the forgery y to some subset σ ( y) = Ĉ ⊆ U of accused users. These users are then disconnected from the system. Ideally Ĉ = C, but this may not always be achievable.
We distinguish between two types of schemes. In static schemes, the process ends after one run of the above algorithm with a fixed codelength ℓ, and the set Ĉ is the final set of accused users. So the complete codewords are generated and distributed, the pirates generate and distribute a pirate copy, and the distributor detects this output and calculates the set of accused users. In this case an elementary result is that one can never have any certainty of catching all pirates. After all, the coalition could decide to sacrifice one of its members, so that y = X j for some j ∈ C. Then it is impossible to distinguish between other pirates j ′ ∈ C \ { j} and innocent users j ′ ∈ U \C. However, static schemes do exist that achieve catching at least one guilty user and not accusing any innocent users with high probability. The original Tardos scheme [10] belongs to this class of schemes. Definition 1 (Soundness and completeness). Let (X , σ ) be a traitor traci
This content is AI-processed based on open access ArXiv data.
