Further analysis of pairing-based traitor tracing schemes for broadcast encryption

Pairing-based public key systems have recently received much attention because bilinear property contributes to the designs of many cryptographic schemes. In 2002, Mitsunari et al. proposed the first pairing-based traitor tracing scheme with constant-size ciphertexts and private keys. However, their scheme has been shown to be insecure for providing traitor tracing functionality. Recently, many researches still try to propose efficient pairing-based traitor tracing schemes in terms of ciphertext and private key sizes. In this paper, we present a security claim for the design of pairing-based traitor tracing schemes. For a pairing-based traitor tracing scheme with constant-size ciphertexts and private keys, if the decryption key is obtained by some pairing operations in pairing-based public key systems, the scheme will suffer from a linear attack and cannot provide the traitor tracing functionality. Finally, we apply our security claim to attack a pairing-based traitor tracing scheme proposed by Yang et al. to demonstrate our result. Our security claim can offer a notice and direction for designing pairing-based traitor tracing schemes. Copyright (c) 2012 John Wiley & Sons, Ltd.