### Abstract

Collusion-secure fingerprinting codes are an important primitive used by many digital watermarking schemes [1, 10, 9]. Boneh and Shaw [3] define a model for these types of codes and present an explicit construction. Their code has length O(c^{3} log(1/cε)) and attains security against coalitions of size c with ε error. Boneh and Shaw also present a lower bound of Ω(c log(1/cε)) on the length of any collusion-secure code. We give new lower bounds on the length of collusion-secure codes by analyzing a weighted coin-flipping strategy for the coalition. As an illustration of our methods, we give a simple proof that the Boneh-Shaw construction cannot be asymptotically improved. Next, we prove a general lower bound: no secure code can have length o(c^{2} log(1/cε)), which improves the previous known bound by a factor of c. In particular, we show that any secure code will have length Ω(c^{2} log(1/cε)) as long as log(1/ε) ≥ Kk log c, where K is a constant and k is the number of columns in the code (in some sense, a measure of the code's complexity). Finally, we describe a general paradigm for constructing fingerprinting codes which encompasses the construction of [3], and show that no secure code that follows this paradigm can have length o(c^{3}/log c log(1/cε)) (again, by showing a lower bound for large values of ln(1/ε)). This suggests that any attempts at improvement should be directed toward techniques that lie outside our algorithm.

Original language | English (US) |
---|---|

Pages | 472-479 |

Number of pages | 8 |

State | Published - Jan 1 2003 |

Event | Configuralble Computing: Technology and Applications - Boston, MA, United States Duration: Nov 2 1998 → Nov 3 1998 |

### Other

Other | Configuralble Computing: Technology and Applications |
---|---|

Country | United States |

City | Boston, MA |

Period | 11/2/98 → 11/3/98 |

### Fingerprint

### All Science Journal Classification (ASJC) codes

- Software
- Mathematics(all)

### Cite this

*Lower bounds for collusion-secure fingerprinting*. 472-479. Paper presented at Configuralble Computing: Technology and Applications, Boston, MA, United States.

}

**Lower bounds for collusion-secure fingerprinting.** / Peikert, Chris; Shelat, Abhi; Smith, Adam.

Research output: Contribution to conference › Paper

TY - CONF

T1 - Lower bounds for collusion-secure fingerprinting

AU - Peikert, Chris

AU - Shelat, Abhi

AU - Smith, Adam

PY - 2003/1/1

Y1 - 2003/1/1

N2 - Collusion-secure fingerprinting codes are an important primitive used by many digital watermarking schemes [1, 10, 9]. Boneh and Shaw [3] define a model for these types of codes and present an explicit construction. Their code has length O(c3 log(1/cε)) and attains security against coalitions of size c with ε error. Boneh and Shaw also present a lower bound of Ω(c log(1/cε)) on the length of any collusion-secure code. We give new lower bounds on the length of collusion-secure codes by analyzing a weighted coin-flipping strategy for the coalition. As an illustration of our methods, we give a simple proof that the Boneh-Shaw construction cannot be asymptotically improved. Next, we prove a general lower bound: no secure code can have length o(c2 log(1/cε)), which improves the previous known bound by a factor of c. In particular, we show that any secure code will have length Ω(c2 log(1/cε)) as long as log(1/ε) ≥ Kk log c, where K is a constant and k is the number of columns in the code (in some sense, a measure of the code's complexity). Finally, we describe a general paradigm for constructing fingerprinting codes which encompasses the construction of [3], and show that no secure code that follows this paradigm can have length o(c3/log c log(1/cε)) (again, by showing a lower bound for large values of ln(1/ε)). This suggests that any attempts at improvement should be directed toward techniques that lie outside our algorithm.

AB - Collusion-secure fingerprinting codes are an important primitive used by many digital watermarking schemes [1, 10, 9]. Boneh and Shaw [3] define a model for these types of codes and present an explicit construction. Their code has length O(c3 log(1/cε)) and attains security against coalitions of size c with ε error. Boneh and Shaw also present a lower bound of Ω(c log(1/cε)) on the length of any collusion-secure code. We give new lower bounds on the length of collusion-secure codes by analyzing a weighted coin-flipping strategy for the coalition. As an illustration of our methods, we give a simple proof that the Boneh-Shaw construction cannot be asymptotically improved. Next, we prove a general lower bound: no secure code can have length o(c2 log(1/cε)), which improves the previous known bound by a factor of c. In particular, we show that any secure code will have length Ω(c2 log(1/cε)) as long as log(1/ε) ≥ Kk log c, where K is a constant and k is the number of columns in the code (in some sense, a measure of the code's complexity). Finally, we describe a general paradigm for constructing fingerprinting codes which encompasses the construction of [3], and show that no secure code that follows this paradigm can have length o(c3/log c log(1/cε)) (again, by showing a lower bound for large values of ln(1/ε)). This suggests that any attempts at improvement should be directed toward techniques that lie outside our algorithm.

UR - http://www.scopus.com/inward/record.url?scp=0038077509&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=0038077509&partnerID=8YFLogxK

M3 - Paper

AN - SCOPUS:0038077509

SP - 472

EP - 479

ER -