Paper 2006/064

Perturbing and Protecting a Traceable Block Cipher

Julien Bringer, Hervé Chabanne, and Emmanuelle Dottax


At the Asiacrypt 2003 conference Billet and Gilbert introduce a block cipher, which, to quote them, has the following paradoxical traceability properties: it is computationally easy to derive many equivalent distinct descriptions of the same instance of the block cipher; but it is computationally difficult, given one or even up to $k$ of them, to recover the so-called meta-key from which they were derived, or to find any additional equivalent description, or more generally to forge any new untraceable description of the same instance of the block cipher. Their construction relies on the Isomorphism of Polynomials (IP) problem. We here show how to strengthen this construction against algebraic attacks by concealing the underlying IP problems. Our modification is such that our description of the block cipher now does not give the expected results all the time and parallel executions are used to obtain the correct value.

Available format(s)
Public-key cryptography
Publication info
Published elsewhere. Unknown where it was published
Traitor tracingIsomorphism of Polynomials (IP) problemperturbation.
Contact author(s)
julien bringer @ sagem com
2006-02-23: received
Short URL
Creative Commons Attribution


      author = {Julien Bringer and Hervé Chabanne and Emmanuelle Dottax},
      title = {Perturbing and Protecting a Traceable Block Cipher},
      howpublished = {Cryptology ePrint Archive, Paper 2006/064},
      year = {2006},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.