Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Composability in Watermarking Schemes

Jiahui Liu, Mark Zhandry

TL;DR

An affirmative answer to the question whether one can compose watermarking schemes for the building blocks to obtain watermarking schemes for the larger protocols is given by precisely formulating a set of requirements that allow for composing watermarking schemes.

Abstract

Software watermarking allows for embedding a mark into a piece of code, such that any attempt to remove the mark will render the code useless. Provably secure watermarking schemes currently seems limited to programs computing various cryptographic operations, such as evaluating pseudorandom functions (PRFs), signing messages, or decrypting ciphertexts (the latter often going by the name ``traitor tracing''). Moreover, each of these watermarking schemes has an ad-hoc construction of its own. We observe, however, that many cryptographic objects are used as building blocks in larger protocols. We ask: just as we can compose building blocks to obtain larger protocols, can we compose watermarking schemes for the building blocks to obtain watermarking schemes for the larger protocols? We give an affirmative answer to this question, by precisely formulating a set of requirements that allow for composing watermarking schemes. We use our formulation to derive a number of applications.

Composability in Watermarking Schemes

TL;DR

An affirmative answer to the question whether one can compose watermarking schemes for the building blocks to obtain watermarking schemes for the larger protocols is given by precisely formulating a set of requirements that allow for composing watermarking schemes.

Abstract

Software watermarking allows for embedding a mark into a piece of code, such that any attempt to remove the mark will render the code useless. Provably secure watermarking schemes currently seems limited to programs computing various cryptographic operations, such as evaluating pseudorandom functions (PRFs), signing messages, or decrypting ciphertexts (the latter often going by the name ``traitor tracing''). Moreover, each of these watermarking schemes has an ad-hoc construction of its own. We observe, however, that many cryptographic objects are used as building blocks in larger protocols. We ask: just as we can compose building blocks to obtain larger protocols, can we compose watermarking schemes for the building blocks to obtain watermarking schemes for the larger protocols? We give an affirmative answer to this question, by precisely formulating a set of requirements that allow for composing watermarking schemes. We use our formulation to derive a number of applications.

Paper Structure

This paper contains 146 sections, 19 theorems, 56 equations.

Table of Contents

  1. Introduction
  2. Motivation
  3. What does it mean to watermark a PRF?
  4. Composition of Watermarking Schemes.
  5. Not all compositions support watermarking.
  6. Overview of Our Results
  7. Defining Watermarking Security.
  8. Composition Theorem.
  9. Applications.
  10. Other Related Work
  11. Technical Overview
  12. Watermarking
  13. Watermarking-Compatible Reduction
  14. Example: CCA2-Secure Secret-Key Encryption
  15. Definition and Composition Framework of Watermarking
  16. ...and 131 more sections

Key Result

Theorem 1.1

If the construction of a target primitive $P$ from input primitives $P_1,\cdots,P_k$ satisfies some given conditions and the watermarking schemes for $P_1,\cdots,P_k$ satisfy the above watermarking security definition, then we can compose the construction to watermarking schemes for $P_1,\cdots,P_k$

Theorems & Definitions (78)

  • Theorem 1.1: Main Theorem (Informal)
  • Definition 3.1: Predicate
  • Definition 3.2: Correctness for Predicate $F_R$
  • Remark 3.3
  • Definition 3.4: 2-Stage Game-based Security
  • Remark 3.5
  • Remark 3.6: Division into a 2-stage Game
  • Remark 3.7
  • Definition 3.8: Stage-2 Game View
  • Remark 3.9
  • ...and 68 more