MIX-SPLIT: CONTROLLED MIXING OF SECRETS AND TRACEABLE PSEUDONYM GENERATION USING CODEBOOKS Kannan Karthik * Indian Institute of Technology Guwahati Dept. of Electronics and Electrical Engg. Guwahati, Assam, India 781039 Dimitrios Hatzinakos University of Toronto Dept. of Electrical and Computer Engg. Toronto, ON, Canada M5S3G4 ABSTRACT A non-perfect secret sharing scheme called MIX-SPLIT is a substitution cipher created by mixing two statistically simi- lar binary sequences (secrets) through a codebook. At the heart of the algorithm are the hidden partitions which de- fine the identity of the shares generated. By imposing certain constraints on the codebook these partitions can be made in- visible, opening up the possibility of constructing traceable pseudonyms which are inherently frameproof. These codes by virtue of their parental dependency (inheritance) can be applied towards both content authentication as well as track- ing. Index Terms— MIX-SPLIT, non-perfect, frameproof code, secret sharing 1. INTRODUCTION In non-perfect secret sharing schemes the notion of an access structure is loosely defined. In such schemes subsets of shares derived from a particular parent secret have a tendency to leak out some information regarding the secret. So far non-perfect secret sharing schemes have been mostly of academic inter- est focussing primarily on the development of a generalized framework for representing such schemes. Ramp schemes were first proposed by Blakley and Meadows [1] in which three different types of sets were identified within the access structure: access sets which reveal full information about the secret, partial access sets which leak out some finite informa- tion about the secret and non-access sets which do not reveal anything about the secret. Since then, there has been a suf- ficient body of literature [2][3][4] directed towards the struc- ture of non-perfect schemes but very little towards finding a set of feasible applications. In our earlier work originating from [5], we were intent on positioning an interesting substitution cipher called MIX- SPLIT. The cipher created mixed shares of two different but statistically similar parent secrets by controlling the mixing through a codebook. Since the shares inherit the properties * Corresponding author. of the codebook, it was observed in [6] and [7] that one can construct anti-collusion codes, authentication codes and joint access schemes, opening up the possibility for a unified ap- proach towards designing traitor tracing and non-perfect se- cret sharing schemes. Conditional entropy can used to quan- tify the extent of information leakage but, since, it is a scalar quantity it does not tell us what portion of the secret is re- vealed by the coalition of shares. For this a geometric view was constructed in [8] which allowed us to assign a direction to this leakage. This view is important since if each coalition reveals a unique portion of the secret it can be used to either construct a group authentication code or generate keys for se- lective access. In this paper we open up the MIX-SPLIT al- gorithm and study its application towards the construction of frameproof codes. The concept of a c-frameproof code orig- inated in the classic paper by Boneh and Shah [9]. Here we propose an alternative but simplistic construction using MIX- SPLIT where every share generated represents a fingerprint which serves as a traceable pseudonym. Two parent secrets which are mixed to form the shares, are broken down into v hidden subsequences (also known as partitions). The iden- tity of a share is buried in these partitions through a carefully concealed inheritance directed by a secret codebook. Without an unlocking sequence the partitions remain invisible and can thus be used to form a frameproof code. These codes later on will be shown to have a parental connection, allowing them to be used for content authentication also. Note that in sharp contrast, a perfect secret sharing scheme is all white: i.e. the individual shares appear as white noise both with respect to the secret and also in relation to one another. None of the illegitimate coalitions can be affiliated to the parent secret. Hence there is no scope for pursuing traitor tracing within that framework. In Section II, the basics of the MIX-SPLIT algorithm, some definitions and properties are presented. The notion called a hidden partition and conditions governing the visi- bility of these partitions is discussed as a simple collection of three rules in Section III. These rules are extended towards the construction of a short frameproof code in Section IV. Finally in Section V we close this paper with a collage of