Download - Accusation probabilities in Tardos codes
Accusation probabilities in Tardos codes
Antonino Simone and Boris Škorić
Eindhoven University of Technology
CWG, Dec 2010
Outline Introduction to forensic watermarking
◦ Collusion attacks◦ Aim◦ Attack models
Tardos scheme◦ Code length history◦ q-ary version◦ Properties
New parameterizationMajority voting effectPerformance of the Tardos scheme
◦ False accusation probabilityResults & Summary
Forensic Watermarking
Embedder Detector
originalcontent
payload
content withhidden payload
WM secrets
WM secrets
payload
originalcontent
Payload = some secret code indentifying the recipient
ATTACK
Collusion attacks"Coalition of pirates"
1pirate #1
AttackedContent
1
1
0
0
0
0
1
1
1
10
0
0
0
0
1
1
1
1
1
0
0
1
1
1
1
1
0
0
0
1
0
1
0
0
0
0
0
0
1
1
1
1
0
1
1
0
1 0/1 1 0 0/1 0 1 0/1 0/1 0 0/1 1
#2
#3
#4
= "detectable positions"
AimTrace at least one pirate from detected watermark
BUTResist large coalition
longer codeLow probability of innocent accusation (FP) (critical!)
longer codeLow probability of missing all pirates (FN) (not critical) longer codeANDLimited bandwidth available for watermarking code
Attack modelsOnce pirates detect watermark positions, what can they do?1. Restricted digit model
◦ Choice from available symbols only
2. Unreadable digit model◦ Erasure allowed
3. Arbitrary digit model◦ Arbitrary symbol (but not
erasure)4. General digit model
A A B DB A B BA A C AAB
A BC
ABD
Alphabet={A,B,C,D}
A A B DB A B BA A C A?AB
A ?BC
?ABD
A A B DB A B BA A C AABCD
A ABCD
ABCD
A A B DB A B BA A C A?ABCD
A ?ABCD
?ABCD
•More realistic scenario•Simpler to analyze
equivalentforbinarysymbols
Code length historyConstruction
Boneh and Shaw 1998:
Boneh and Shaw 1998:
Tardos 2003:
Tardos 2003:
Chor et al 2000:Staddon et al 2001:
Huang + Moulin; Amiri + Tardos 2009:
m2ln2c02 ln[1/1], q2
Lower bound
c0 = #piratesn = #usersm = code length in symbolsq = alphabet size1 = Prob[accuse specific innocent] = Prob[not all accused are guilty]2 = False Negative prob.
n users
embeddedsymbols
m content segments
Symbols allowed
Symbol biases
drawn from distribution
F
watermarkafter attack
A B C BA C B AB B A CB A B AA B A CC A A AA B A B
biases
AC
AB
A ABC
p1Ap1Bp1C
p2Ap2Bp2C
piApiBpiC
pm
Apm
Bpm
C
c pirates
q-ary Tardos scheme (2008)
• Arbitrary alphabet size q
• Dirichlet distribution F
• Symbol-symmetric=y
A B C BA C B AB B A CB A B AA B A CC A A AA B A B
Tardos scheme continuedAccusation:• Every user gets a score
• User is accused if score > threshold
• Sum of scores per content segment
• Given that pirates have y in segment i:
• Symbol-symmetric
g0(p)
g1(p)
p
p
Properties of the Tardos schemeAsymptotically optimalRandom code bookNo framing
◦No risk to accuse innocent users if coalition is larger than anticipated
F, g0 and g1 chosen ‘ad hoc’ (can still be improved)
Accusation probabilitiesm = code lengthc = #piratesμ̃ = expected coalition
score per segment
Pirates want to minimize μ̃ and make longer the innocent tail
Curve shapes depend on: F, g0, g1 (fixed ‘a
priori’) Code length # pirates Pirate strategy
Central Limit Theorem asymptotically Gaussian shape (how fast?)2003 2010: innocent accusation curve shape unknown… till now!
threshold
total score (scaled)
innocent guilty
New parameterization
Necessary a new parameterization!
Kb=quantity depends on pirate strategy
Kb can be pre-computed
Which strategy minimizes μ̃?
])1[()2/1]1[(
)()2/1()(
)1(21)(]Pr[~
1
qbcqbc
bbcbW
qcbbWKbq
c
bb
Symbol-symmetric we take care only the symbol occurrences = pirate occurrences vector α = # α in segmentc pirates α α = c
W(b)
b
Some attack definitionsMajority voting
◦yi = symbol that occurs most in segment iA A B D
B A B BA A C AAB
A BC
ABD
A A B P[A]=1/3
P[B]=1/3P[D]=
1/3
A A B DB A B BA A C AAB
A BC
ABD
P[A]=2/3
P[B]=1/3
A P[B]=2/3
P[C]=1/3
P[A]=1/3
P[B]=1/3
P[D]=1/3
Interleaving attack◦Prob[yi=α] = α /c
Example:
Majority voting
2/c
Theorem: Majority voting strategy minimizes μ̃Proof (intuitive):Case 1: • only 2 symbols detected
c=19
Best choice
W(b)
b
Majority voting
2/c
Theorem: Majority voting strategy minimizes μ̃Proof (intuitive):Case 2: • more than two symbols detected• one symbol occurs more than c/2 times
c=19
Best choice
W(b)
b
Majority voting
2/c
Theorem: Majority voting strategy minimizes μ̃Proof (intuitive):Case 3: • more than two symbols detected • all symbols occur less than c/2 times
c=19
Best choice
W(b)
b
Innocent curve behaviourMotivations:
◦Most critical part in the Tardos scheme (FP ≈ 10-10)
◦Still unknown◦Unknown innocent curve unknown
real code length◦Is Gaussian approximation good?
ApproachFourier transform property:
Steps:1. S = i Si
Si = pdf of total score SS = InverseFourier[ ]
2.
3. Compute • Depends on strategy• New parameterization for attack strategy
4. Compute5.
• Taylor • Taylor• Taylor
Trouble doing numerics (integral does not converge)
Main result: false accusation probability curveExample: interleaving attack
threshold/√m
exact FP
log10FP Result from Gaussian
Main result: false accusation probability curveExample: interleaving attack
Better than Gaussian!
Conclusion:Gaussian approximation
is worse for larger q
Main result: false accusation probability curveExample: majority voting attack threshold/
√m
exact FP
Result from GaussianFP is 70 times less than Gaussian approx in
this example
But
Code 2-5% shorter than predicted by Gaussian approx
log10FP
SummaryResults: introduced a new parameterization of the attack
strategy majority voting minimizes μ̃ first to compute the innocent score pdf
◦ quantified how close FP probability is to Gaussian◦ sometimes better then Gaussian!◦ safe to use Gaussian approx◦ larger q Gaussian approximation less goodFuture work:
study more general attacks different parameter choices
Thank you for your attention!