智財碼和非覆集合族的關連探討

國

立

交

通

大

學

應用數學系

碩

士

論

文

智財碼和非覆集合族的關連探討

Codes and Cover-Free Families for Copyright Protection

研 究 生：汪政緯

智財碼和非覆集合族的關連探討

Codes and Cover-Free Families for Copyright Protection

研 究 生 : 汪政緯 Student : Cheng-Wei Wang

指導教授 : 翁志文 Advisor : Chih-Wen Weng

國 立 交 通 大 學

應 用 數 學 系

碩 士 論 文

A Thesis

Submitted to Department of Applied Mathematics

College of Science National Chiao Tung University

In partial Fulfillment of Requirement

For the Degree of Master In Applied Mathematics

June 2008

智財碼與非覆蓋集合族的關連探討

研究生 : 汪政緯 指導教授 : 翁志文

國立交通大學應用數學系

摘要

TA 碼，IPP 碼， SFP 碼和 FP 碼的應用在數位資料的保護上有著重

要的價值，目的在預防未授權產品的非法拷貝。在此論文中，我們造

了些上述碼，並研究碼的基本性質和探討碼與 cover-free family 的

關係。根據 cover-free family 的定義，我們構造了些新的關係矩陣，

並証明上述矩陣為 disjunct matrix。用布林代數的語言，即我們允

許某種程度上的容錯率。文末我們蒐集了前人關於 SFP 碼及 IPP 碼

簡單且重要的構造法。

Codes and Cover-free Families for Copyright Protection

Student : Cheng-Wei Wang Advisor : Chih-Wen Weng

Department of Applied Mathematics

National Chiao Tung University

Abstract

The applications of TA codes, IPP codes, SFP codes and FP codes play an

important role in the protection of digital data. The destination of these

codes is to prevent an unauthorized copy. Some new and old examples of

these codes are given. This thesis studies basic properties of the above

codes and the relationships between theses codes and cover-free families.

Therefore, we construct some new incidence matrices and prove these

matrices are disjunct matrices. According to our constructions, in the

language of pooling design, the construction allows some test errors. In

the end, we collect some simple and important constructions of SFP

codes and IPP codes.

誌謝

此論文的完成，要感謝許多人，尤其是翁志文老師，在老師

的指導下，使我獲益良多，明白做研究必須一步一腳印，小心仔細地

驗證。也感謝所上所有關心我的師長與同學。黃大原老師，傅恆霖老

師，陳秋媛老師和喻培學長...等，在課業上不斷地給予我指導。明

耀學長，元勳學長，雅榕，若宇，偉慈，鎬文，敏筠，威雄，佩純...

等，更豐富了我的研究所生活。 最後感謝家父，家母及舍妹，一直

在背後支持與鼓勵我，使我能順利完成學業，真的謝謝大家。

Contents

Abstract ( in Chinese) i

Abstract ( in English ) ii

Acknowledgements iii

Contents iv

1 Introduction 1

2 Codes for Copyright Protection 3

3 Cover-Free Families 14

4 Complexes 16

5 Allowing Test Errors 19

6 A Simple Construction of SFP codes 20

7 A Simple Construction of IPP codes

23

Reference 33

June 16, 2008

1

Introduction

To protect an electronic product, such as digital data, a distributor marks each copy with some codeword and then ships each user his data ”marked” with that codeword. This marking, a ”digital fingerprint”, permits the dis-tributor to detect any unauthorized copy and trace it back to the user that created it. This will prevent users from releasing an unauthorized copy. A coalition of users, yet, may detect some of the marks where their copies dif-fer. They can then change these marks arbitrarily. Boneh and Shaw (1995)[2] defined ”w-frame proof codes” as preventing users from ”framing” another user. A w-frame proof code possesses the property that no coalition of at most w can frame another registered user. In Stinson and Wei (1998)[15], combinatorial methods are used to further probe frame proof codes. Several constructions of w-frame proof codes are given in Boneh and Shaw (1995)[2], Chee (1996)[4] and Stinson and Wei (1998)[15].

In Chapter 2, we introduce five classes of codes w-TA codes, w-IPP codes, w-SFP codes, and w-FP codes from the most to the least restrictive. By above codes, we define the registered user, unregistered user, and guilty user in order to apply to copyright protection. We provide examples and counter examples for theses definition originally introduced by D.R. Stinson, Tran van Trung and R. Wei (2000)[13]. Define desc−1(x) consisting of all the coalitions of size at most w that could framed x and suppose x is an unregistered user in 2-SFP code C (x /∈ C). Since desc−1(x) consists of a collection of 2-subsets of C, we can view it as the set of edges of a graph on vertex set C. That is, we can give the link from a 2-SFP code to a star graph (i.e. there exists a vertex that is incident to every edges) and K3(the complete graph on three

vertices).

In Chapter 3, we first introduce the set system (P, B) and the (w; α)-cover-free family. Lemma 3.2 give relationships between a α)-cover-free family and a w-FP code. By above lemma, we generalize a w-FP code to a (w; α)-FP code in our new Definition 3.3. Finally, we analyse minimum distance d and α of a (w; α)-FP code and reprove Corollary 3.6.(Staddon, Stinson and Wei, 2001)[14].

In Chapter 4 and 5, in our language, we generalize a (w; α)-cover-free fam-ily to an (`, s; e)-cover-free famfam-ily in Definition 4.1. Our treatment simplifies the original definition of an (`, s)-sandwich-free family in [13]. Theorem 4.2 which connects a w-SFP code with a cover-free family is similiar to lemma

3.2. We research the properties relating to w-SFP codes. In Theorem 4.5, we construct some new incidence matrices and prove these matrices are dis-junct matrices. Recalling the definition of a (w; α)-FP code, we construct a (w; α)-CFF in Theorem 5.1 by means of the disjunct matrix. This tells us, in the language of pooling design, the construction allows some test errors.

In Chapter 6 and 7, we collect and introduce some simple constructions of SFP and IPP codes. In Chapter 7, let C1 and C2 be two different codes

with the same length. Bush (1952)[3] proved the existence of combination of C1 and C2 in Theorem 7.6. Further, Tran and Sosina (2004) [16] constructed

a similiar one, but more general with distinct length in Theorem 7.4. Based on above two theorems, Tran and Sosina (2005)[17] used concatenation tech-nique to construct a new w-IPP code with the same parameter q2 in Theorem

7.14.

2

Codes for copyright protection

Definition 2.1. Let Q denote a set of q elements. A subset C ⊆ Qn _{is called}

a code of length n over Q. The elements in C are called codewords. The number of codewords in C is called the size of C. C is called an (n, N, q)-code over Q if |C| = N and Q is the set of alphabets. An (n, N, 2)-code is called an (n, N )-code for short.

To reveal the application for codes to copyright protection, an element in Qn is also called a user, in C is a registered user, and in Qn− C is an

unregistered user, or an illegal copy.

Definition 2.2. Let C denote an (n, N, q)-code over Q. For X ⊆ C, the set of descendants of X is the subset

desc(X) := X1× X2× · · · × Xn

of Qn, where Xi := {ci | c ∈ X} is the set of alphabets used in the ith

coordinate of X.

An element in desc(X) is referred to as a user framed by the coalition X. For x ∈ desc(X), X is called the set of parents of x. The set X ⊆ C is intercepted as a family of registered users and x ∈ desc(X) − C is an illegal copy produced by X.

It is clear that C ⊆ desc(C).

We see an example before going to our new definition. Example 2.3. Set Q = {0, 1}, and

C = {(0, 0, 0), (1, 0, 0)(0, 1, 0)(0, 0, 1)} ⊆ Q3. Then C is an (3,4,2)-code. Observe desc(C) = Q3_.

Throughout the remaining of the section, C is an (n, N, q)-code over Q := {1, 2, . . . , q} and w ≤ N is a positive integer.

Definition 2.4. For x, y ∈ Qn, define the Hamming distance ∂(x, y) to be the number of different positions in x, y. That is

for x, y ∈ Qn_{. An (n, N, q; d)-code C is an (n, N, q)-code with}

d = min{∂(x, y) | x, y ∈ C, x 6= y}.

Now we are ready to introduce the first class of codes.

Definition 2.5. C is a w-traceability code (w-TA code) whenever for any X ⊆ C with |X| ≤ w and for any x ∈ desc(X),

∂(x, X) < ∂(x, C − X), (2.1) where ∂(x, X) := min{∂(x, y) | y ∈ X}.

Note that every code is 1-TA code. In a w-TA code, desc(X) ∩ C = X for any X ⊆ C with |X| ≤ w.

A code is w-TA if, for any n-tuple x framed by a set X of w parents, the nearest codeword to the x is taken from the set of parents. In particular, the register users with minimum Hamming distance to x are all in X. Hence we can trace some register users in X from an illegal copy x. Hence TA codes are designed to be used in schemes that protect copyrighted digital data against piracy.

Example 2.6. Set

C = {(1, 1, . . . , 1, i) | i ∈ Q} ⊆ Qn,

observe desc(X) = X for any X ⊆ C. Then C is a q-TA code.

Lemma 2.7. Suppose C is a w-TA code. Then for any X, Y ⊆ C with |X|, |Y | ≤ w and for any x ∈ desc(X) ∩ desc(Y ),

{y ∈ X | ∂(y, x) = ∂(X, x)} ⊆ Y. (2.2)

Proof. Assume that there exists y ∈ X with ∂(y, x) = ∂(X, x) and there exists Y ⊆ C with |Y | ≤ w, x ∈ desc(X) ∩ desc(Y ) and y 6∈ Y. Then

∂(x, y) < ∂(x, C − X) < ∂(x, Y − X) and ∂(x, y) = ∂(x, X) ≤ ∂(x, Y ∩ X). Hence ∂(x, y) ≤ ∂(x, Y ), a contradiction. Now we give the second class of codes.

Definition 2.8. C is a w-identifiable parent property code (w-IPP code) whenever for all x ∈ desc(C),

\

Y 6= ∅, (2.3)

where Y ∈ desc−1(x).

An registered user y ∈ ∩Y in (2.3) is called a guilty user for x. An w-IPP code is also called a code with traceability. If there is no Y ⊆ C with |Y | ≤ w and x ∈ desc(Y ) in the above definition then in convention we realize T Y as Qn_.

A code is w-IPP if for all x ∈ desc(C), then there exists a quilty user for x. Hence IPP codes are introduced to provide protection against illegal producing of copyrighted digital material.

Observe that if x ∈ C then the set in (2.3) is {x} since we can choose one of the Y to be {x}. By Lemma 2.7, we have

Corollary 2.9. A w-TA code is a w-IPP code. _ We see two examples.

Example 2.10. Set

C = {1212, 2121, 4343, 3434, 1144}. It is easy to see that C is a 2-IPP (4, 5, 4)-code. If we set

X = {1212, 2121} ⊆ C,

x = 1111 ∈ desc(X), then d(x, X) = 2 ≮ 2 = desc(x, C − X). Hence C is not a 2-TA code.

Example 2.11. Set

C := {(i, i, . . . , i) | i ∈ Q} ⊆ Qn.

Then C is an (n, q, q)-code. Observe desc(C) = Qn, and for any x = (x1, x2, . . . , xn) ∈ Qn,

\

Y = {(i, i, . . . , i) | i ∈ {x1, x2, . . . , xn}}

6= ∅.

where the intersection is taking for all Y ⊆ C and x ∈ desc(Y ). Hence C is a w-IPP code for any w.

Now we are ready to give the 3th and 4th class of codes.

Definition 2.12. C is a w-secure frame proof code (w-SFP code) whenever for any X, Y ⊆ C with |X|, |Y | ≤ w,

desc(X) ∩ desc(Y ) 6= ∅ =⇒ X ∩ Y 6= ∅.

Note that desc(X) ∩ desc(Y ) = φ iff Xi∩ Yi = φ for some i.

A code is w-SFP if no two disjoint coalitions of size at most w can frame a common user.

Definition 2.13. Suppose that C is a (n, N )-code and for any x ∈ {0, 1}n, define

desc−1(x) = {X ⊆ C | |X| ≤ w and x ∈ desc(X)}.

Evidently, desc−1(x) consists of all the coalitions of size at most w that could have framed x.

A w-SFP (n, N )-code does not permit traceability, but it does afford some security, as follows:

(i) It is impossible for a coalition C1 of size at most w to implicate a

disjoint coalition C2 of size at most w by constructing an unregistered

user x ∈ desc(C1).

(ii) If x is an unregistered user that has been constructed by a coalition of size at most w, then any X ∈ desc−1(x) contains at least one guilty user.

From (2.3) we have

Corollary 2.14. A w-IPP code is w-SFP code. _ Example 2.15. Set

C = {(1, 0, 1), (1, 1, 0), (0, 1, 1)}.

Then C is a 2-SFP code over {0, 1}. Note that C is not a 2-IPP code because for Y = {(1, 0, 1), (1, 1, 0)} , Z = {(1, 1, 0), (0, 1, 1)}, and W = {(1, 0, 1), (0, 1, 1)},

we have (1, 1, 1) ∈ desc(Y ) ∩ desc(Z) ∩ desc(W ) and Y ∩ Z ∩ W = ∅.

Definition 2.16. C is a w-frame proof code (w-FP code) whenever for any X ⊆ C with |X| ≤ w, we have

desc(X) ∩ C = X.

A code is w-FP if no coalition of size at most w can frame another regis-tered user.

FP codes were introduced by Boneh and Shaw[2] as a method of ” digital fingerprinting” which prevents a coalition of a special size w from framing a user not in the coalition. Stinson and Wei [15] then gave a combinatorial

formulation of the problem in terms of certain types of extremal set systems. We study FP codes that provide a certain (weak) form of traceability. Lemma 2.17. A w-SFP code is w-FP code.

Proof. X ⊆ desc(X) ∩ C is clear. Suppose y ∈ (desc(X) ∩ C) − X. Then by setting Y = {y} in Definition 2.12 we find X ∩ {y} = ∅, a contradiction.

We see an example. Example 2.18. Set

C = {111, 123, 132, 222, 213, 231, 333, 312, 321}.

It is easy to see that C is a 2-FP (3, 9, 3)-code. If we set

X = {111, 123}, Y = {132, 321},

then X ∩ Y = φ, but desc(X) ∩ desc(Y ) = {121} 6= φ. Hence C is not a 2-SFP (3, 9, 3)-code.

Related questions, including generalizations of frame proof codes to the setting of public-key, cryptography, have been studied in Biehl and Meyer (1997) [1], Chor et al. (1994)[5], Pfitzmann (1996)[10], and Pfitzmann and Waidner (1997a,b) [11], [12].

Suppose that C is a w-FP (n, N )-code and x ∈ {0, 1}n \ C (i.e., x is an unregistered user). If it happened that |desc−1(x)| = 1, say desc−1(x) = {X}, then we could conclude that X was the coalition that constructed x

(assuming, of course, that all coalitions have size at most w). More generally, if desc−1(x) 6= ∅ and there exists a codeword c(j) _{such that c}(j) _{∈ X for all}

X ∈ desc−1(x), then we would at least be able to identify user j as being guilty. Unfortunately, as shown in Boneh and Shaw (1995)[2], this is hoping for too much. The following theorem is a simple generalization of (Boneh and Shaw, 1995 [2], Theorem 11), which concerned the case w = 2.

A w-FP (n, N )-code is not necessary to permit traceability. D.R. Stinson, Tran van Trung and R. Wei (2000) [13] claimed why in following.

Theorem 2.19. (D.R. Stinson , Tran van Trung and R. Wei, 2000 )[13]. Suppose C is a w-FP (n, N )-code with N ≥ 2w − 1. Suppose D ⊆ C with |D| = 2w − 1. Let maj(D) ∈ {0, 1}n _{be defined as}

maj(D)i =    1, if |{ c ∈ D | ci = 1 }| ≥ w, 0, if |{ c ∈ D | ci = 0 }| ≥ w.

Then maj(D) is an unregistered user and maj(D) ∈ desc(X) for all X ⊆ D with |X| = w. That is, C does not permit traceability.

Proof. It is easy to see that maj(D) ∈ desc(X) for all X ⊆ D with |X| = w. It remains to show that maj(D) is an unregistered user. Suppose not; then maj(D) = c(u) _{for some u. Let}

X ⊆ D \ {c(u)} with |X| = w.

Then c(u) _{∈ desc(X) ∩ C = X, which contradicts the fact that C is a w-FP}

The above theorem says that we cannot be guaranteed of identifying a guilty user in a w-FP (n, N )-code. For, if x = maj(D) for some D where |D| = 2w − 1, then

\

X∈desc−1(x)

X = ∅.

Corollary 2.20. Any w-IPP (n, N )-codes have N < 2w − 1. _

We now consider 2-SFP (n, N )-code in more detail. Suppose that C is a 2-SFP (n, N )-code, suppose that x is an unregistered user, and suppose that X ∈ desc−1(x) with |X| ≤ 2. Since x is an unregistered user, |X| 6= 1. Therefore, |X| = 2.

Since desc−1(x) consists of a collection of 2-subsets of C, we can view it as the set of edges of a graph on vertex set C. Since C is a 2-SFP code, it must be the case that any two distinct edges in desc−1(x) are incident. From this it is easily seen that one of two possibilities must occur:

(i) desc−1(x) is a star graph (i.e., there exists a vertex that is incident to every edge of desc−1(x)).

(ii) desc−1(x) is isomorphic to K3 (the complete graph on three vertices).

As a consequence of this characterization of desc−1(x) in the case w = 2, we obtain the following result.

Theorem 2.21. (D.R. Stinson, Tran van Trung and R. Wei, 2000 )[13]. Suppose that C is a 2-SF P (n, N )-code and suppose that x is an unregistered

user that is produced by a coalition of size at most two. Then one of the following two possibilities must occur:

(i) at least one guilty user can be identified; or

(ii) a set of three user can be identified, two of which must be guilty.

 Since its inception in the early 1980’s, the field of copyright and distri-bution rights protection of multimedia documents has become an essential concern to companies that distribute digital documents. This is the case of Networked University for e-Learning. Independently of the use of the documents and the type of organization (public or private) the authors of educational documents have to be protected against dishonest users. The possibility of making copies of these documents without a quality degrada-tion constitutes a severe threat to authors rights.

The security mechanism in this environment must be more strict than in the e-commerce market with physical goods delivered to the user using tra-ditional networks. Cryptographic techniques are insufficient because the lack of confidence about the receiver behavior. The most acceptable techniques to solve this situation are watermarking and fingerprinting. Both techniques are based on embedding an imperceptible mark in the document. In the case of fingerprinting, analogously to the human fingerprint, the mark is unique for every legally distributed copy with the aim of discovering fraudulent re-distributors.

3

Cover-Free Families

We first define some terminologies concerning set systems. A set system is a pair (P, B) where P is a set of elements called points, and B is a set consisting of subsets of P, the members of B which are called blocks.

Let (P, B) be a set system with |B| = N . Fix w ≤ N.

Definition 3.1. A set system (P, B) is a (w; α)-cover-free family ((w; α)-CFF ) whenever for any X ⊆ B with |X | ≤ w and any A ∈ B − X ,

|A − [

X∈X

X| ≥ α + 1.

We refer a (w; 0)-CFF to w-CFF for short. (P, B) is k-uniform whenever |B| = k for any B ∈ B.

Let C denote an (n, N, q)-code over Q. For each c ∈ C, set

Bc := {(i, ci) | 1 ≤ i ≤ n} ⊆ [n] × Q.

Then ([n] × Q, {Bc}c∈C) is an n-uniform family. Observe for any x, y ∈ C,

Bx= By iff x = y,

and for X ⊆ C, x ∈ Qn_{, we have}

Bx ⊆

[

c∈X

Bc iff x ∈ desc(X).

Then we immediately have

Lemma 3.2. Let C be an (n, N, q)-code over Q. Then the set system ([n] × Q, {Bc}c∈C) is a w-CFF if and only if C is a w-FP code.

Proof. (=⇒) Suppose a set system ([n] × Q, {Bc}c∈C)is a w-CFF. Fix X ⊆ C

with |X| ≤ w, and given any codeword x ∈ desc(X) ∩ C. Hence Bx ⊆

[

c∈X

Bc

and x ∈ C. Since ([n] × Q, {Bc}c∈C) is a w-CFF, we know x ∈ X.

(⇐=) Suppose C is a w-FP code. Given any X ⊆ C with |X| ≤ w, and pick any y ∈ C − X. Since C is a w-FP code, we know desc(X) ∩ C = X. Thus y /∈ desc(X) implies By * [ x∈X Bx. Hence |By− S x∈XBx| > 1

It is natural to generalize the definition of a w-FP code to

Definition 3.3. An (n, N, q)-code C is a (w; α)-frame proof code ((w; α)-FP code) whenever ([n] × Q, {Bc}c∈C) is a (w; α)-CFF.

Hence a (w; 0)-FP code is a w-FP code.

Proposition 3.4. Suppose C is an (n, N, q; d)-code , where d > n(1 − _w12).

Then C is a (w; α)-FP code where

α =j n(1 − _w1) k

.

Proof. Fix X ⊆ {Bc}c∈C with |X | ≤ w and B ∈ {Bc}c∈C − X . Observe

|B ∩ B0_{| ≤ n − d for any B}0 _{∈ X . Hence}

|B − [

B0_∈X

B0| ≥ n − w(n − d) > n(1 − 1

Since |B − S B0_∈X B0| is an integer, we have |B − [ B0_∈X B0| ≥j n(1 −_w1) k + 1.

Proposition 3.5. Suppose that an (n, N, q)-code C is a (w; α)-FP code, where

α =j n(1 − _w1) k

. Then C is a w-TA code.

Proof. Fix X ⊆ C with |X| ≤ w and x ∈ desc(X). Since x ∈ desc(X), there exists y ∈ X such that |Bx∩ By| ≥ n/w. Hence ∂(x, X) ≤ α. Since C is a

(w; α)-FP code, |Bz− Bx| ≥ |Bz − [ y∈X By| ≥ α + 1

for any z ∈ C − X. Hence ∂(x, C − X) ≥ α + 1 > ∂(x, X).

From the above two Propositions, we reprove the following results. Corollary 3.6. (Staddon, Stinson and Wei, 2001)[14] Suppose C is an (n, N, q; d)-code with d > n(1 − _w12). Then C is an w-TA (n, N, q)-code. 

4

Complexes

Definition 4.1. A set system (P, B) is an (`, s; cover-free family ((`, s; e)-CFF) whenever for any ` members A1, A2, . . . , A` ∈ B and any other s

members B1, B2, . . . , Bs∈ B, | ` \ i=1 Ai− s [ j=1 Bj| ≥ e + 1.

By an (`, s; e)-disjunct matrix M we mean an incidence matrix of some (`, s; e)-cover-free family (P, B), i.e. M is a binary matrix with rows and columns indexed by B and P respectively such that

Mij =    1, if j ∈ i; 0, if j 6∈ i.

Our matrix is the transpose of the one studied in pooling designs [6]. In the language of pooling designs, the above ` is refer to the size of com-plexes, s to the number of positive comcom-plexes, e to the number of allowed test errors, |P | to the number of tests, and |B| to the number of items respectively. Theorem 4.2. Let C be an (n, N )-code. Then the set system ([n]×Q, {Bc}c∈C)

is an (w, w; 0)-CFF if and only if C is an w-SFP code for 1 ≤ w ≤ n − 1. Proof. (=⇒) Pick any X, Y ⊆ C with |X|, |Y | ≤ w and X ∩ Y = ∅. Then T

x∈XBx−

S

y∈Y By = ∅ by assumption. Choose

(i, ci) ∈ \ x∈X Bx− [ y∈Y By.

Then with refering to the Definition 2.2, Xi = {ci} and ci ∈ Y/ i. Hence

Xi∩ Yi = ∅. Thus desc(X) ∩ desc(Y ) = ∅.

(⇐=) Pick any X, Y ⊆ C with |X|, |Y | ≤ w and X ∩ Y = ∅. Then desc(X) ∩ desc(Y ) = ∅. That is

Note that Xi 6= {0, 1}, Xi 6= ∅, and similarly for Yi. Hence we can assume

Xi = {0} and Yi = {1}. Then (i, 0) ∈

T

x∈XBx−

S

y∈Y By.

Unlike Lemma 3.2, here we only can consider the binary code in Theorem 4.2.

Example 4.3. Set

C = {100, 010, 001, 111}.

It is easy to see that C is a 2-SFP (3, 4)-code by computing desc(X) ∩ desc(Y ) = ∅ for all X, Y ⊆ C with |X| = |Y | = 2. The following (2, 2; 0)-CFF is equivalent to the 2-SFP (3, 4)-code presented

P = {(1, 0), (1, 1), (2, 0), (2, 1), (3, 0)(3, 1)}, B = {{(1, 1), (2, 0), (3, 0)}, {(1, 0), (2, 1), (3, 0)},

{(1, 0), (2, 0), (3, 1)}, {(1, 1), (2, 1), (3, 1)}}.

Lemma 4.4. Set P = [n] = {1, 2, . . . , n} and B =   [n] n − 1  , the set of (n − 1)-subsets of P. Then (P, B) is an (`, 1; 0)-CFF.

Proof. For any ` members A1, A2, · · · , A` ∈

  [n] n − 1  , and other B ∈   [n] n − 1  , note that ` \ i=1 Ai ∈   [n] n − `  , and |T` i=1Ai− B| = 1.

Motivated by the above fact B *T`

i=1Ai in the proof of Lemma 4.4 , we

immediately have the following theorem.

Theorem 4.5. Fix n − ` ≤ n − 1. Let M denote the incidence matrix of   [n] n − 1   and   [n] n − ` 

 i.e. M is a binary matrix with rows and

columns indexed by   [n] n − 1  and   [n] n − ` 

 respectively such that Mij =

  

1, if j ⊆ i; 0, if j * i.

; Then M is an (`, s; 0)-disjunct matrix of size n ×   n `  , where ` + s ≤ n. <sub></sub> Note that when ` = 1 the above M is an identity matrix, hence we refer this construction as a trivial construction.

5

Allowing Test Errors

Recalling the definition of (w; FP code, we want to construct (w; α)-CFF by means of the disjunct matrix. In the study of pooling design, this α is related to the error correcting ability [8]. The following theorem give a construction of disjunct matrices with some error correcting ability.

Theorem 5.1. Fix s < n − ` ≤ n − 1. Let M denote the incidence matrix of   [n] n − 1   and   [n] n − ` − 1  . Then M is an (`, s; n − ` − s − 2)-disjunct matrix of size n ×   n ` + 1  .

Proof. Pick any distinct A1, A2, · · · , A`, B1, B2, · · · , Bs ∈   [n] n − 1  . Then ( ` \ i Ai) ∩ Bj ∈   [n] n − ` − 1  

for any 1 ≤ j ≤ s. Note that there are n − ` (n − ` − 1)-subsets contained in T`

iAi and s of then are contained in some Bj for 1 ≤ j ≤ s. Hence we still

can pick e + 1 = n − ` − 1 − s (n − ` − 1)-subsets which are contained in each of Ai, but none of Bj.

We believe the existence of a (`, s; e)-disjunct matrix is applicable to the study of codes for copyright protection with error correcting ability. Further study is necessary.

6

A Simple Construction of SFP codes

An (n, N )-code C can be depicted as an N × n binary matrix M, where each row of the matrix corresponds to one of the codewords.

Example 6.1. Let C = {c(1) _{= 111, c}(2) _{= 100, c}(3) _{= 010, c}(4) _{= 001}, and}

C can be depicted as M =         1 1 1 1 0 0 0 1 0 0 0 1         .

We will show that C is a 2-SFP (3, 4)-code by computing desc(X) for all X with |X| = 2 : desc({c(1), c(2)}) = {100, 111, 101, 110}, desc({c(1), c(3)}) = {010, 111, 011, 110}, desc({c(1), c(4)}) = {001, 111, 011, 101}, desc({c(2), c(3)}) = {100, 010, 110, 000}, desc({c(2), c(4)}) = {100, 001, 101, 000}, and desc({c(3), c(4)}) = {010, 001, 000, 011}. From this, it can easily be checked that

desc({c(1), c(2)}) ∩ desc({c(3)_{, c}(4)_{}) = ∅,}

desc({c(1), c(3)}) ∩ desc({c(2)_{, c}(4)_{}) = ∅,}

and

desc({c(1), c(4)}) ∩ desc({c(2), c(3)}) = ∅.

Next, we collect some direct and explicit constructions for secure frame proof codes.

Theorem 6.2. (D.R. Stinson, Tran van Trung and R. Wei, 2000 )[13]. For any integer w ≥ 2, there is a w-SFP (

  2w − 1 w − 1  , 2w)-code.

Proof. We define a binary matrix M and the rows of M will be a w-SFP (   2w − 1 w − 1 

, 2w)-code. The rows of M are indexed by the elements in the set {1, . . . , 2w}, and the columns are indexed by the w-subsets S ⊆ {1, . . . , 2w} such that 1 ∈ S. Denote these subsets as S1, . . . , Sn, where n =

 

2w − 1 w − 1



. Now, the entry in row i and column j of M is defined to be

Mij =    1 if i ∈ j, 0 if i /∈ j. We show that C = {c(1)_{, . . . , c}(2w)_{} is a w-SFP (}   2w − 1 w − 1  , 2w)-code. It suffices to verify that Definition is satisfied for all X, Y ⊆ C such that |X| = |Y | = w and X ∩ Y = ∅. Since N = 2w, it follows that Y = C \ X. Without loss of generality, suppose that c(1) _{∈ X. Now, there is a unique bit}

position i such that Xi = {1} and Yi = {0} which implies Xi∩ Yi = ∅. Hence,

desc(X) ∩ desc(Y ) = ∅, as desired.

Example 6.3. The 2-SFP (3, 4)-code given in Example 6.1 is constructed by the method of Theorem 6.2.

described in Theorem 6.2. The binary matrix M is as follows: M =               1 1 1 1 1 1 1 1 1 1 1 1 1 1 0 0 0 0 0 0 1 0 0 0 1 1 1 0 0 0 0 1 0 0 1 0 0 1 1 0 0 0 1 0 0 1 0 1 0 1 0 0 0 1 0 0 1 0 1 1               The following result can be proved in a similar way.

Theorem 6.5. (D.R. Stinson, Tran van Trung and R. Wei, 2000 )[13]. For any integer w ≥ 2, there is a w-SFP (2

  2w − 1 w − 1  , 2w + 1)-code.

Proof. Let the 2w ×  

2w − 1 w − 1



 matrix M be defined as in Theorem 6.2.

Then construct a (2w + 1) × 2   2w − 1 w − 1  matrix M0 as follows: M0 =   M M 0 · · · 0 1 · · · 1  .

It is not hard to show that the set of rows in M0 is the incidence matrix of a w-SFP (2   2w − 1 w − 1  , 2w + 1)-code.

7

A Simple Construction of IPP Codes

We depict an (n, N, q; d)-code C as an N × n matrix M (C) on q symbols, where each row of the matrix corresponds to one of the codewords of C. For

any a ∈ Q, define

mj(a) = |{i | M (C)ij = a}|,

i.e.,mj(a) is the frequency of a on the j-th column of M (C). Define

m(C) = max1≤j≤n,a∈Q(mj(a)).

Example 7.1. Set M (C) =      1 0 1 0 1 1 0 0 1      , then m1(0) = 2, m2(0) = 2, m3(0) = 0 and m1(1) = 1, m2(1) = 1, m3(1) = 3. So m(C) = 3.

Definition 7.2. Let C be an (n, N, q; d)-code.We say that C has an σ-resolution if the codewords of C can be partitioned into s subsets A1,. . . ,As,

where |Ai| = σ, for i = 1, . . . , s, in such a way that each Ai is a code of

minimum distance equal to n, i.e., any two codewords of Ai agree in no

position. We see an example. Example 7.3. Set C = {123, 132, 213, 231, 312, 321} be a (3, 6, 3; 2)-code. Set A1 = {123, 231, 312}, A2 = {132, 321, 213}.

Since C can be partitioned into 2-subsets A1, A2, and the minimum distance

of A1 and A2 are equal to n = 3, we say C has a 3-resolution.

Theorem 7.4. (Tran and Sosina, 2004 )[16]. Let C1 be an (n1, N1, q1; d1

)-code over Q1 and let C2 be an (n2, N2, q2; d2)-code over Q2 with a σ-resolution

A1, . . . , As such that s ≥ m(C1). Then the following hold.

(i) there exist an (n1n2, σN1, q1q2; n1n2− (n1− d1)(n2− d2)) code C.

(ii) Further, if q1q2 ≥ N1, then C can be extended to a code C∗ having

parameters (n1n2 + 1, σN1, q1q2; d), where d = min{n1n2; n1n2 + 1 −

(n1 − d1)(n2− d2)}.

Proof. Let C1 be an (n1, N1, q1; d1)-code over Q1. Let C2 be an (n2, N2, q2; d2)

code over Q2 with a σ-resolution A1, . . . , As. Suppose s ≥ m(C1). For each

a ∈ Q1 denote by C2(a) a copy of C2 defined over Q(a) such that

Q(a1) ∩ Q(a2) = ∅ if a1, a2 ∈ Q1 and a1 6= a2.

Denote by A1(a), . . . , As(a) a σ-resolution of C2(a).

Let colj = (a1,j, a2,j, . . . , ab1,j)

T _{be the j-th column of M (C}

1), 1 ≤ j ≤ n1.

Let a(1), . . . , a(t), say, be t positions of colj at which symbol a ∈ Q1 appears.

Note that t ≤ m(C1). Now replace a at position a(1) by A1(a), a at position

a(2) by A1(a), etc., and a at position a(t) by At(a). Perform this process for

every symbol of Q1 and for every column of M (C1). The resulting code C

obtained by this replacement has parameters (n1n2, σN1, q1q2; n1n2 − (n1−

d1)(n2− d2)).

Obviously, the length and the number of codewords of C is n1n2 and

(n1− d2) positions. After replacement c1 and c2 correspond to two subsets

R1 and R2 of σ codewords each. Any two codewords in R1 (resp. R2) agree

in no position, whereas a codeword from R1 and a codeword from R2 agree

in at most (n1− d1)(n2− d2) positions. Hence the minimum distance of C is

n1n2− (n1− d1)(n2− d2) , as stated.

Further, if q1q2 ≥ N1then C can be extended to a code C∗having

parame-ters (n1n2+1, σN1, q1q2; d), where d = min{n1n2, n1n2+1−(n1−d1)(n2−d2)}.

Let Q = {a1, a2, . . . , aq1q2} be the alphabet of C and let C1 = {c1, c2, . . . , cN1}.

By construction, any codeword ci ∈ C1 corresponds to a subset Ri of σ

code-words. For any i = 1, . . . , N1, we add symbol ai to the (n1n2+ 1)-th column

of each codeword of Ri. This forms a set R∗i. The collection of all R ∗

i forms an

(n1n2+ 1, σN1, q1q2; d) code C∗ with d = min{n1n2, n1n2+ 1 − (n1− d1)(n2−

d2)}. This can be seen as follows. Any two codewords x∗ and y∗ of C∗ belong

either to some R∗_i or to two different R∗_i and R∗_j. In the first case their distance is n1n2 because their components agree only at the (n1n2 + 1)-th column,

and in the second case their distance is at least n1n2+ 1 − (n1− d1)(n2− d2)

because their components at the (n1n2 + 1)-th column are distinct.

We illustrate the construction in Theorem 7.4 by the following example. Example 7.5. Let C1 be a (3, 4, 2; 2)-code over Q1 = {0, 1} given by

M (C1) =         0 1 1 1 0 1 1 1 0 0 0 0        

A2(0): A1(0) =      1 2 3 2 3 1 3 1 2      , A2(0) =      1 3 2 3 2 1 2 1 3      .

Let C2(1) be a copy of C2(0) over {4, 5, 6} with a 3-resolution

A1(1) =      4 5 6 5 6 4 6 4 5      , A2(0) =      4 6 5 6 5 4 5 4 6      .

Replacing entries of M (C1) by Ai(j) gives

        A1(0) A1(1) A1(1) A1(1) A1(0) A2(1) A2(1) A2(1) A1(0) A2(0) A2(0) A2(0)         .

Thus, we obtain a (9, 12, 6; 8)-code C. Now, since the condition q1q2 > N1

M (C) =                                    1 2 3 4 5 6 4 5 6 2 3 1 5 6 4 5 6 4 3 1 2 6 4 5 6 4 5 4 5 6 2 3 1 6 5 4 5 6 4 2 3 1 6 5 4 6 4 5 3 1 2 5 4 6 4 6 5 4 6 5 1 2 3 6 5 4 6 5 4 2 3 1 5 4 6 5 4 6 3 1 2 1 3 2 1 3 2 1 3 2 3 2 1 3 2 1 3 2 1 2 1 3 2 1 3 2 1 3                                    ,

M (C∗) =                                    1 2 3 4 5 6 4 5 6 1 2 3 1 5 6 4 5 6 4 1 3 1 2 6 4 5 6 4 5 1 4 5 6 2 3 1 6 5 4 2 5 6 4 2 3 1 6 5 4 2 6 4 5 3 1 2 5 4 6 2 4 6 5 4 6 5 1 2 3 3 6 5 4 6 5 4 2 3 1 3 5 4 6 5 4 6 3 1 2 3 1 3 2 1 3 2 1 3 2 4 3 2 1 3 2 1 3 2 1 4 2 1 3 2 1 3 2 1 3 4                                   

We describe a simple construction for q-ary codes which has been pre-sented by Bush (1952)[3] for orthogonal arrays.

Theorem 7.6. (Bush,1952 )[3]. Let C1 be an (n, N1, q1; d1)-code over Q1

and C2 be an (n, N2, q2; d2)-code. Then there exists an (n, N1N2, q1q2; d)-code,

where d = min{d1, d2}.

Proof. Let C2be an (n, N1, q1; d1)-code over Q1and let C2be an (n, N2, q2; d2

)-code over Q2. Let Q = Q1× Q2. We define a code C over Q as follows. For

any pair of codewords a = (a1, ..., an) ∈ C1 and b = (b1, ..., bn) ∈ C2 we

construct a vector

Then it is easy to verify that

C = {c(a, b) | a ∈ C1, b ∈ C2} ⊆ Qn

is an (n, N1N2, q1q2; d)-code, where d = min{d1, d2}.

Definition 7.7. A code C ⊆ F_qn is a [n, k, d]-linear code if C is a subspace of Fn

q with dimension k and minimum distance d.

Definition 7.8. A [n, k, d]-linear code with d = n−k+1 is called a maximum distance separable code, denoted M DS codes.

Theorem 7.6 can be used to construct q-ary codes achieving M DS codes, for which q is not a prime power, in the language of orthogonal arrays an (n, N, q; d) M DS code is an OA1(n − d + 1, n, q); here we have N = qn−d+1.

We record this special case of the Bush construction in the following theorem.

Theorem 7.9. (Bush, 1952)[3] The existence of (n, q₁k, q1; d) and (n, q2k, q2; d)

MDS codes having the same d = n − k + 1 implies the existence of an (n, (q1q2)k, q1q2; d) MDS code.

As a consequence of Theorem 7.9 , we have the following corollary. Corollary 7.10. For any integer n ≥ 2 and s with a prime factorization s = pe1

1 ...perr such that n ≤ p ei

i , i = 1, 2, ..., r, there is an (n, sk, s) MDS codes,

Proof. The corollary follows from the existence of (n, (pei

i )k, (p ei

i )) MDS codes

for i = 1, ..., r.

By combining Corollary 7.10 and Corollary 3.6 we obtain the following theorem.

Theorem 7.11. Let w ≥ 2 be any given integer. For any integer n > w2

and s having s = pe1

1 ...p ek

k as its prime factorization with n ≤ p ei

i for all

i = 1, ..., k there exists an w-IPP (n, N, s)-code, where N = sdw2ne. 

Definition 7.12. Let C1 be an (n2, N2, q2)-code over Q2 and let C2 be an

(n1, q2, q1)-code over Q1. We define the concatenated code of C1 and C2 as

following: Let Q2 = {a1, ..., aq2} and let C2 = {b1, ..., bq2}. Let θ : Q2 → C2

be the one-to-one mapping defined by θ(ai) = bi

for 1 ≤ i ≤ q2. For any codeword a = (a1, ..., an2) ∈ C1 we denote by

˜a = (θ(a1), ..., θ(an2)) = (b1, ..., bn2)

the q1-ary sequence of length n1n2 obtained from a by using θ. The set

C = {˜a = (b1, ..., bn2) | a = (a1, ..., an2) ∈ C1}

is an (n1n2, N2, q1)-code, called the concatenated code of C1 and C2.

Example 7.13. Set

C1 = {12, 13, 23}

be a (2,3,3)-code over {a1 = 1, a2 = 2, a3 = 3}. Set

be a (3, 3, 2)-code over {4, 5}. Define θ be the one to one mapping by θ(ai) =

bi for i = 1, 2, 3. Then the concatenated code C of C1 and C2 presented

C = {(445, 455), (445, 555), (455, 555)} be a (6, 3, 2)-code.

Next important theorem shows that the concatenation technique works for IPP codes.

Theorem 7.14. (Tran and Sosina, 2005 )[17]. Let C1 be an w-IPP (n2, N2, q2

)-code over Q2 and let C2 be an w-IPP (n1, q2, q1)-code over Q1. Then the

concatenated code C of C1 and C2 is an w-IPP (n1n2, N2, q1)-code.

Proof. Let x = (x1, ..., xn1n2) ∈ Q

n1n2

1 . We partition x into n2blocks x1, ..., xn2

with xi = (x(i−1)n1+1, ..., xin1) ∈ Q n1 1 , 1 ≤ i ≤ n2. We will write x = (x1, ..., xn2). Specially, if x = c = (b1, ..., bn2) ∈ C, then b 0 is are

them-selves blocks of the partition of c.

Suppose x ∈ desc(Ci), 1 ≤ i ≤ r, where Ci ⊆ C with |Ci| = αi ≤ w. We

prove that T

1≤i≤r(Ci) 6= ∅, i.e. C is a w-IPP code.

Let Ci = {c (i) 1 , ..., c (i) αi} ⊆ C, where c (i) j = (b (i) j1, ..., b (i) jn2). For any 1 ≤ i ≤ r

and any 1 ≤ ` ≤ n2 define D (i) ` = {b (i) 1`, ..., b (i) αi`}, i.e. D (i) ` is the collection of

all `th blocks of the codewords of Ci. In other words, D (i)

` ⊆ C2 is a subset of

αi codewords. As x ∈ desc(Ci) by the assumption, we have x` ∈ desc(D (i) ` )

for 1 ≤ i ≤ r and 1 ≤ ` ≤ n2. Since C2 is a w-IPP code, we have

\

1≤i≤r

D<sub>`</sub>(i) 6= ∅. Let b` ∈ T_1≤i≤rD

(i)

` be an arbitrary but fixed codeword, i.e. b` is a guilty

user for x` in code C2. Set y = (b1, ..., bn2). Let ¯y = (a1, ..., an2) ∈ Q

the corresponding sequence obtained from y using θ, i.e. ai = θ−1(bi). In the

same way let ¯Ci = {¯c (i) 1 , ..., ¯c

(i)

αi} ⊆ C1 denote the corresponding subset of Ci.

Since y ∈ desc(Ci) by the construction, we have ¯y ∈ desc( ¯Ci). for 1 ≤

i ≤ r. Hence

¯ y ∈ \

1≤i≤r

desc( ¯Ci).

Since C1 is a w-IPP code, we have

\

1≤i≤r

¯ Ci 6= ∅.

Let ¯z0 = (a0₁, ..., a0_n2) ∈ T

1≤i≤r( ¯Ci) be a guilty user for ¯y in C1. Then z 0 ₌

(b01, ..., b0n2) ∈ Ci for 1 ≤ i ≤ r, where z

0 _{the codeword of C corresponding}

to ¯z0. Therefore

\

1≤i≤r

Ci 6= ∅.

Thus C is an w-IPP code.

References

[1] Biehl, I., Meyer, B., Protocols for collusion-secure asymmetric finger-printing. 14th Symposium on Theoretical Aspects of Computing, Lec-ture Notes in Computer Science, Vol. 1200 (1997). Springer, Berlin, pp. 399-412.

[2] Boneh, D., Shaw, J., Collusion-secure fingerprinting for digital data, Advances in Cryptology-Crypto ’95. Lecture Notes in Computer Science, Vol. 963. Springer, Berlin, (1995) pp. 452-465.

[3] Bush, K.A., Federer, W.T., Pesotan, H., Raghavarao, D., New combina-torial designs and their application to group testing, J. Statist. Plann. Inference 10, (1984) 335-343.

[4] Chee, Y.M., Tur´an-type problems in group testing, coding theory and cryptography, Ph.D. Thesis, University of Waterloo. (1996)

[5] Chor, B., Fiat, A., Naor, M., Tracing traitors. Advances in Cryptology-Crypto ’94, Lecture Notes in Computer Science, Vol. 839. Springer, Berlin, (1994) pp. 257-270.

[6] Du, D.-Z., Hwang, F.K., Pooling designs and nonadaptive group testing, World Scientific, Singapore. (2006)

[7] A. J. Macula. A simple construction of d-disjunct matrices with certain constant weights, Discrete Math. (1996) 162:311–312.

[8] A. J. Macula,. Error-correcting nonadaptive group testing with de

-disjunct matrices, Discrete Appl. Math. (1997) 80:217-222.

[9] Marcel Fernandez and Miguel Soriano, Intellectual property protection of e-learing contents, International conference on network universities and e-Learing. 8-9 May (2003), Valencia. Spain.

[10] Pfitzmann, B., Trials of traced traitors, Workshop on Information Hiding, Lecture Notes in Computer Science, Vol. 1174. Springer, Berlin, (1996) pp. 49-64.

[11] Pfitzmann, B., Waidner, M., Asymmetric fingerprinting for larger col-lusions, Fourth ACM Conference on Computer and Communications Security. (1997a)

[12] Pfitzmann, B., Waidner, M., Anonymous fingerprinting. Advances in Cryptology-Eurocrypt ’97, Lecture Notes in Computer Science, Vol. 1233. Springer, Berlin, (1997b) pp. 88-102.

[13] J. N. Staddon, D. R. Stinson and R. Wei, Combinatorial properties of frameproof and traceability codes, IEEE Trans. Inform. Theory, Vol. 47 (2001) pp. 1042-1049.

[14] D. R. Stinson, Tran van Trung and R. Wei, Secure frameproof codes, key distribution patterns, group testing algorithms and related structures, Journal of Statistical Planning and Inference 86 (2000) 595-617.

[15] Stinson, D.R., Wei, R., Combinatorial properties and constructions of traceability schemes and frameproof codes, SIAM J. Discrete Math. 11, (1998)41-53.

[16] Tran van Trung and Sosina Martirosyan, On a class of traceability codes, Design, Codes and Cryptography, 31, (2004) 125-132.

[17] Tran van Trung and Sosina Martirosyan, New constructions for IPP codes, Design, Codes and Cryptography, 35, (2005) 227-239.