We introduce and analyze a randomized traitor tracing algorithm for broadcast security. This algorithm is very efficient compared to brute force methods (the mean time it takes is O( √ T) where T is the mean time taken by the brute force algorithm) and can catch traitors, i.e., dishonest users who collude by giving subsets of their key(s) to others. The system model we use can be applied to various broadcast scenarios, e.g., over the internet or in a PayTV system. We also prove a structure theorem for the “square” codes we design for traitor tracing. 1 Motivation Consider, for example, a PayTV system where a subscriber uses a decoder to decrypt the broadcast signal. Each decoder contains a unique set of decryption keys that can be used to identify the owner, and allows her to decrypt the digital object which is aimed at her. Traitor tracing schemes ensure that if up to w colluders construct a pirate decoder to access the data illegally, then at least one of them can be identifi...