AACS and broadcast encryption

By
EKR
on April 15, 2005 10:15 PM | Comments (2) | TrackBacks (75) |
The specifications for AACS, the replacement for the CSS DVD encryption system, are out. I've just skimmed it, but it looks to be much more competently designed than CSS. CSS used a single key to encrypt every DVD, so as soon as a single device was compromised the system was catastrophically broken.

The naive way to solve this problem is to give each DVD player its own encryption key. Call the key owned by player i K_i. When you want to print a DVD you generate a random key k and encrypt it under each K_i. So, the DVD will have a key encryption block consisting of E(K_1,k), E(K_2,k), E(K_3,k), ... E(K_n,k), where n is the last DVD player that will ever be manufactured. Then, when player j is compromised you just don't encrypt under key K_j for all future DVDs. Now, you can't always tell when a player has been compromised, but the threat model here is that someone takes the key and embeds it in a piece of software, so all you have to do is get a copy of the software player and extract the key.

There is an obvious problem with this scheme: the key encryption block is enormous. If you expect a billion DVD players to be made, then each DVD player will need to have a billion encrypted keys. If each key is 16 bytes, that's 16 GB, which is twice as large as a DVD--and we don't even have any data on it yet.

Luckily, it turns out that there are schemes (collectively called "broadcast encryption" schemes) for arranging the keys in such a way that the encryption block is much smaller. The simplest one is to lay out all the keys in a tree, like so:

Each player gets one of the leaf node keys and all the keys on the path to the root. So, player 0 would get keys K, K_0, and K_00.

Initially, all DVDs are encrypted under key K which all players have. (Well, technically the DVD key is encrypted under K.) Now, say that key K_00 is compromised. From then on DVDs are encrypted under keys K_01 and K_1. This allows every player but player 0 (holding K_00) to decrypt the DVD). Every time a player is compromised, you change the set of keys you encrypt under to exclude that key. This isn't the best (most efficient) scheme, but it should give you the basic idea. The particular scheme that AACS uses is called "subset difference", which is rather more complicated to explain. (see here for an explanation.)

75 TrackBacks

Listed below are links to blogs that reference this entry: AACS and broadcast encryption.

TrackBack URL for this entry: http://www.educatedguesswork.org/cgi-bin/mt/mt-tb.cgi/220

Next-Gen DVD Encryption: Better, but Won't Stop Filesharing from Freedom to Tinker on April 18, 2005 8:29 AM

Last week, specifications were released for AACS, an encryption-based system that may be used on next-generation DVDs. You may recall that CSS, which is currently used on DVDs, is badly misdesigned, to the point that I sometimes use it in teaching as a... Read More

free poker from free poker on June 20, 2005 8:54 PM

Please check out the pages about free poker Read More

texas holdem poker strategies from texas holdem poker strategies on June 22, 2005 4:55 AM

You can also take a look at some information on three card poker strip poker download Read More

loans from loans on June 25, 2005 10:45 PM

You can also take a look at some relevant pages in the field of loans home loans Read More

poker rooms from poker rooms on June 28, 2005 9:34 PM

You can also visit some relevant pages in the field of poker games Read More

philips components from dadula.slife.com on July 22, 2005 7:59 PM

philip larkin sad steps a philip randolph john philip sousa biography gina philips gallery philips electronics firmware update for dvp642 philips lcd displays philip reinisch furniture philips electronics homepage philips lcd flat tvs philip anselmo ma... Read More

free roll poker tournament from free roll poker tournament on August 27, 2005 6:54 PM

You can also check the pages about poker stars free play Read More

poker from poker on September 10, 2005 5:29 AM

poker Men never do evil so completely and cheerfully as when they do it from religious conviction. Read More

free online poker sex from free online poker sex on September 16, 2005 10:21 AM

In your free time, check the pages in the field of free video poker Read More

jenna jameson biography from jenna jameson on September 22, 2005 12:26 AM

jenna jameson Read More

refinance from refinance on October 5, 2005 4:41 AM

refinance Read More

cheap tickets from cheap tickets on October 9, 2005 10:50 PM

cheap tickets Read More

book casino online sport from book casino online sport on October 11, 2005 9:02 PM

You may find it interesting to visit some information about betting legal online Read More

craps from craps on October 15, 2005 4:40 AM

You are invited to check out some helpful info in the field of casino descarga portales web Read More

Express Script Pharmacy from Express Script Pharmacy on October 19, 2005 4:07 PM

Take your time to take a look at some relevant information dedicated to canada no pharmacy prescription Read More

debt consolidation refinance from debt consolidation refinance on October 30, 2005 10:11 AM

debt consolidation refinance Read More

bank of america from bank of america on November 1, 2005 9:28 PM

bank of america Read More

thanksgiving gifts from thanksgiving gifts on November 4, 2005 12:23 AM

thanksgiving gifts Read More

for you from from Jhon Smit on November 10, 2005 7:35 PM

Best earning for you!!! Read More

best for you from from Jhon Smit on November 14, 2005 8:42 PM

After a few years of marriage, I began to let myself slide. My wife kept telling me that she didn't mind the extra weight that I had put on around my waist but I knew that she was lying. I tried the gym, I tried other diets, but nothing worked. I de... Read More

cool site from from Jhon Smit on November 19, 2005 10:25 PM

Hey guys! It's cool site! Read More

backgammon checkers from backgammon checkers on November 24, 2005 2:03 AM

payoff invigorate?saltiest spasm polluted somebody.sturdiness:online backgammon http://www.realestatehotdeals.com/online-backgammon.html Read More

online pharmacies from online pharmacies on November 30, 2005 3:28 AM

online pharmacies Read More

delta airline tickets from delta airline tickets on December 8, 2005 11:33 PM

delta airline tickets Read More

air conditioners from Air Conditioner Blog on December 27, 2005 1:19 PM

TITLE: air conditioners URL: http://www.freehost.ag/conditioners/air.htm IP: 24.46.165.132 BLOG NAME: Air Conditioner Blog DATE: 12/27/2005 01:19:59 PM Read More

phentermine from phentermine on January 4, 2006 5:58 AM

surrounding barred:wolf rowboat fleshes panics overturned phentermine http://www.toylane.net/ Read More

online poker from online poker on January 7, 2006 10:13 AM

All information on online poker, is available at online poker - online poker Read More

Disney Vacation from Disney Vacation on January 7, 2006 7:50 PM

Disney Vacation Read More

adaware from adaware on January 9, 2006 3:03 AM

adaware Read More

adaware download from adaware download on January 9, 2006 3:13 AM

adaware download Read More

happy valentines day from happy valentines day on January 10, 2006 1:21 AM

happy valentines day Read More

replicas from replica watches on January 10, 2006 3:15 PM

TITLE: replicas URL: http://replicas.re.funpic.de/ IP: 217.218.199.3 BLOG NAME: replica watches DATE: 01/10/2006 03:15:06 PM Read More

kelly blue book from kelly blue book on January 11, 2006 3:24 AM

kelly blue book Read More

olympic games 2006 from olympic games 2006 on January 11, 2006 3:27 AM

olympic games 2006 Read More

weight bench from weight bench on January 12, 2006 1:38 AM

weight bench Read More

alaska airlines vacations from alaska airlines vacations on January 15, 2006 8:42 PM

alaska airlines vacations Read More

delta airlines from delta airlines on January 22, 2006 1:50 PM

delta airlines Read More

tennis elbow from tennis elbow on January 22, 2006 11:48 PM

TITLE: tennis elbow URL: http://1tennis.1t.funpic.de/elbow.htm IP: 71.131.187.253 BLOG NAME: tennis elbow DATE: 01/22/2006 11:48:40 PM Read More

bankofamerica from bankofamerica on January 24, 2006 3:30 AM

bankofamerica Read More

kelly blue book from kelly blue book on January 25, 2006 11:31 PM

kelly blue book Read More

giftbasket from giftbasket on January 26, 2006 1:50 AM

giftbasket Read More

cephalexin keflex from cephalexin keflex on January 26, 2006 6:29 AM

Description with links to full prescribing information for this Read More

massages from massages on January 27, 2006 3:04 AM

massages Read More

torino 2006 from torino 2006 on January 30, 2006 2:27 AM

torino 2006 Read More

travelocity from travelocity on February 1, 2006 9:25 PM

travelocity Read More

Home Equity Loan from Home Equity Loan on February 6, 2006 10:27 AM

Home Equity Loan Read More

alprazolam online from alprazolam online on February 9, 2006 5:11 AM

alprazolam online Read More

obesity from obesity on February 14, 2006 11:31 PM

obesity Read More

no-deposit-casino from no-deposit-casino on February 15, 2006 12:48 PM

TITLE: no-deposit-casino URL: http://icasinos.ic.funpic.de/no-deposit-casino.htm IP: 202.129.20.14 BLOG NAME: no-deposit-casino DATE: 02/15/2006 12:48:23 PM Read More

sport-betting-line from sport-betting-line on February 17, 2006 3:07 PM

TITLE: sport-betting-line URL: http://bettingline.be.funpic.de/sport-betting-line.html IP: 203.154.131.4 BLOG NAME: sport-betting-line DATE: 02/17/2006 03:07:21 PM Read More

online-slot-machine from online-slot-machine on February 18, 2006 9:11 AM

TITLE: online-slot-machine URL: http://www.20mbweb.com/Games/onlineslot/online-slot-machine.html IP: 80.198.145.194 BLOG NAME: online-slot-machine DATE: 02/18/2006 09:11:00 AM Read More

kelly blue book from kelly blue book on February 18, 2006 12:46 PM

kelly blue book Read More

tranny and most hot blogs from exellent hot blogs on February 19, 2006 11:45 AM

tranny milf and more Read More

lesbian hot blogs from exellent boobs blogs on February 19, 2006 12:54 PM

lesbian and boobs Read More

cupid from cupid on February 20, 2006 4:00 AM

http://cupid-lyrics.it-psp.com - cupid lyrics Read More

nice amateur babes from nue femmes blog on February 20, 2006 11:12 AM

hot babes online Read More

cocaine from cocaine on February 21, 2006 2:37 AM

cocaine Read More

alcoholics anonymous from alcoholics anonymous on February 21, 2006 3:18 AM

alcoholics anonymous Read More

more amateur babes from get free shemales blog on February 21, 2006 4:07 AM

exellent boobs online Read More

hot xxx pics from very hot shots on February 22, 2006 8:47 AM

free babes online Read More

amateur online from free babes online on February 24, 2006 3:31 AM

exellent pics collection Read More

superbowl odds from superbowl odds on February 25, 2006 11:36 PM

superbowl odds Read More

hoodia from on February 26, 2006 3:17 AM

TITLE: hoodia URL: http://hoodia.u-sa.org IP: 209.123.8.19 BLOG NAME: DATE: 02/26/2006 03:17:31 AM Read More

bad credit home loan refinancing from bad credit home loan refinancing on February 26, 2006 11:14 PM

TITLE: bad credit home loan refinancing URL: http://www.theguestbook.com/read.php/614174 IP: 83.219.129.44 BLOG NAME: bad credit home loan refinancing DATE: 02/26/2006 11:14:19 PM Read More

nice hot pics from xxx collection online on February 28, 2006 9:02 AM

more great pics Read More

2 Comments

By Chris Lightfoot on April 16, 2005 10:30 AM

You're missing the picture in this version of the page....

By Cypherpunk on April 16, 2005 6:32 PM

Actually CSS had 409 different player keys. The disk key was encrypted to all of these keys, and each player had a few keys. The idea was similar to AACS, that if a player's key got stolen, future disks would not be encrypted to that key. Unfortunately (for them) the crypto algorithm was so weak that it was broken completely and there was no need to use stolen keys.

Leave a comment