Why Blu-ray encryption had to fail
The news last month that Blu-Ray encryption was broken was no surprise. It was inevitable.
Consumer content encryption is a fool's game, a war the movie industry can't win. Why?
It is this simple:
- Sell the consumer the encrypted content
- Sell the consumer the de-encryption device, i.e. a content player
- With access to the input, the output and the decryption device, it is only a matter of time before the encryption algorithm is broken.
Bletchley Park all over again This is analogous to the Allied breaking of the German military codes during WWII. When the Poles reverse-engineered the military Enigma, it was only a matter of time before a smart mathematician figured out how to recover the frequently changed encryption keys.
The British, at Bletchley Park, turned this process into a computer-assisted industrial system for large-scale key recovery and decryption, but the essential math had been known for many decades.
Yes, the Blu-ray algorithm has some interesting wrinkles, and it looked great 10 years ago. But Moore's Law kept pushing compute performance up and gradually 256 isn't such a big number.
The 2001 paper, Four Simple Cryptographic Attacks on HDCP by Keith Irwin, outlined how to break HDCP - the encryption between players and video sources carried by HDMI - so pirates didn't even need to break Blu-ray encryption to get clear content.
But the new HDCP allows decryption of source files:
This is a forty times forty element matrix of fifty-six bit hexadecimal numbers.
To generate a source key, take a forty-bit number that (in binary) consists of twenty ones and twenty zeroes; this is the source KSV. Add together those twenty rows of the matrix that correspond to the ones in the KSV (with the lowest bit in the KSV corresponding to the first row), taking all elements modulo two to the power of fifty-six; this is the source private key.
A simple matter of computing.
And now both are broken. There is no getting this genie back in the bottle.
The Storage Bits take I love movies. I have a collection of over 1300 DVDs - including a couple of dozen Blu-rays. I understand that hundreds of thousands of jobs and families rely on the sale of entertainment through theaters, optical media, downloads and TV networks.
But if the movie industry doesn't want to go the way of the record companies, they have to adapt.
The movie industry's challenge is to create compelling content priced so the audience has no interest in pirate copies. Yes, there will always be revenue lost to pirates.
The cure: give people a good product, reasonably priced and convenient. That, not encryption, is the long term solution.
Comments welcome, as always. The movie Enigma, a thriller set in Bletchley Park during WWII, included Rolling Stone Mick Jagger among the producers. Update: An informed reader asked about what NCR had done during WWII with Enigma. More than I knew. Here's a link.