From derek@spider.com Mon Oct 25 23:37:29 1999
Date: Mon, 4 Oct 1999 16:58:08 +0100
From: Derek Fawcus <derek@spider.com>
To: Dr. David Gilbert <gilbertd@treblig.org>
Cc: livid-dev@livid.on.openprojects.net
Subject: [Livid-dev] Re: CSS

  [ CC'ed back to livid list ]

On Mon, Oct 04, 1999 at 04:43:39PM +0100, Dr. David Gilbert wrote:
> On Mon, 4 Oct 1999, Derek Fawcus wrote:
> 
> >   It's still a hard problem 408 key slots (how many have real keys),  each
> > of 40 bits (2 ** 40 combinations) that have to be run through the decrytion
> > algo to get the result. The only advantage one has is a known plaintext
> > result.
> 
> Well I'm not a cryptologist, but don't you end up actualyl being able to
> simplify the cracking process because you have potentially multiple
> results which must generate the same result?

  Not sure.  Possibly.

> Also can you take advantage of knowing the format of the recovered stream
> (like wanting to find an MPEG start code in there?)

  It's simpler than that.  The CSS decode algo is basically:

  D  = 2048 byte disk key (array of 409 40 bit texts)

  P  = 40 bit player specific secret key
  d  = 40 bit text from disk key
  T  = 40 bit title key

  we have a function F,  such that:

  X' = F(X,K) decrypts the text X using key K to give X'

  D (thus d) and T come from the CSS authentication process and are
fixed for given disk and title.
  
  The process is basically:

  d' = F1(d,P)

  T' = F2(T,d')

  S' = F3(S,T')

  Where F2 is similar to F1,  and F3 is the stream decoding of the encryted
2048 byte sector S.

  Since for a given title T' (and thus d') is fixed,  all we have to do is
the first stage decryption of the private key slots to find the fixed text
d' i.e.

  for (each slot)
    pick d from slot
    for (P = 0; P < 2 **40; ++P)
      if (F1(d, P) == d')
         print(got key P)

  However even that is a lot.  Now can it be speeded up?  I don't know.
Now if the above is done and all keys found - what sort of effect do you
think it'll have on the DVD industry?

DF
-- 
Derek Fawcus                                                    derek@spider.com
Spider Software Ltd.                                        +44 (0) 131 475 7034


_______________________________________________
Livid-dev maillist  -  Livid-dev@livid.on.openprojects.net
http://livid.on.openprojects.net/mailman/listinfo/livid-dev