[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

*To*: [email protected], [email protected]*Subject*: EFF misstatements in DeCSS brief*From*: lcs Mixmaster Remailer <[email protected]>*Date*: 9 Jan 2000 09:40:06 -0000*Delivered-To*: [email protected]*Old-Subject*: EFF misstatements in DeCSS brief*Sender*: [email protected]

>From the EFF's legal brief in the DVD encryption case, viewable at http://www.virtualrecordings.com/RESPONSE.htm: > The Plaintiff is using an encryption scheme to distribute large > quantities of data in a known format, and is providing alongside > the encrypted data a file consisting of a large number of decryption > keys, one of which is guaranteed to work at decrypting any given disk. > Under such circumstances, with large samples of encrypted data and valid > decryption keys provided, the task of determining what decryption process > will give back the original data is simple for those skilled in the art > of cryptanalysis. It is hard to imagine how two sentences could contain more errors and misleading statements. In the first place, consider the claim that the data format consists of an encrypted data file, alongside a large number of decryption keys. This is absurd. It would be utterly pointless to include the decryption key alongside the ciphertext. It would be equally pointless to include a large number of other decryption keys which don't work. What is actually done is that the single decryption key for the disk is separately encrypted using each of the keys reserved for each different family of DVD players. Then, each player knows which entry it can decrypt in order to recover the decryption key for the disk. So we see that it is false that the file consists of a large number of decryption keys; instead, it consists of ENCRYPTED decryption keys, another matter entirely and highly relevant in considering the security of the system. We also see that it is totally misleading to say with these keys, "one of which is guaranteed to work at decrypting any given disk." In fact each and every one of the encrypted decryption keys is guaranteed to work at decrypting that disk. Even if these complete misstatements of the facts were correct, we are then presented with the claim that given large samples of encrypted data and valid decryption keys, "the task of determining what decryption process will give back the original data is simple for those skilled in the art of cryptanalysis." Bullshit! Even if we were given ciphertext and decryption keys (which we're not), determining the "decryption process" (i.e. the decryption algorithm) and recovering the original data would be a highly difficult and uncertain task. Without knowing the algorithm, without knowing the plaintext, given only some ciphertext and keys, the cryptanalyst faces a steep uphill battle. Most academic cryptanalysis is done with knowledge of the algorithm, often knowledge of the plaintext, with the goal of recovering keys. Here we have a key and want to recover the algorithm. But there is far more variation possible in algorithms than keys; and without knowing the algorithm there is no way to analyze it and know what weaknesses to look for. The best that can be done is to start doing blind statistical tests on the ciphertext in the desperate hope that some pattern or correlation to the plaintext will show up to give the analyst a foothold. What was actually done, of course, is that the algorithm was derived in some other way, probably through reverse engineering of one of the decrypting players. Once that was done the cryptographers were able to study and analyze the algorithm and find weaknesses which they could exploit. This is familiar ground for modern cryptanalysts. It would be absurd to attempt what EFF calls the "simple" process of deducing the algorithm just from the data and keys. (And they didn't have the keys, anyway.) We see that virtually every part of the excerpt above from the EFF brief is mistaken and misleading. It is astonishingly bad given that they had advice and support from a number of people knowledgeable about cryptography. If the judge is relying on the EFF and its supporters as technical experts on cryptography, he's having the wool pulled over his eyes. Hopefully cypherpunks who know better will have the objectivity to speak up when the EFF as well as the DVD-CCA makes misleading technical comments.

**Follow-Ups**:**Re: EFF misstatements in DeCSS brief***From:*[email protected] (David Wagner)

- Prev by Date:
**Re: Internet Threat To Israel, Say Rabbis** - Next by Date:
**Re: Jim Bovard Article in Playboy- February 2000 Issue** - Prev by thread:
**Pawnbroker.com Update** - Next by thread:
**Re: EFF misstatements in DeCSS brief** - Index(es):