[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: EFF misstatements in DeCSS brief




In article <[email protected]>,
David Wagner <[email protected]> wrote:
> In article <[email protected]>,
> lcs Mixmaster Remailer  <[email protected]> wrote:
> > Even if these complete misstatements of the facts were correct, we are
> > then presented with the claim that given large samples of encrypted
> > data and valid decryption keys, "the task of determining what decryption
> > process will give back the original data is simple for those skilled in
> > the art of cryptanalysis."
>
> My reading of the EFF brief was that they were arguing that
> reverse engineering the CSS is "simple for those skilled in
> the art", and especially more so when ciphertexts, key material,
> and knowledge of plaintext data formats are readily available
> to the reverse engineer.  In my experience, that claim is right
> on the money.  (`simple yet tedious' might be slightly more
> descriptive, but `simple' is close enough.)

First, it is not at all reasonable to read the EFF brief as saying that
reverse engineering is simple.  The sentences immediately before the
excerpts quoted earlier read:

: Plaintiff alleges on information and belief, and without giving any
: additional facts to support its contention, that the unknown third
: parties who originally disseminated the information about the CSS and its
: weaknesses must have gained that information by "reverse engineering"
: a particular piece of software, made by XING Co. (Complaint, para 43).
: As we show through the affidavits of highly competent informants
: accompanying this brief in opposition to their motion, there is no basis
: whatever for their conclusion.

The EFF is therefore trying to cast doubt on the "reverse engineering"
theory, not endorsing it.  They go on to claim that given the DATA and
the KEYS, the task of determining the DECRYPTION PROCESS is simple
for those skilled in the art.  This is not at all a description of
reverse engineering.  It is blind cryptanalysis, without access to an
algorithmic description, which is surely one of the most difficult tasks
a cryptanalyst would face.

The EFF brief further makes the point:

: CSS was designed as weak cryptography.  CSS's 40-bit key-length
: fell below what is generally considered to be secure.  This inherent
: vulnerability was aggravated by the fact that each one of the millions
: of DVDs circulated around the globe contains all 400 keys, each DVD
: contains an example of ciphertext (the scrambled video image) and
: each DVD gives a clear indication of what the plaintext is supposed to
: look like (the unscrambled video -- the movie "Titanic" for example).
: Those three elements -- the keys, the ciphertext and the plaintext -
: are related mathematically by the algorithm.  Deducing the algorithm
: and thereby breaking the code is simply a matter of reasonable diligence.2

Once again we see the claim that deducing the algorithm was possible
given just the ciphertext and keys, with the plaintext now being added as
one of the ingredients.  All it takes is "reasonable diligence" to
deduce the algorithm given this information.  Another completely false
claim.

One of the key issues here is whether reverse engineering was done.
The EFF appears to be trying to deny that this happened by claiming that
there is an alternative route to deriving the algorithm.  This would be
an important legal argument but it is completely false.

> Are you suggesting that the brief is intentionally set out to
> deceive the court?  If so, that'd be very bad form, but I didn't
> get that impression at all -- I didn't notice anything nefarious
> or deceptive in the EFF brief.

It's not clear, it may simply be that EFF misunderstands the situation.
But one can't help noticing that the error is in a direction that helps
the EFF case.  By falsely describing the ease with which the "decryption
process" may be deduced just from what is on the DVDs, it implies that
the reverse engineering question is not even relevant.  It is awfully
convenient that EFF's "mistake" just happens to undercut one of the key
arguments of their opponent.

> Maybe the confusion comes from the brief's usage of the word
> "cryptanalysis".  I agree that many people in the field probably
> wouldn't use the word "cryptanalysis" to include "reverse engineering",
> but it's a close call, and I guess so long as you pick a consistent
> usage, either choice is ok.  (Technically speaking, it's not clear
> whether the brief was arguing that anyone skilled in the art of
> cryptanalysis is also likely to be skilled enough at reverse engineering,
> or whether they were including reverse engineering as part of
> cryptanalysis, but either way, I don't see any major problems.)
>
> Am I overlooking something?

You are overlooking the EFF's attempt to argue that the decryption
algorithm could have been deduced without reverse engineering, requiring
only "reasonable diligence", given the ciphertext and keys, and that this
would be a "simple" task for a skilled cryptanalyst.