eWeek: Cryptography Guru Paul Kocher Speaks Out
Nomen Nescio
nobody at dizum.com
Wed Apr 30 14:20:04 EDT 2003
> eWEEK: I understand that you also found a way to trace illegal copies
> back to their original owners.
>
> Kocher: If you just use a watermark for forensic purposes, it can be
> made provably secure. You can apply this to digital content. As
> decryption occurs, we can encode little differences. Each player has
> different keys and decrypts differently. The code in the content will
> decide how that happens. If you copy it, we can trace it to the
> original owner. Then the studio can take measures to prevent future
> movies from playing in that player. We're building a
> stalemate. Attackers will break the security, but then the content
> owner can have countermeasures.
Given that Kocher is one of the smartest and savviest security experts
out there, how can he make absurd statements like those above? We've
discussed here how impractical these watermarking systems are, how easy
it is to identify and remove the watermarks, given just a few systems.
His "provably secure" example worked fine with four conspirators, but
totally fell apart with five, as we saw. This is a general property of
traitor tracing type watermarking schemes. The provable security is
meaningless in the real world, because the limitations assumed in the
proofs are too easy to beat.
Surely someone with Kocher's qualifications knows this. Is he being
duplicitous, exaggerating the beneficial properties of his system in
the hopes of passing off shoddy work to his clients, or perhaps with
some political goal of misleading the content companies into using
worthless cryptography? That seems highly unlikely, given his usual
personal integrity.
Or is it possible that our technical analyses are mistaken, and that
it is actually possible to program devices to watermark the content
they play in such a manner that the marks can't be practically removed?
If so, what is the secret?
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list