eWeek: Cryptography Guru Paul Kocher Speaks Out

Sampo Syreeni decoy at iki.fi
Thu May 1 07:58:26 EDT 2003 

On 2003-05-01, Sidney Markowitz uttered to cryptography at metzdowd.com:

>Clearly anyone who would go to the trouble of using five or more players
>to extract the watermark and make an untraceable copy for widespread
>distribution would also not be stopped by having to buy a player for cash
>or steal one or borrow one and sacrifice its eventual ability to play
>movies made after some future date.

Yes, but we can also do with less.

Say we want to attack a maximally redundant inaudible watermark in audio.
The first step would likely be to bring the best variable rate audio codec
we can find to bear on the file. That'll seriously limit the stego
bandwidth available, and with a good probability kill shorter term
redundancy in the embedded mark. After all, the goal of lossy compression
is to remove as much inaudible redundancy as possible and substitute it
with arbitrary noise upon decompression. After that there's still a slim
margin of redundancy which hasn't been removed and can contain stego data,
but it will take a signal considerably longer than the original to detect
the mark with a decent rate of false positives. Mounting a successful
averaging attack no longer requires as many copies -- you might well get
along with two or three per tune. Where do we get those copies cheaply?

>From P2P users, provided we can guarantee that the network will not easily
surrender individual, complete, watermarked copies which would facilitate
extraction. Two simple approaches I can come up with (for uncompressed
data) are

 1) enforced swarming which guarantees that any downloaded copy of a song
    will always be composed of a random selection of blocks drawn from at
    least n originals, and
 2) building the averaging operation into the network itself, so that only
    copies averaged over at least n originals are actually retrievable.

So I'll agree with Nomen Nescio. It's difficult to see how all the
different kinds of holes cooperative attacks bring about might be plugged
when the intelligence required can be freely shared in the form of
specialised P2P software.
-- 
Sampo Syreeni, aka decoy - mailto:decoy at iki.fi, tel:+358-50-5756111
student/math+cs/helsinki university, http://www.iki.fi/~decoy/front
openpgp: 050985C2/025E D175 ABE5 027C 9494 EEB0 E090 8BA9 0509 85C2

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list