1 / 56

What ~1.25 turned out to be or Complex poles and DVDs

What ~1.25 turned out to be or Complex poles and DVDs. Ilya Mironov Microsoft Research, SVC October 3 rd , 2003. One-to-One Communications. Alice. Bob. One-to-Many Communications. Alice. Bob. Carl. Zing. One-to-Many Communications. Alice. Bob. Carl. Zing.

charo
Download Presentation

What ~1.25 turned out to be or Complex poles and DVDs

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. What ~1.25 turned out to beorComplex poles and DVDs Ilya Mironov Microsoft Research, SVC October 3rd, 2003

  2. One-to-One Communications Alice Bob

  3. One-to-Many Communications Alice Bob Carl Zing

  4. One-to-Many Communications Alice Bob Carl Zing

  5. One-to-Many Communications Alice Bob Carl Zing

  6. One-to-Many Communications Alice Bob Carl Zing

  7. Broadcast Alice Bob Carl Zing

  8. Broadcast Alice Bob Carl Zing

  9. Real Life Examples of Broadcast • Pay-per-view • Satellite radio, TV (“dishes”) • DVD players Stateless receivers

  10. k Broadcast encryption source k k k k k k k k k k receivers  Very little overhead  One rogue user compromises the whole system

  11. Broadcast encryption source k1, k2, k3, k4, k5,…, kn k1 k2 k3 k4 k5 k6 k7 … kn receivers broadcast E[k1,k], E[k2,k],…, E[kn,k], E[k,M]

  12. Broadcast encryption source k1, k2, k3, k4, k5,…, kn k1 k2 k3 k4 k5 k6 k7 … kn receivers  Simple user revocation  Too many keys

  13. Botched attempts • CSS (most famous for the DeCSS crack) • CPRM (IBM, Intel, Matsushita, Toshiba) Can revoke only 10,000 devices in 3Mb

  14. S4 S5 S3 Subset-cover framework(Naor-Naor-Lotspiech’01) S1 S7 S8 S6 S2

  15. S4 S5 u S3 Subset-cover framework(Naor-Naor-Lotspiech’01) receiver u knows keys: k3 k5 k4 S1 S7 S8 S6 S2

  16. Key distribution • Based on some formal characteristic: e.g., DVD player’s serial number • Using some real-life descriptors: • CMU students/faculty • researchers • Pennsylvania state residents • college-educated

  17. Broadcast using subset cover S10 S8 S1 S6 S3 S5 header uses k1, k3, k5, k6, k8, k10

  18. Subtree difference All receivers are associated with the leaves of a full binary tree k0 k00 k01 k0…0 k0…1 k1…1

  19. Subtree differences special set Si,j i j

  20. Subtree difference

  21. Subtree difference

  22. Subtree difference

  23. Subtree difference

  24. Subtree difference

  25. Subtree difference

  26. Subtree difference

  27. Subtree difference

  28. Greedy algorithm • Easy greedy algorithm for constructing a subtree cover for any set of revoked users

  29. Greedy algorithm • Find a node such that both of its children have exactly one revoked descendant

  30. Greedy algorithm • Add (at most) two sets to the cover

  31. Greedy algorithm • Revoke the entire subtree

  32. Greedy algorithm • Could be less than two sets

  33. Average-case analysis • R - number of revoked users C – number of sets in the cover C ≤ 2R-1 • averaged over sets of fixed size [NNL’01] E[C] ≤ 1.38R • simulation experiments give [NNL’01] E[C] ~ R 1.25

  34. Hypothesis 1.25… = 5/4

  35. Different Model • Revoke each user independently at random with probability p

  36. Exact formula If a user is revoked with probability p«1: where

  37. Exact formula If a user is revoked with probability p«1: where

  38. Asymptotic E[C]/E[R] 1.24511 p

  39. Asymptotic E[C]/E[R] 1.2451134… 1.2451114… p

  40. Exact formula If a user is revoked with probability p«1: where

  41. Singularities of f Function f cannot be analytically continued beyond the unit disk

  42. One approach 5 pages of dense computations – series, o, O, lim, etc. produce only the constant term

  43. Mellin transform

  44. Approximation For small q where

  45. The Mellin Transform Poles at 0, -1, -2, -3, … and

  46. Complex poles … -3 -2 -1 0

  47. Mellin transform

  48. Approximation where p = 1-q

  49. Asymptotic E[C]/E[R] 1.2451134… 3log2 4/3 1.2451114… p

  50. Average-case analysis R - number of revoked users C – number of sets in the cover If a user is revoked with probability p«1: E[C] ≈ 1.24511 E[R]

More Related