Slashdot Mirror

← Back to Stories (view on slashdot.org)

Encrypting Digital Music With Multiple Keys

Posted by michael on from the mix-and-mash dept.

Orne writes: "The New York Times has an article about mathematicians at Brown who have patented a new music encryption system that is based on cycling encryption keys. '... a typical three-minute song could be scrambled into 180 different codes; anyone taking the time to break a single code would be rewarded with only one second of music.'" I'm not going to try to parse the math behind it, but advances like this are why I advocate laws to protect fair use of copyrighted materials -- sooner or later a successful crypto-system to prevent all non-permitted use of materials will be developed, complete with tamper-proof hardware in your PC, and then where will we be?

6 of 306 comments (clear)

  1. This is quite likely not a big deal... by X · · Score: 5

    Reasons why this is not a big deal:

    • It's not the first time someone thought they'd come up with a new, ultra-fast encryption algorithm which proved to be completely useless once it was rigorously tested by the outside world.
    • Having tons of keys to encrypt mutliple parts of a piece of music is essentially indistinguishable from just using one really long key to encrypt the same material. Perhaps this helps skirt encryption export laws, but beyond that it really doesn't buy you significantly better protection.
    • It's quite likely there is a brute force attack that allows you to attack all keys simultaneously. Indeed, from the sounds of it you would think the individual key lengths would be quite short, making this approach much more viable.
    • I see nothing with this technique that provides protections for music after it's been decrypted, so I don't know why they are talking about applying it to music specifically. There must be something more that the article missed. Nonetheless, this doesn't prevent people from intercepting the playback signal and recording that. For that you'll need tamper-proof speakers.
    • Can you imagine the key-management insanity of generating and transmitting all these keys? I would imagine it would signficantly increase the total download size of whatever you were grabbing to the point where people would get annoyed. They say that this is based on PK-crypto, but I don't see how it'd would work (does someone publish 50,000 personal public keys or something? doesn't this crowd the keyspace?).
    • No link to a white paper. Not a good sign.
    --
    sigs are a waste of space
  2. But This is Useless... by dew · · Score: 5
    The ultimate point is that crypto is useless in this application. Hackers won't try to break the keys, they'll just record the digital output, such as is trivial to do with a SoundBlaster Live! card - it's a handy and trivial way to break any cryptosystem, because no matter how you protect the music, you've ultimately got to send the raw data to sound card and that's pretty trivial to intercept.

    So the sum of this is that it's ultimately a futile endeavor, regardless of how they rotate keys or whatnot. The folks at Emusic are selling hundreds of times more music than anyone else and none of their stuff is encrypted -- did you know that half their board came from PGP: Pretty Good Privacy, the crypto folks? And that Gene, their CEO, is a longtime cypherpunk? So why is it, you should ask yourself, that some of the most knowledgeable crypto people in the world would start the only online music sales outfit to sell *unencrypted* dowloads?

    Maybe because they understand what crypto is really for.

    Crypto is for keeping secrets between parties that desire to keep that information a secret. If A wants to tell B something, he can use crypto to prevent some C from listening in that both A and B don't want hearing the information. But if B desires to share this information with other parties, there is fundamentally, long-term nothing that can be done to protect B from sharing it. Crypto is only useful at protecting information if all parties who know the secret want to keep it a secret.

    So ultimately, any attempt to protect publicly-published data (books, movies, music) with crypto is going to fail; it's fundamentally untenable.

    David E. Weekly

    --

    David E. Weekly
    Code / Think / Teach / Learn
    h4x0r for

  3. BFD. by griffjon · · Score: 5

    Oh, fantastic. another unbreakable cryptosystem to secure digital music. yea. Not that I can't play it, and loop it back directly in with no loss of quality into another system. ooooh. who cares if it's encrypted??? If the consumer can listen to is, the consumer can record it. Simple. No technological controls will ever, ever prevent pirating.

    While this cryptosystem sounds really cool technologically (possibly very powerful encryption) a) the cryptographic element of security is never the one broken--if you have five trillion brass-plated locks on your steel, reinforced door, people break through the window, for look for the key in one of those stupid rocks by the side of the door. b) cryptography is great for security and privacy and integrity, but is helpless against willful copyright violation by a cryptographically-authenticated party (like, say, the consumer).

    And in any case, there is nothing to get consumers to move 100% to this system, as opposed to trading MP3s. even if bill gates includes DRM into windows, people will use Linux, or FreeBSD, or not throw their 'old' computers away and keep them for functionality sake to play mp3s and whatnot.

    in short, cool idea, useless for the purpose.

    --
    Returned Peace Corps IT Volunteer
  4. I thought we LIKED this? by Kintanon · · Score: 5

    I thought slashdotters liked strong crypto and innovative crypto and anything else that could be used to keep the government out of your hair. Why are we getting our panties in a bunch that someone else might get to use crypto too?
    If, as we've stated many many times, the RIAA is obsolete then they will have no use for this technology because they won't have any music to encrypt. The musicians will all be using this to encrypt the songs they are selling off of their websites. Does anyone have a problem with the musicians profiting from their work and using this to enforce how something they created is used? Not I.

    Kintanon

    --
    Check out JoshJitsu.info for Brazilian Ji
  5. The first step is denial... by MostlyHarmless · · Score: 5

    Remember, denial always comes right before going kaputski. Remember the disney movies? The Humorous Sidekick always tells the bad guy: "Umm... what if they Exploit Badguy's One Huge Weakness?" The Generic Evil Bad Guy will then laugh and say: "Nonsense. They would never be able to... " At that point, he is obliterated.

    This can be extended as an analogy to the recording industry. First, they think "nobody will ever like this mp3 stuff". Then they pretend to ignore its spread. Once they realize that things are going to hell in the proverbial handbasket, they introduce their weak attempt at mimicking this.

    It's very simple. Any music released in this format will never be used. Period. As long as they still sell the CD, people will still get it in mp3 format. And if they only release it in a digital encrypted format, then nobody will buy it. No matter what, the recording industry is doomed.


    --
    Friends don't let friends misuse the subjunctive.
  6. Where well be by cybercuzco · · Score: 5
    sooner or later a successful crypto-system to prevent all non-permitted use of materials will be developed, complete with tamper-proof hardware in your PC, and then where will we be?

    We'll be in the same place we are now, very simple, just take audio out from your computer, use a double male line to the audio in port, and record onto mp3 or whatever replaces it, encryption scheme bypassed. if you can _LISTEN_ to music, you can get around any and all encryption of it.

    --