Xbox Private Key Distributed Computing Project

aeiz writes "The Neo Project has added "The Xbox Public Key Challenge" to it's distributed computing client. The aim is to compute the 2048 bit private key that Microsoft uses to sign Xbox media. If it is a success, modchips wouldn't be necessary. Now many Xbox hacking and scene sites have started groups in order to compete with one another." gee, only 2048 bits? No problem *cough cough*.

Relating..

[Karamchand]

Could anyone of you tell how much time/processnig power this will need in comparisson to things like the RSA challenge?
Thank you.

Re:Relating..

[DarkZero]

I know only a little bit about encryption, so I may be completely talking out of my ass here (and feel free to educate me if I am), but I noticed this one point that you mentioned:

The RC5-64 project was able to brute force a key in 1757 days using 58,747,597,657 work units tested the winning key was found!

1,757 days is nearly 5 years, meaning that the project would have had to have started five years ago in order to have already been finished. My memory of where, exactly, computers were in 1997-1998 (depending on when the project finished, I'm not sure) is a little fuzzy, but I remember that in mid-1999, a 700mhz Pentium 3 was considered "high end" and the average Dell/Gateway type of computer was running a low-end processor like a Cyrix at roughly 200-300mhz. By comparison, it isn't out of the ordinary to find a 1.6-2ghz processor in a consumer PC right now and the sort of geeks that would make up a decent portion of this project probably have much faster processors than that and a lot more RAM. In addition to that, if Moore's Law were to hold, processors would be improving by at least 2ghz per year from now on instead of the 500-700mhz that they were in 1999.

So really, doesn't the RC5-64 project essentially just show us the length of the race track without giving us any data about the speed of the cars that will be driving on it?

Gee...

[salimma]

1. Provided Microsoft uses a proper public key infrastructure, brute-forcing this thing could potentially take forever

2. This so that you can feel good subverting an X-Box by making it run Linux

3. By that time the hardware would be definitely obsolete, or X-Box 2 would be out with programs signed with a different key

4. And in any case, buying the X-Box already helps Microsoft. The more units sold, the more games developed.

5. There are tons of other worthwhile distributed computing projects to do out there - Folding@Home, SETI@Home, Mersenne Prime Search etc.

Grow up folks! Running Linux on a hacked X-Box is cool, yes, but this might be going too far...

Re:But...

[Tom7]

Why would it? The relevant section of the DMCA only bans the circumvention of mechanisms that control access to a copyrighted work. The private key itself isn't such a mechanism, as far as I know, though programs that use it probably would be. The DMCA is a bit vague, but it isn't so vague that it outlaws every possible kind of "hacking."

It's a good idea to read the DMCA (http://www4.law.cornell.edu/uscode/17/1201.html), because in fact Microsoft or someone probably would make DMCA threats against this kind of activity. In that case it's good to understand the law, because such a letter often sounds pretty convincing and scary!

Re:But...

[anthony_dipierro]

The private key isn't a mechanism? Isn't that the essence of DeCSS?

I think certainly distribution of the actual private key would violate the DMCA. But does distribution of keys which are not the private key qualify? I doubt it.

Re:How is this thing done anyhow?

[exhilaration]

Would it be possible to re-use some already signed code from an existing game?

You'd run into copyright infringement issues - the signed code would be property of the copyright owner, and redistributing it would almost definitely be illegal. No need to take chances; I'm sure Microsoft's IP lawyers are looking for any excuse they can to take this project down.

Lets try a little calculation...

[markbthomas]

Let's assume we want to find the key in about one year.

The keyspace is 2^2048. This means that to find it on average in one year, we need to search (2^2048)/2 keys.

There are 365 * 24 * 60 * 60 = 31536000 seconds in a year. A current machine, say 2 GHz, will not be able to check keys any faster than 2 billion per second (in practice the number would be much lower than this, but it cannot be any higher, ignoring chips which can parallelise operations). This means we can check 63072000000000000 keys per machine per second.

This means we need:

( (2048^2)/2 divided by 63072000000000000 ) machines to participate.

That's:
256191385014832313076443403480704210746 79812491847 0034501286984934080\
5360450587494704242882065172 6173015536181603483336 1032784430099655323\
2423908579595405498527942459 9902489291405217648393 6232454940842516362\
7883076229723065910368797710 4019484459166088424059 6873702316740293441\
5552151969860441431944756023 7127342032430926831573 9828884343009334529\
2378237199258154020627668325 9628831104499868523479 9854643717630057264\
7428213934658612248791246642 4010974519290044145762 9590988748658836010\
6319531783273982390734283246 1834647652719112497108 8586363327032331220\
1716731957297646596715233805 68862609019439636890

That's a lot of machines. In fact, every person in the world would need to have:
4088182880916853059137581913995608598938002 0574938 1512491823325275367\
0039983761093737657581366182 3437132028369300928737 2136090488973662885\
0749520857823194202487813723 5281529166119647272954 3623272112620364581\
9171026696185476725881661520 6188703489047492973236 7903825810597884676\
0087066526446068063036669029 6494498088117693882712 8484532375726579806\
8929812355659309066834995984 8375737098966810233408 2736619960338101994\
5191141043929531602040535969 8321364177283871960956 9923672820142531423\
1154135179174732484135445198 3247750938845967420404 6551928328834053889\
0325273138153871592525085498 7565463644
machines.

Good luck :)