Common Scrambling Algorithm
From Wikipedia, the free encyclopedia
The Common Scrambling Algorithm (or CSA) is the encryption algorithm used in the DVB digital television broadcasting for encrypting video streams.
CSA was specified by ETSI and adopted by the DVB consortium in May 1994. CSA was largely kept secret until 2002. The patent papers gave some hints, but important details remained secret, like the layout of the so-called S-boxes. Without these, free implementations of the algorithm were out of question. Initially, CSA was to remain implemented in hardware only. This would have made it difficult to reverse engineer existing implementations.
In 2002 FreeDec was released, implementing CSA in software. Though released as binary only, disassembly revealed the missing details and allowed reimplementation of the algorithm in higher programming languages.
With CSA now publicly known in its entirety, cryptanalysts started looking for weaknesses. Like in other encryption algorithms a weak spot arises inasmuch that parts of the message are known or at least easily predictable, like MPEG headers. The length of the key of 64 bits allows 264 different possibilities of encryption. A brute force attack taking 1 μs for each try through all possible key words would take around 300,000 years, on average. This can be reduced by using the predictable parts of the encrypted message to rule out potential keys.
While CSA algorithm uses 64-bit keys, in reality only 48 bits of key are unknown, since bytes 3 and 7 are used as checksum bytes and may be easily recalculated. This fact allows practical space-time tradeoff attack when 32 bits are brute-forced, 16 bits are calculated with memory tables built from ciphertext and 16 bits calculated as checksum with running time O(216)+O(232) which can be less than a second if implemented in FPGA hardware or on scalable architecture like cell processor.
Were CSA to be broken, encrypted DVB transmissions would be decipherable, regardless of any proprietary conditional access system used. This could seriously compromise paid digital television services, as DVB has been standardised on for digital terrestrial television in Europe and elsewhere, and is used by many satellite television providers. No attack has yet been published, however.
[edit] External links
[edit] References
- Kai Wirt, Fault attack on the DVB Common Scrambling Algorithm, November 2003, Cryptology ePrint Archive: Report 2004/289 [1].