Broadcast encryption

From Wikipedia, the free encyclopedia

Broadcast encryption is the cryptographic problem of encrypting broadcast content (e.g. TV programs) in such a way that only qualified users (e.g. subscribers who've paid their fees) can decrypt the content. The challenge arises from the requirement that unsubscription of some users should not affect the remaining users. The problem is further complicated by the fact that there is typically more than one data stream ("channel"), each of which may have a different set of subscribers. Several solutions exist offering various tradeoffs between the increase in the size of the broadcast, the number of keys that each user needs to store, and the feasiblity of an unqualified user or a collusion of unqualified users being able to decrypt the content.

The problem of rogue users sharing their decryption keys with unqualified users is mathematically insoluble. Traitor tracing algorithms aim to minimize the damage by retroactively identifying the user or users who leaked their keys, so that punitive measures, legal or otherwise, may be undertaken. In practice, pay TV systems often employ set-top boxes with tamper-resistant smart cards that impose physical restraints on a user learning their own decryption keys. Some schemes, such as AACS allow the provider to eliminate any desired subset of users from being able to use the service by arranging keys in a binary tree. Each item has a branch from a node to the root whose keys it does not know. If the master secret is encrypted with one of those keys it will not be able to be decrypted. Blu-ray and HD DVD both use this scheme.

[edit] See also