Public Key Cryptography - Page 4

Jack B Nimble · 03-27-2008, 06:56 PM

Actually, your suggestion reminds me of the DRM already being used by eReader (formerly PalmReader). There is no limitation to the actual device, or the number of them. You download an encrypted file, access it on any machine that can run eReader, but rather than a PK, you need to use your credit card number the first time to decrypt the info. Obviously, this creates a disincentive to distributing the file.

Still limits you to the eReader software, but since that is available on a variety of platforms, the limitation is minor, if you use just those platforms.

My problem with your suggestion is that it assumes we could get all the vendors to agree on one standard format, with one standard way of locking the file if the vendor insisted. The same idea was essentially behind the OpenReader project, and if you have never heard of OpenReader, that should tell you how well they did. Sadly, for a variety of reasons, the content owners refuse to standardize in any way. Even a series of books, from one author and one publisher, may vary from one book to another as to which formats they make available.

Sounds like a simple oversight, but then they refuse to correct it... That goes beyond a standards issue. I cannot decide if it is outright sabotage or simply idiocy.

Jack

moz · 03-27-2008, 07:36 PM

Quote:

Originally Posted by tompe

What I do not get is why you need this for the transmission.

I think it's "I can't solve the actual problem, so I'll make up an easier one and solve that".

Taylor514ce · 03-27-2008, 07:54 PM

I said I was done, but had to respond to that last shot, moz.

FACT: Piracy is an insoluble problem, from a technical standpoint. At some point, a book has to be readable to be a BOOK. Readable books can be copied. Period.

Where does that leave us? With

1) Publishers (and authors) who need a reasonable degree of protection, and the ability to treat an e-book sale as they would a paper book sale.

2) Consumers who want to be able to own their e-book (rather that "license" it), and not be limited to a specific device.

An encryption system meets those needs. Public Key cryptography is proven, is in use every day, and has an existing infrastructure. If the example of webmail doesn't clarify things for you, nothing further I say will, either. The fact that the idea has merit is its use by some publishers already, as other members have explained.

I'm all for intelligent debate, but won't engage in a battle of wits with the unarmed.

moz · 03-27-2008, 09:32 PM

Quote:

Originally Posted by Taylor514ce

1) Publishers (and authors) who need a reasonable degree of protection, and the ability to treat an e-book sale as they would a paper book sale.

You haven't suggested how PKI can do this, but several of us have suggested that it can't. You've successfully come up with a complex replacement for HTTPS and that's all.

moz · 03-27-2008, 09:46 PM

Quote:

Originally Posted by Taylor514ce

anyone can see what? No one can log into my webmail and read my emails except me, unless I give away my password.

I send you encrypted email. You decrypt it. You forward it without re-encrypting it. No more protection.

Or, I send you an encrypted book. You decrypt it. You forward it without re-encrypting it. No more protection.

For example, I send you "book.txt" which is PKI encrypted with your public key. You promptly decrypt it using your private key. Now you have a copy of "book.txt", and it was sent to you using PKI. What you do with that file is entirely up to you.

Does that make more sense now?

The scenario I thought you were addressing is: Honest Bob and Dodgy Dave each buy a copy of "I Need Food" by Some P Sucker. The publisher desires to both send copies to both, and prevent them sending copies of the books to their friends.

DRM attempts to do this by locking the book to a device or a piece of software. So Dodgy Dave sends a copy of the book (and the software if necessary) to Crafty Chris, and that's fine, but when set up it does not work.

PKI helps a little with "send copies to both", in that Awful Alice can't snoop the transmission and get the book that way, since she won't talk to Dave or Bob. But Crafty Chris asks Dodgy Dave for an unencrypted copy of the book and Dodgy Dave sends it, because the PKI software is designed to make it easy for Dodgy Dave to Decrypt the Data.

Taylor514ce · 03-27-2008, 11:02 PM

Nothing about this discussion is about the security of the transmission. I'm sure your points would be interesting, if that's what we were discussing.

You've also obviously completely failed to grasp the nature of individual private keys. I suggest again "The Code Book", as an entertaining history of cryptography, and a layman's non-technical introduction to public key cryptography.

For myself, however, the topic is over. I appreciated Kovid's agreement and understanding, Peter's cogent comment on the mindset of publishers, and the posters who pointed out examples of this system already in practice.

But feel free to continue to talk about how it doesn't prevent piracy, and how once "the key" is "cracked" the whole system is broken.

Peter Sorotokin · 03-28-2008, 12:20 AM

Now, risking to be accused of doublespeak again, but I think that you go in circles because you do not want to talk about "license". To design "DRMish" system, you need to have somewhere a statement of what can be done with the content (e.g. who can open it). Encryption is almost a distraction there. As long as all programs agree to honor the license, the system works. Now, some programs won't honor it and open the content anyway or fake the license or allow you to save decrypted content, but these will exist no matter what. That's a legal, not technical problem. (Encryption just makes that legal problem a bit simpler to solve). Fonts had "embedding" bit for long time and it mostly works, although it can be easily defeated with any binary editor.

moz · 03-28-2008, 12:50 AM

Quote:

Originally Posted by Taylor514ce

Nothing about this discussion is about the security of the transmission.You've also obviously completely failed to grasp the nature of individual private keys.

Where did that come from? At every stage I've assumed that every person was using a unique pair of keys. If you misunderstood my comment about sending encrypted documents to multiple people, I apologise for that being ambiguous. If I rephrase that as "send separately encrypted copies to both such that each intended recipient can only decrypt the version addressed to them" does that make it clearer?

Can you explain again how encrypting something so that only I can decrypt it stops me from sharing it once I've decrypted it? That's where I get confused.

llasram · 03-28-2008, 08:17 AM

Quote:

Originally Posted by Taylor514ce

You've also obviously completely failed to grasp the nature of individual private keys. I suggest again "The Code Book", as an entertaining history of cryptography, and a layman's non-technical introduction to public key cryptography.

I don't know about moz, but I've implemented RSA myself (just for fun -- not a serious implementation). I'm pretty sure I've got a good handle on the basic principles of asymmetric cryptography, and I think moz does too. We're really not being intentionally obtuse here, and I'm really not trying to be mean or flamey, but I think you've got some misapprehension about the workings of asymmetric crypto.

I think the misunderstanding is that you think that the fact that each individual has their own public/private keypair means that no single universal tool like ConvertLIT for MSLIT or mobidedrm for Mobipocket can be written. Is this the issue?

Taylor514ce · 03-28-2008, 09:38 AM

<sigh> I can't just quit the discussion, it appears.

@Ilasram: in fact, I am a programmer and have been involved in online systems since the pre-Compuserve era. Trust me, I understand cryptography, compression, OCR, etc. and have written systems ranging from online tax appraisal databases for governments to complete online ecommerce sites from the ground up. I've also been involved in print and publishing for decades, engineering RIPs, OCR software, developing fonts, multi-media content distribution, and so on. I emphatically do not think that individual private keys prevent universal reader applications from being written. In fact, one of the appealing features of the PK-based system is that just the opposite is true.

@Peter: "Now, some programs won't honor it and open the content anyway or fake the license or allow you to save decrypted content, but these will exist no matter what. That's a legal, not technical problem. (Encryption just makes that legal problem a bit simpler to solve)." Exactly. Thank you.

@moz: "Can you explain again how encrypting something so that only I can decrypt it stops me from sharing it once I've decrypted it? That's where I get confused." I would suggest the confusion comes in because 1) I never did explain this, so cannot explain it again and in fact 2) have explicitly stated several times that stopping pirates from sharing their decrypted files isn't possible and isn't what we're talking about. Perhaps you're in the wrong thread?

For latecomers to the thread, please at least read post #1, #8, and maybe #22 and #30 before asking me to explain "again" how this prevents piracy, or before you point out the fatal flaw in the system: at some point you'll actually be able to read your book and thus can copy it!

OH, you got me.

llasram · 03-28-2008, 11:04 AM

Quote:

Originally Posted by Taylor514ce

@Ilasram: in fact, I am a programmer and have been involved in online systems since the pre-Compuserve era.

Eep. Sorry for assuming that good poetry interfered with programming

.

Oh, and it's actually "llasram" with an "LL."

Quote:

Originally Posted by Taylor514ce

I emphatically do not think that individual private keys prevent universal reader applications from being written. In fact, one of the appealing features of the PK-based system is that just the opposite is true.

Ah. I became confused when you said this:

Quote:

Originally Posted by Taylor514ce

Writing a public key encryption/decryption program isn't exactly trivial - so nothing in this system makes it "easy" to remove the DRM.

This system would even be stronger that today's typical DRM systems, because there would be no single universal "code cracker". A program to decrypt my books wouldn't work on your books.

Ok, but ignoring that, I think I understand you now -- that the idea is in fact to just make working within the protection scheme sufficiently convenient that most users have no reason to attempt to escape it. I still don't see the benefits of asymmetric crypto in such a system, but *shrug*.

Taylor514ce · 03-28-2008, 11:33 AM

LLasram. Yes, that was vague. To decrypt my books, I need my key. My key doesn't decrypt your books. That was my point. As for a universal "crack" to break any PK-encrypted file... good luck with that. So what would a pirate do? He'd decrypt his books and upload them. He wouldn't bother writing a stand-alone universal decryption program. Every Reader application would already do that.

Yes, if you could read your own books on your own devices, why "remove" the encryption? Particularly if that would force you onto an unsupported reader application...

I think the scheme also satisfies some concerns of the publisher.

The biggest flaw in the system is that you can't give away books you're done using. Since they are keyed to you, you can't buy a book for your friend. If you want to poke holes, Moz, there's one the size of my giant robot head.

tompe · 03-28-2008, 11:34 AM

Quote:

Originally Posted by llasram

Ok, but ignoring that, I think I understand you now -- that the idea is in fact to just make working within the protection scheme sufficiently convenient that most users have no reason to attempt to escape it. I still don't see the benefits of asymmetric crypto in such a system, but *shrug*.

I would be very worried about loosing the private key in such a system so i would like do decrypt the files as fast as possible. DRM does not suffer from this disadvantage since there is no private key there.

Taylor514ce · 03-28-2008, 11:42 AM

Quote:

Originally Posted by tompe

I would be very worried about loosing the private key in such a system so i would like do decrypt the files as fast as possible. DRM does not suffer from this disadvantage since there is no private key there.

Quote:

Originally Posted by Myself from the very first post

What if I lose my key? Most key's are generated via a seed value, such as a simple password. For example WEP encryption on WiFi routers use a seed value. That's why you can have several different computers on your home WiFi network, but exclude all of your neighbors. If you lose your key, you can regenerate it (usually).

[...at least 5 characters to satisfy the forum software]

Taylor514ce · 03-28-2008, 11:47 AM

Quote:

Originally Posted by llasram

Eep. Sorry for assuming that good poetry interfered with programming

.

Not mutually exclusive at all... in fact, good programming is poetry.

03-27-2008, 11:02 PM	#51
Taylor514ce Actively passive. Posts: 2,042 Karma: 478376 Join Date: Feb 2008 Location: US Device: Sony PRS-505/LC	Nothing about this discussion is about the security of the transmission. I'm sure your points would be interesting, if that's what we were discussing. You've also obviously completely failed to grasp the nature of individual private keys. I suggest again "The Code Book", as an entertaining history of cryptography, and a layman's non-technical introduction to public key cryptography. For myself, however, the topic is over. I appreciated Kovid's agreement and understanding, Peter's cogent comment on the mindset of publishers, and the posters who pointed out examples of this system already in practice. But feel free to continue to talk about how it doesn't prevent piracy, and how once "the key" is "cracked" the whole system is broken. Last edited by Taylor514ce; 03-27-2008 at 11:10 PM.

03-28-2008, 09:38 AM	#55
Taylor514ce Actively passive. Posts: 2,042 Karma: 478376 Join Date: Feb 2008 Location: US Device: Sony PRS-505/LC	<sigh> I can't just quit the discussion, it appears. @Ilasram: in fact, I am a programmer and have been involved in online systems since the pre-Compuserve era. Trust me, I understand cryptography, compression, OCR, etc. and have written systems ranging from online tax appraisal databases for governments to complete online ecommerce sites from the ground up. I've also been involved in print and publishing for decades, engineering RIPs, OCR software, developing fonts, multi-media content distribution, and so on. I emphatically do not think that individual private keys prevent universal reader applications from being written. In fact, one of the appealing features of the PK-based system is that just the opposite is true. @Peter: "Now, some programs won't honor it and open the content anyway or fake the license or allow you to save decrypted content, but these will exist no matter what. That's a legal, not technical problem. (Encryption just makes that legal problem a bit simpler to solve)." Exactly. Thank you. @moz: "Can you explain again how encrypting something so that only I can decrypt it stops me from sharing it once I've decrypted it? That's where I get confused." I would suggest the confusion comes in because 1) I never did explain this, so cannot explain it again and in fact 2) have explicitly stated several times that stopping pirates from sharing their decrypted files isn't possible and isn't what we're talking about. Perhaps you're in the wrong thread? For latecomers to the thread, please at least read post #1, #8, and maybe #22 and #30 before asking me to explain "again" how this prevents piracy, or before you point out the fatal flaw in the system: at some point you'll actually be able to read your book and thus can copy it! OH, you got me. Last edited by Taylor514ce; 03-28-2008 at 09:51 AM.

03-28-2008, 11:33 AM	#57
Taylor514ce Actively passive. Posts: 2,042 Karma: 478376 Join Date: Feb 2008 Location: US Device: Sony PRS-505/LC	LLasram. Yes, that was vague. To decrypt my books, I need my key. My key doesn't decrypt your books. That was my point. As for a universal "crack" to break any PK-encrypted file... good luck with that. So what would a pirate do? He'd decrypt his books and upload them. He wouldn't bother writing a stand-alone universal decryption program. Every Reader application would already do that. Yes, if you could read your own books on your own devices, why "remove" the encryption? Particularly if that would force you onto an unsupported reader application... I think the scheme also satisfies some concerns of the publisher. The biggest flaw in the system is that you can't give away books you're done using. Since they are keyed to you, you can't buy a book for your friend. If you want to poke holes, Moz, there's one the size of my giant robot head. Last edited by Taylor514ce; 03-28-2008 at 11:38 AM.

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Shorty key on my K3	pen_sq	Amazon Kindle	1	09-04-2010 12:34 PM
What in the world is a key file?	surrealmind	IMP	2	04-08-2010 12:21 AM
Unutterably Silly The key to understanding Texans	Nate the great	Lounge	84	08-14-2009 10:51 AM
access key	RandallFlagg	Calibre	4	03-25-2009 11:50 AM
Free Cryptography book by MIT Press	Colin Dunstan	Deals and Resources (No Self-Promotion or Affiliate Links)	3	10-06-2004 09:47 AM

03-27-2008, 06:56 PM	#46
Jack B Nimble Groupie Posts: 154 Karma: 672 Join Date: Oct 2006 Device: Tapwave Zodiac, eBookwise 1150	Actually, your suggestion reminds me of the DRM already being used by eReader (formerly PalmReader). There is no limitation to the actual device, or the number of them. You download an encrypted file, access it on any machine that can run eReader, but rather than a PK, you need to use your credit card number the first time to decrypt the info. Obviously, this creates a disincentive to distributing the file. Still limits you to the eReader software, but since that is available on a variety of platforms, the limitation is minor, if you use just those platforms. My problem with your suggestion is that it assumes we could get all the vendors to agree on one standard format, with one standard way of locking the file if the vendor insisted. The same idea was essentially behind the OpenReader project, and if you have never heard of OpenReader, that should tell you how well they did. Sadly, for a variety of reasons, the content owners refuse to standardize in any way. Even a series of books, from one author and one publisher, may vary from one book to another as to which formats they make available. Sounds like a simple oversight, but then they refuse to correct it... That goes beyond a standards issue. I cannot decide if it is outright sabotage or simply idiocy. Jack

03-27-2008, 07:54 PM	#48
Taylor514ce Actively passive. Posts: 2,042 Karma: 478376 Join Date: Feb 2008 Location: US Device: Sony PRS-505/LC	I said I was done, but had to respond to that last shot, moz. FACT: Piracy is an insoluble problem, from a technical standpoint. At some point, a book has to be readable to be a BOOK. Readable books can be copied. Period. Where does that leave us? With 1) Publishers (and authors) who need a reasonable degree of protection, and the ability to treat an e-book sale as they would a paper book sale. 2) Consumers who want to be able to own their e-book (rather that "license" it), and not be limited to a specific device. An encryption system meets those needs. Public Key cryptography is proven, is in use every day, and has an existing infrastructure. If the example of webmail doesn't clarify things for you, nothing further I say will, either. The fact that the idea has merit is its use by some publishers already, as other members have explained. I'm all for intelligent debate, but won't engage in a battle of wits with the unarmed.

03-28-2008, 12:20 AM	#52
Peter Sorotokin speaking for myself Posts: 139 Karma: 2166 Join Date: Feb 2008 Location: San Francisco Bay Area Device: PRS-505	Now, risking to be accused of doublespeak again, but I think that you go in circles because you do not want to talk about "license". To design "DRMish" system, you need to have somewhere a statement of what can be done with the content (e.g. who can open it). Encryption is almost a distraction there. As long as all programs agree to honor the license, the system works. Now, some programs won't honor it and open the content anyway or fake the license or allow you to save decrypted content, but these will exist no matter what. That's a legal, not technical problem. (Encryption just makes that legal problem a bit simpler to solve). Fonts had "embedding" bit for long time and it mostly works, although it can be easily defeated with any binary editor.