Let’s continue our discussion of AACS (the encryption scheme used on HD-DVD and Blu-Ray discs) and how it is starting to break down. In Monday’s post I gave some background on AACS and the newly released BackupHDDVD tool.
Recall that AACS decryption goes in two steps. First, the player device uses its device keys to decrypt the disc’s header, thereby getting a title key that is unique to the disc. Then the player uses the title key to decrypt the movie. The BackupHDDVD program does only the second step, so it is worthless unless you can somehow get the title key of the disc you want to access.
But decryption tools will evolve. Somebody will make an online database of title keys, and will modify BackupHDDVD so it automatically consults that database and gets the title keys it needs. This new decryption program will be able to decrypt any disc whose title key appears in the database. This decryption software and database don’t exist yet, but they seem inevitable.
It’s interesting to compare this system with an alternative that distributes decrypted movies. One difference is that a 16-byte title key is much smaller and easier to distribute than a huge movie file – even a dialup line will be able to download title keys in the blink of an eye. Of course, the title key is useful only if you have access to a disc (or a copy of the full encrypted contents of a disc), so some kinds of infringement will be easier with movie files than with title keys. Title keys will, however, be enough to enable in-home fair use.
But where will title keys come from? Probably they’ll be captured by reverse-engineering a player. Every player device, when decrypting a disc, must recover the title key and store it somewhere in the player’s memory, so that the title key can be used to decrypt the movie’s contents. A skilled engineer who works hard enough will be able to find and extract that stored title key. This will probably be easier to do for software players that run on PCs, and somewhat more difficult for dedicated player boxes; but in either case it will be possible. An engineer who extracts a key can upload it to the online database or share it with his friends.
There are economies of scale in key extraction. Having extracted the title keys for a few discs, the engineer will learn how and where the keys can be found and will have a much easier time extracting keys from other discs. Eventually, the extraction might be automated, so he need only insert a disc into his player and then activate a key-extractor device (or program) that he built.
Alternatively, he might try to extract the device keys from his player device. If he can do this, then he can write a software program that can do everything his player can do, including decrypting disc headers and extracting title keys from them. In other words, his program will be able to do both steps of AACS decryption.
Once he has device keys, he could in principle publish them (or equivalently publish a program containing them), thereby allowing everybody to extract title keys and decrypt discs. But if he does this, the AACS central authority will learn which device keys he is using and will blacklist those keys, which will prevent those keys from decrypting discs manufactured in the future. (The next post will discuss the blacklisting mechanism in more detail.)
So the engineer, if he is clever, won’t necessarily publish everything he knows. The more he publishes, the more he helps others freely use their discs – but the more he also helps the central authority fight back. This leads to an interesting strategic game between the engineer and the central authority, which we’ll explore in the next post.