In Pay TV applications an encrypted (scrambled) broadcast stream forms a ciphertext ‘C’ that is decrypted (descrambled) in a broadcast receiver to obtain a descrambled broadcast stream ‘M’. Typically, multiple broadcast receivers receive the same broadcast stream and decrypt the broadcast stream with the same key (Control Word) ‘CW’. The value of the CW is updated regularly and is delivered to the receivers in encrypted form in an entitlement control message ‘ECM’ that can be decrypted by authorized subscribers.
ECM processing can be implemented in various manners. FIG. 1a shows an example wherein ECM processing is implemented in a smartcard, which uses hardware tamper resistance techniques to provide a secured execution environment. Decryption of the broadcast stream C is implemented in a hardware circuit 301 of a chip in a receiver 101 for the obtainment of a descrambled broadcast stream, denoted by ‘M’. A secure client 201 is implemented in hardware of the smartcard for obtaining a CW from an ECM. Hardware tamper resistance technology secures the implementation against attacks.
FIG. 1b shows an alternative example, wherein ECM processing is based on software techniques. The software runs as a software secure client 202 in a receiver 102 and loads the keys (CWs) into a hardware descrambler 301 of the receiver 102 in encrypted form based on a key hierarchy loaded in the descrambler chip.
FIG. 1c shows another alternative example, wherein the both a secure client 202 and a descrambling function 302 of a receiver 103 are implemented in software. The software implemented receiver 103 lacks a hardware hook, such as e.g. a chipset unique key ‘CSUK’ or a chipset serial number ‘CSSN’ stored in a read-only memory of a chipset. As a result, the descrambling function 302 cannot be restricted to a particular receiver based on such hardware hook, making the software implemented receiver 302 more vulnerable to hacking attacks.
FIG. 2a shows an example of a descrambler module. A ciphertext C is decrypted in the descrambler module 303 with a fixed key K into a plaintext M. The key K is embedded or preloaded in the descrambler module 303.
FIG. 2b shows an alternative descrambler module, wherein several instances of a descrambler module 304 can be made by loading values of K from an external source.
Many existing broadcast descrambling algorithms, such as DVB (digital video broadcasting), DES (data encryption standard) and AES (advanced encryption standard), are based on block ciphers. Block ciphers operate by dividing an input ciphertext stream in fixed sized blocks. Each block is processed by repeatedly applying a relatively simple function. This approach is known as iterated block cipher. Each iteration is called a round, and the repeated function is called a round function. Typical block ciphers have 4 to 32 rounds.
FIG. 3 shows a typical inner working of a prior art iterated block cipher 305 as may be used as the descrambling module 304 of FIG. 2b. A ciphertext C is received and divided in blocks. Each block of ciphertext C is processed over ‘n’ rounds into the plaintext message ‘M’. Each round ‘r’ receives its own round key ‘RKr’ as input, which is calculated from the original key ‘K’ in a key schedule module 501. In whitebox cryptography, each block cipher round module 4011,4012 is typically implemented using a sequence of table lookup operations hiding the value of the key ‘K’ and the roundkeys ‘RKr’.
Alternatively, a fixed-key variant using a descrambling module 303 as shown in FIG. 2a may be used in the iterated block cipher 305. The key schedule module 501 as shown in FIG. 3 is then replaced by a module embedding a fixed input ‘RKr’ to each round.
A block cipher round module 4011,4012 as shown in FIG. 3 is shown in more detail in FIG. 4. The block cipher round function 401 contains two modules that operate in sequence. A diffusion module 601 modifies an input Cr-1 randomly. The thus obtained C′r-1 is input to a confusion module 701. The purpose of the confusion module 701 is to mix the round key RKr with the ciphertext C′r-1, making it mandatory to provide the relevant round key RKr to produce the output Cr for the next decryption round.
A block cipher round module may be personalized by having a unique function, in whitebox cryptography typically using a table-driven lookup implementation, that performs the confusion function. An example of a prior art table-driven lookup implementation will be described in more detail with FIG. 7.
A whitebox iterated block cipher using AES encryption is known from “White-Box Cryptography and an AES Implementation” by S. Chow, P. Eisen, H. Johnson, P. C. van Oorschot, Proceedings of the 9th Annual Workshop on Selected Areas in Cryptography, August 2002. In the whitebox implementation of AES each block cipher round consists of four parts: SubBytes, ShiftRows, MixColumns and AddRoundKey. The first three parts correspond to the operations in the diffusion module and the AddRoundKey part is comparable to the confusion module.
To protect intermediate values that are passed from one module to the next from being interceptable, whitebox iterated block cipher implementations typically apply a random permutation to the output of lookup tables (see also FIG. 7), and the inverse of that permutation to the input of a next lookup table.
A simplified block cipher 306 applying a random permutation consisting of two rounds in block cipher round modules 4021 and 4022 and with a block and key size of two bits is shown in FIG. 5. In FIG. 6 a block cipher round module 402 is shown in mode detail. In FIG. 5 each arrow represents a dataflow of two bits. In FIG. 6 each arrow represents a single bit data flow. The diffusion module 602 swaps the two bits of input Cr-1 and replaces the second bit by their binary sum (XOR). The thus obtained C′r-1 is input to the confusion module 702. The confusion module 702 performs a binary addition (XOR) of the two input bits of C′r-1 with the relevant bit of the round key RKr. With reference to FIG. 5, the key schedule module 502 receives a key K and generates the two round keys ‘RK1=K’ and ‘RK2=K ⊕ 10’ where ‘10’ denotes a binary vector and ⊕ is a XOR operation.
A simplified example of a whitebox lookup table driven implementation 307 of the simplified block cipher 306 of FIG. 5 and FIG. 6 is shown in FIG. 7. In the example of FIG. 7, the key schedule module 503 receives a binary key ‘K=11’ and expands the key K into two round keys: ‘RK1=11’ and ‘RK2=01’ using a table lookup. The table lookup is visualized by the predefined paths following a particular key input. Following the arrows for key input K=11, the two round keys 11 and 01 are found. For the input ciphertext, in this example having a binary value ‘C=11’, the first block cipher round module 4031 uses a table lookup in the diffusion module 603 to produce the intermediary output ‘C′032 10’, which is input to the confusion module 703. The confusion module 703 adds the round key RK1 resulting in the output ‘C1=01’ that is input to the second block cipher round module 4032. In the second block cipher round module 4032, in a similar manner the diffusion module 603 obtains ‘C′1=11’ and the confusion module 703 obtains ‘C2=10’. The second block cipher round module 4032 generates the cleartext message ‘M’ as the output of the block cipher decryption operation: ‘M=C2=10’.
As an alternative to using block ciphers as broadcast descrambling algorithm, stream ciphers and public key cryptosystems are known.
FIG. 17 shows a typical inner working of a prior art stream cipher 308 as may be used as an alternative descrambling module 304 of FIG. 2b. A setup module 5041 initializes the internal state of the cipher in a manner known per se. Initialization typically involves an initial vector (IV) that is loaded into a keyed internal secret state of the cipher, after which a number of cipher rounds is executed on an input key K prior to releasing an initialized key to the next module. A key expansion module 5042 creates an expanded key EK from the initialized key to match the size of the ciphertext C. The expanded key EK is provided to a XOR module 404, where an input ciphertext C is descrambled using a XOR operation with the expanded key EK.
FIG. 20 shows a typical inner working of a prior art public key cipher 309 as may be used as another alternative descrambling module 304 of FIG. 2b. An exponentiation module 505 processes an input key K, typically by applying a modular exponentiation like ‘EK=GK mod N’. The thus obtained expanded key EK is input to a decipher module 4052 for deciphering an input ciphertext C. As part of the deciphering of ciphertext C, the ciphertext C may be modified in modification module 4051 into an intermediate ciphertext C1 prior to being input to the decipher module 4052.
A known problem in Pay TV application is the redistribution of CW key values using broadband communication infrastructures such as the Internet. Hackers intercept CW values and insert the CW values into a redistribution infrastructure, e.g. using a peer-to-peer network. Unauthorized receivers obtain the appropriate CW key values from the redistribution infrastructure and use the thus obtained CW values to decrypt a broadcast stream. More specifically, intercepted keys are used in unauthorized whitebox descrambler modules for the decryption of a ciphertext.