Presentation is loading. Please wait.

Presentation is loading. Please wait.

What ~1.25 turned out to be or Complex poles and DVDs Ilya Mironov Microsoft Research, SVC October 3 rd, 2003.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "What ~1.25 turned out to be or Complex poles and DVDs Ilya Mironov Microsoft Research, SVC October 3 rd, 2003."— Presentation transcript:

1 What ~1.25 turned out to be or Complex poles and DVDs Ilya Mironov Microsoft Research, SVC October 3 rd, 2003

2 One-to-One Communications AliceBob

3 One-to-Many Communications Alice BobCarlZing

4 One-to-Many Communications Alice BobCarlZing

5 One-to-Many Communications Alice BobCarlZing

6 One-to-Many Communications Alice BobCarlZing

7 Broadcast Alice BobCarlZing

8 Broadcast Alice BobCarlZing

9 Real Life Examples of Broadcast Pay-per-view Pay-per-view Satellite radio, TV (“dishes”) Satellite radio, TV (“dishes”) DVD players DVD players Stateless receivers

10 Broadcast encryption source receivers k kk k kk kk k k k  One rogue user compromises the whole system  Very little overhead

11 Broadcast encryption source receivers k 1, k 2, k 3, k 4, k 5,…, k n k1k1 k2k2 k3k3 k4k4 k5k5 k6k6 k7k7 knkn … broadcast E[k 1,k], E[k 2,k],…, E[k n,k], E[k,M]

12 Broadcast encryption source receivers k 1, k 2, k 3, k 4, k 5,…, k n k1k1 k2k2 k3k3 k4k4 k5k5 k6k6 k7k7 knkn …  Too many keys  Simple user revocation

13 Botched attempts CSS (most famous for the DeCSS crack) CSS (most famous for the DeCSS crack) CPRM (IBM, Intel, Matsushita, Toshiba) Can revoke only 10,000 devices in 3Mb CPRM (IBM, Intel, Matsushita, Toshiba) Can revoke only 10,000 devices in 3Mb

14 Subset-cover framework (Naor-Naor-Lotspiech’01) S3S3 S5S5 S6S6 S1S1 S2S2 S4S4 S7S7 S8S8

15 S3S3 S5S5 S6S6 S1S1 S2S2 S4S4 S7S7 S8S8 k3k3 k4k4 k5k5 u receiver u knows keys:

16 Key distribution Based on some formal characteristic: e.g., DVD player’s serial number Based on some formal characteristic: e.g., DVD player’s serial number Using some real-life descriptors: Using some real-life descriptors: — CMU students/faculty — researchers — Pennsylvania state residents — college-educated

17 Broadcast using subset cover S3S3 S5S5 S6S6 S1S1 S8S8 S 10 header uses k 1, k 3, k 5, k 6, k 8, k 10

18 Subtree difference All receivers are associated with the leaves of a full binary tree k0k0 k 00 k 01 k 0…0 k 0…1 k 1…1

19 Subtree differences i j special set S i,j

20 Subtree difference

21

22

23

24

25

26

27

28 Greedy algorithm Easy greedy algorithm for constructing a subtree cover for any set of revoked users Easy greedy algorithm for constructing a subtree cover for any set of revoked users

29 Greedy algorithm Find a node such that both of its children have exactly one revoked descendant Find a node such that both of its children have exactly one revoked descendant

30 Greedy algorithm Add (at most) two sets to the cover Add (at most) two sets to the cover

31 Greedy algorithm Revoke the entire subtree Revoke the entire subtree

32 Greedy algorithm Could be less than two sets Could be less than two sets

33 Average-case analysis R - number of revoked users R - number of revoked users C – number of sets in the cover C ≤ 2R-1 averaged over sets of fixed size [NNL’01] averaged over sets of fixed size [NNL’01] E[C] ≤ 1.38R simulation experiments give [NNL’01] simulation experiments give [NNL’01] E[C] ~ R 1.25

34 Hypothesis 1.25… = 5/4

35 Different Model Revoke each user independently at random with probability p Revoke each user independently at random with probability p

36 Exact formula where If a user is revoked with probability p«1:

37 Exact formula where If a user is revoked with probability p«1:

38 Asymptotic p 1.24511 E[C]/E[R]

39 Asymptotic 1.2451134… 1.2451114… p

40 Exact formula where If a user is revoked with probability p«1:

41 Singularities of f Function f cannot be analytically continued beyond the unit disk

42 One approach 5 pages of dense computations – series, o, O, lim, etc. produce only the constant term

43 Mellin transform

44 Approximation where For small q

45 The Mellin Transform Poles at 0, -1, -2, -3, … and

46 Complex poles 0-2-3 …

47 Mellin transform

48 Approximation where p = 1-q

49 Asymptotic E[C]/E[R] 1.2451134… 1.2451114… 3log 2 4/3 p

50 Average-case analysis R - number of revoked users C – number of sets in the cover If a user is revoked with probability p«1: E[C] ≈ 1.24511 E[R]

51 Knuth and de Bruijn Solution communicated by de Bruijn to Knuth for analysis of the radix- exchange sort algorithm (vol. 3, 1 st ed, p. 131) Solution communicated by de Bruijn to Knuth for analysis of the radix- exchange sort algorithm (vol. 3, 1 st ed, p. 131) De Bruijn, Knuth, Rice, “The average height of planted plane trees,” 1972 De Bruijn, Knuth, Rice, “The average height of planted plane trees,” 1972

52 Further reading Flajolet, Gourdon, Dumas, “Mellin transform and asymptotics: Harmonics sums”, Theor. Comp. Sc., 123(2), 1994 Flajolet, Gourdon, Dumas, “Mellin transform and asymptotics: Harmonics sums”, Theor. Comp. Sc., 123(2), 1994

53 Back-up slides

54 Halevy-Shamir scheme Noticed that subtree differences are decomposable: Noticed that subtree differences are decomposable:

55 Halevy-Shamir scheme Fewer special sets reduce memory requirement on receivers Fewer special sets reduce memory requirement on receivers

56 Improvement For practical parameters save additionally 20% compared to the Halevy-Shamir scheme For practical parameters save additionally 20% compared to the Halevy-Shamir scheme

Download ppt "What ~1.25 turned out to be or Complex poles and DVDs Ilya Mironov Microsoft Research, SVC October 3 rd, 2003."

Similar presentations

Explicit Exclusive Set Systems with Applications to Broadcast Encryption David Woodruff Joint with Craig Gentry and Zulfikar Ramzan To appear in FOCS 2006.

Explicit Exclusive Set Systems with Applications to Broadcast Encryption David Woodruff Joint with Craig Gentry and Zulfikar Ramzan To appear in FOCS 2006.
Explicit Exclusive Set Systems with Applications to Broadcast Encryption David P. Woodruff MIT FOCS 2006 Craig Gentry Stanford Zulfikar Ramzan Symantec.

Explicit Exclusive Set Systems with Applications to Broadcast Encryption David P. Woodruff MIT FOCS 2006 Craig Gentry Stanford Zulfikar Ramzan Symantec.
A Survey of Key Management for Secure Group Communications Celia Li.

A Survey of Key Management for Secure Group Communications Celia Li.
Hadi Goudarzi and Massoud Pedram

Hadi Goudarzi and Massoud Pedram
Fast Algorithms For Hierarchical Range Histogram Constructions

Fast Algorithms For Hierarchical Range Histogram Constructions
Analysis of Algorithms

Analysis of Algorithms
Broadcast Encryption – an overview Niv Gilboa – BGU 1.

Broadcast Encryption – an overview Niv Gilboa – BGU 1.
A Framework for Secure Data Aggregation in Sensor Networks Yi Yang Xinran Wang, Sencun Zhu and Guohong Cao The Pennsylvania State University MobiHoc’ 06.

A Framework for Secure Data Aggregation in Sensor Networks Yi Yang Xinran Wang, Sencun Zhu and Guohong Cao The Pennsylvania State University MobiHoc’ 06.
Information Networks Small World Networks Lecture 5.

Information Networks Small World Networks Lecture 5.
On The Algebraic Structure of Combinatorial Broadcast Encryption Schemes and Applications Serdar Pehlivanoglu (pay-live-a-no-glue) Joint work with Aggelos.

On The Algebraic Structure of Combinatorial Broadcast Encryption Schemes and Applications Serdar Pehlivanoglu (pay-live-a-no-glue) Joint work with Aggelos.
The Cache Location Problem. Overview TERCs Vs. Proxies Stability Cache location.

The Cache Location Problem. Overview TERCs Vs. Proxies Stability Cache location.
Ad-Hoc Networks Beyond Unit Disk Graphs

Ad-Hoc Networks Beyond Unit Disk Graphs
Tirgul 10 Rehearsal about Universal Hashing Solving two problems from theoretical exercises: –T2 q. 1 –T3 q. 2.

Tirgul 10 Rehearsal about Universal Hashing Solving two problems from theoretical exercises: –T2 q. 1 –T3 q. 2.
Content Protection for Recordable Media Florian Pestoni IBM Almaden Research Center.

Content Protection for Recordable Media Florian Pestoni IBM Almaden Research Center.
CSE 326: Data Structures Lecture #11 B-Trees Alon Halevy Spring Quarter 2001.

CSE 326: Data Structures Lecture #11 B-Trees Alon Halevy Spring Quarter 2001.
Rooted Trees. More definitions parent of d child of c sibling of d ancestor of d descendants of g leaf internal vertex subtree root.

Rooted Trees. More definitions parent of d child of c sibling of d ancestor of d descendants of g leaf internal vertex subtree root.
B + -Trees (Part 1) Lecture 20 COMP171 Fall 2006.

B + -Trees (Part 1) Lecture 20 COMP171 Fall 2006.
B + -Trees (Part 1). Motivation AVL tree with N nodes is an excellent data structure for searching, indexing, etc. –The Big-Oh analysis shows most operations.

B + -Trees (Part 1). Motivation AVL tree with N nodes is an excellent data structure for searching, indexing, etc. –The Big-Oh analysis shows most operations.
B + -Trees (Part 1) COMP171. Slide 2 Main and secondary memories  Secondary storage device is much, much slower than the main RAM  Pages and blocks.

B + -Trees (Part 1) COMP171. Slide 2 Main and secondary memories  Secondary storage device is much, much slower than the main RAM  Pages and blocks.
CSE 326: Data Structures B-Trees Ben Lerner Summer 2007.

CSE 326: Data Structures B-Trees Ben Lerner Summer 2007.

Similar presentations

Ads by Google