What ~1.25 turned out to be or Complex poles and DVDs Ilya Mironov Microsoft Research, SVC October 3...

What ~1.25 turned out to What ~1.25 turned out to bebeoror

Complex poles and DVDsComplex poles and DVDsIlya MironovIlya Mironov

Microsoft Research, SVCMicrosoft Research, SVC

October 3October 3rdrd, 2003, 2003

One-to-One One-to-One CommunicationsCommunications

Alice Bob

One-to-Many One-to-Many CommunicationsCommunications

Alice

Bob Carl Zing

BroadcastBroadcast

Alice

Bob Carl Zing

Real Life Examples of Real Life Examples of BroadcastBroadcast

Pay-per-viewPay-per-view Satellite radio, TV (“dishes”)Satellite radio, TV (“dishes”) DVD playersDVD players

Stateless receivers

Broadcast encryptionBroadcast encryption

source

receivers

k

k k k k k k kk k

k

One rogue user compromises the whole system

Very little overhead


source

receivers

k1, k2, k3, k4, k5,…, kn

k1

k2 k3 k4 k5 k6 k7 kn

…

broadcast E[k1,k], E[k2,k],…, E[kn,k], E[k,M]


source

receivers

k1, k2, k3, k4, k5,…, kn

k1

k2 k3 k4 k5 k6 k7 kn

…

Too many keys Simple user revocation

Botched attemptsBotched attempts

CSS (most famous for the DeCSS CSS (most famous for the DeCSS crack)crack)

CPRM (IBM, Intel, Matsushita, CPRM (IBM, Intel, Matsushita, Toshiba) Can revoke only 10,000 Toshiba) Can revoke only 10,000 devices in 3Mbdevices in 3Mb

Subset-cover frameworkSubset-cover framework (Naor-Naor-Lotspiech’01)(Naor-Naor-Lotspiech’01)

S3

S5

S6

S1

S2S4

S7

S8

Subset-cover frameworkSubset-cover framework (Naor-Naor-Lotspiech’01)(Naor-Naor-Lotspiech’01)

S3

S5

S6

S1

S2S4

S7

S8

k3 k4k5

u

receiver u knows keys:

Key distributionKey distribution

Based on some formal characteristic: Based on some formal characteristic: e.g., DVD player’s serial numbere.g., DVD player’s serial number

Using some real-life descriptors:Using some real-life descriptors:— CMU students/facultyCMU students/faculty— researchersresearchers— Pennsylvania state residentsPennsylvania state residents— college-educatedcollege-educated

Broadcast using subset Broadcast using subset covercover

S3

S5

S6

S1S8

S10

header uses k1, k3, k5, k6, k8, k10

Subtree differenceSubtree differenceAll receivers are associated with theleaves of a full binary tree k0

k00 k01

k0…0 k0…1 k1…1

Subtree differencesSubtree differences

i

j

special set Si,j

Subtree differenceSubtree difference

Greedy algorithmGreedy algorithm

Easy greedy algorithm for Easy greedy algorithm for constructing a subtree cover for any constructing a subtree cover for any set of revoked usersset of revoked users


Find a node such that both of its Find a node such that both of its children have exactly one revoked children have exactly one revoked descendantdescendant


Add (at most) two sets to the coverAdd (at most) two sets to the cover


Revoke the entire subtreeRevoke the entire subtree


Could be less than two setsCould be less than two sets

Average-case analysisAverage-case analysis

R - number of revoked usersR - number of revoked users

C – number of sets in the coverC – number of sets in the cover

C ≤ 2R-1C ≤ 2R-1 averaged over sets of fixed size averaged over sets of fixed size

[NNL’01][NNL’01]

E[C] ≤ 1.38RE[C] ≤ 1.38R simulation experiments give [NNL’01]simulation experiments give [NNL’01]

E[C] ~ RE[C] ~ R1.251.25

HypothesisHypothesis

1.25… = 5/41.25… = 5/4

Different ModelDifferent Model

Revoke each user independently at Revoke each user independently at random with probability prandom with probability p

Exact formulaExact formula

2 2 2

0

[ ] 1lim 2 2 (1 ) ,

[ ] 1

k kk

nk

E Cq q q

E R q

where 1 1.q p

If a user is revoked with probability If a user is revoked with probability p«1:p«1:


2 2 2

0

[ ] 1lim 2 2 (1 ) ,

[ ] 1

k kk

nk

E Cq q q

E R q

where


(...)f 1 1.q p

AsymptoticAsymptotic

0

0.25

0.5

0.75

1

1.25

1.5

0 0.25 0.5 0.75 1p

1.245111.24511

E[C]/E[R]


E[C]/E[R]1.2451134…1.2451134…

1.2451114…1.2451114…

1.24509

1.245095

1.2451

1.245105

1.24511

1.245115

0 0.000005 0.00001

p


2 2 2

0

[ ] 1lim 2 2 (1 ) ,

[ ] 1

k kk

nk

E Cq q q

E R q

where 1 .q p


(...)f

Singularities of Singularities of ff

Function Function ff cannot be analytically cannot be analytically continued beyond the unit diskcontinued beyond the unit disk

One approachOne approach

5 pages of dense computations – 5 pages of dense computations – series, o, O, lim, etc.series, o, O, lim, etc.

produce only the constant termproduce only the constant term

Mellin transformMellin transform

* 1

0( ) ( ) ( ) sf x f s f x x dx

* * 11( ) ( ) ( )

2

c i s

c if s f s f s x ds

i

ApproximationApproximation

where 1 0x q

For small qFor small q

2 2 2 2 2 2

0 0

( ) 2 (1 ) 2 (1 )k k k kk k x x

k k

f q q q e e

The Mellin TransformThe Mellin Transform

* 1(1 )

1( ) ( )(1 2 3 )

1 2s s

sf s s

Poles at 0, -1, -2, -3, … and 2 / ln 2 1ki

Complex polesComplex poles

0-1-2-3

(1 )

1

1 2 s

1( )(1 2 3 )s ss

2 / ln 2 1ki

…

Mellin transformMellin transform

* 1

0( ) ( ) ( ) sf x f s f x x dx

* * 11( ) ( ) ( )

2

c i s

c if s f s f s x ds

i

ApproximationApproximation

22 log2 2

\{0}

( ) 3log 4 / 3 ( 2 log )

( ),

ki p

k

f q ki p e

o p

where p = 1-qwhere p = 1-q


E[C]/E[R]1.2451134…1.2451134…

1.2451114…1.2451114…3log2 4/3

1.24509

1.245095

1.2451

1.245105

1.24511

1.245115

0 0.000005 0.00001

p

Average-case analysisAverage-case analysis

R - number of revoked usersR - number of revoked users

C – number of sets in the coverC – number of sets in the cover

If a user is revoked with probability p«1:If a user is revoked with probability p«1:

E[C] ≈ 1.24511 E[R]E[C] ≈ 1.24511 E[R]

Knuth and de BruijnKnuth and de Bruijn

Solution communicated by de Bruijn Solution communicated by de Bruijn to Knuth for analysis of the radix-to Knuth for analysis of the radix-exchange sort algorithm (vol. 3, 1exchange sort algorithm (vol. 3, 1stst ed, p. 131)ed, p. 131)

De Bruijn, Knuth, Rice, “The average De Bruijn, Knuth, Rice, “The average height of planted plane trees,” 1972height of planted plane trees,” 1972

Further readingFurther reading

Flajolet, Gourdon, Dumas, “Mellin Flajolet, Gourdon, Dumas, “Mellin transform and asymptotics: transform and asymptotics: Harmonics sums”, Theor. Comp. Sc., Harmonics sums”, Theor. Comp. Sc., 123(2), 1994123(2), 1994

Back-up slidesBack-up slides

HalevyHalevy--Shamir schemeShamir scheme

Noticed that subtree differences are Noticed that subtree differences are decomposable:decomposable:

HalevyHalevy--Shamir schemeShamir scheme

Fewer special sets reduce memory Fewer special sets reduce memory requirement on receiversrequirement on receivers

ImprovementImprovement

For practical parameters save For practical parameters save additionally 20% compared to the additionally 20% compared to the Halevy-Shamir schemeHalevy-Shamir scheme

What ~1.25 turned out to be or Complex poles and DVDs Ilya Mironov Microsoft Research, SVC October 3...

Documents

Transcript of What ~1.25 turned out to be or Complex poles and DVDs Ilya Mironov Microsoft Research, SVC October 3...