(original) (raw)

%!PS-Adobe-2.0 %%Creator: dvips(k) 5.86d Copyright 1999 Radical Eye Software %%Title: h1.dvi %%Pages: 8 %%PageOrder: Ascend %%BoundingBox: 0 0 596 842 %%DocumentFonts: Times-Roman Times-Italic Times-Bold Symbol %%EndComments %DVIPSWebPage: (www.radicaleye.com) %DVIPSCommandLine: dvips -o h1.ps h1.dvi %DVIPSParameters: dpi=600, compressed %DVIPSSource: TeX output 2001.08.03:0027 %%BeginProcSet: texc.pro %! /TeXDict 300 dict def TeXDict begin/N{def}def/B{bind def}N/S{exch}N/X{S N}B/A{dup}B/TR{translate}N/isls false N/vsize 11 72 mul N/hsize 8.5 72 mul N/landplus90{false}def/@rigin{isls{[0 landplus90{1 -1}{-1 1}ifelse 0 0 0]concat}if 72 Resolution div 72 VResolution div neg scale isls{ landplus90{VResolution 72 div vsize mul 0 exch}{Resolution -72 div hsize mul 0}ifelse TR}if Resolution VResolution vsize -72 div 1 add mul TR[ matrix currentmatrix{A A round sub abs 0.00001 lt{round}if}forall round exch round exch]setmatrix}N/@landscape{/isls true N}B/@manualfeed{ statusdict/manualfeed true put}B/@copies{/#copies X}B/FMat[1 0 0 -1 0 0] N/FBB[0 0 0 0]N/nn 0 N/IEn 0 N/ctr 0 N/df-tail{/nn 8 dict N nn begin /FontType 3 N/FontMatrix fntrx N/FontBBox FBB N string/base X array /BitMaps X/BuildChar{CharBuilder}N/Encoding IEn N end A{/foo setfont}2 array copy cvx N load 0 nn put/ctr 0 N[}B/sf 0 N/df{/sf 1 N/fntrx FMat N df-tail}B/dfs{div/sf X/fntrx[sf 0 0 sf neg 0 0]N df-tail}B/E{pop nn A definefont setfont}B/Cw{Cd A length 5 sub get}B/Ch{Cd A length 4 sub get }B/Cx{128 Cd A length 3 sub get sub}B/Cy{Cd A length 2 sub get 127 sub} B/Cdx{Cd A length 1 sub get}B/Ci{Cd A type/stringtype ne{ctr get/ctr ctr 1 add N}if}B/id 0 N/rw 0 N/rc 0 N/gp 0 N/cp 0 N/G 0 N/CharBuilder{save 3 1 roll S A/base get 2 index get S/BitMaps get S get/Cd X pop/ctr 0 N Cdx 0 Cx Cy Ch sub Cx Cw add Cy setcachedevice Cw Ch true[1 0 0 -1 -.1 Cx sub Cy .1 sub]/id Ci N/rw Cw 7 add 8 idiv string N/rc 0 N/gp 0 N/cp 0 N{ rc 0 ne{rc 1 sub/rc X rw}{G}ifelse}imagemask restore}B/G{{id gp get/gp gp 1 add N A 18 mod S 18 idiv pl S get exec}loop}B/adv{cp add/cp X}B /chg{rw cp id gp 4 index getinterval putinterval A gp add/gp X adv}B/nd{ /cp 0 N rw exit}B/lsh{rw cp 2 copy get A 0 eq{pop 1}{A 255 eq{pop 254}{ A A add 255 and S 1 and or}ifelse}ifelse put 1 adv}B/rsh{rw cp 2 copy get A 0 eq{pop 128}{A 255 eq{pop 127}{A 2 idiv S 128 and or}ifelse} ifelse put 1 adv}B/clr{rw cp 2 index string putinterval adv}B/set{rw cp fillstr 0 4 index getinterval putinterval adv}B/fillstr 18 string 0 1 17 {2 copy 255 put pop}for N/pl[{adv 1 chg}{adv 1 chg nd}{1 add chg}{1 add chg nd}{adv lsh}{adv lsh nd}{adv rsh}{adv rsh nd}{1 add adv}{/rc X nd}{ 1 add set}{1 add clr}{adv 2 chg}{adv 2 chg nd}{pop nd}]A{bind pop} forall N/D{/cc X A type/stringtype ne{]}if nn/base get cc ctr put nn /BitMaps get S ctr S sf 1 ne{A A length 1 sub A 2 index S get sf div put }if put/ctr ctr 1 add N}B/I{cc 1 add D}B/bop{userdict/bop-hook known{ bop-hook}if/SI save N @rigin 0 0 moveto/V matrix currentmatrix A 1 get A mul exch 0 get A mul add .99 lt{/QV}{/RV}ifelse load def pop pop}N/eop{ SI restore userdict/eop-hook known{eop-hook}if showpage}N/@start{ userdict/start-hook known{start-hook}if pop/VResolution X/Resolution X 1000 div/DVImag X/IEn 256 array N 2 string 0 1 255{IEn S A 360 add 36 4 index cvrs cvn put}for pop 65781.76 div/vsize X 65781.76 div/hsize X}N /p{show}N/RMat[1 0 0 -1 0 0]N/BDot 260 string N/Rx 0 N/Ry 0 N/V{}B/RV/v{ /Ry X/Rx X V}B statusdict begin/product where{pop false[(Display)(NeXT) (LaserWriter 16/600)]{A length product length le{A length product exch 0 exch getinterval eq{pop true exit}if}{pop}ifelse}forall}{false}ifelse end{{gsave TR -.1 .1 TR 1 1 scale Rx Ry false RMat{BDot}imagemask grestore}}{{gsave TR -.1 .1 TR Rx Ry scale 1 1 false RMat{BDot} imagemask grestore}}ifelse B/QV{gsave newpath transform round exch round exch itransform moveto Rx 0 rlineto 0 Ry neg rlineto Rx neg 0 rlineto fill grestore}B/a{moveto}B/delta 0 N/tail{A/delta X 0 rmoveto}B/M{S p delta add tail}B/b{S p tail}B/c{-4 M}B/d{-3 M}B/e{-2 M}B/f{-1 M}B/g{0 M} B/h{1 M}B/i{2 M}B/j{3 M}B/k{4 M}B/w{0 rmoveto}B/l{p -4 w}B/m{p -3 w}B/n{ p -2 w}B/o{p -1 w}B/q{p 1 w}B/r{p 2 w}B/s{p 3 w}B/t{p 4 w}B/x{0 S rmoveto}B/y{3 2 roll p a}B/bos{/SS save N}B/eos{SS restore}B end %%EndProcSet %%BeginProcSet: 8r.enc % @@psencodingfile@{ % author = "S. Rahtz, P. MacKay, Alan Jeffrey, B. Horn, K. Berry", % version = "0.6", % date = "1 July 1998", % filename = "8r.enc", % email = "tex-fonts@@tug.org", % docstring = "Encoding for TrueType or Type 1 fonts % to be used with TeX." % @} % % Idea is to have all the characters normally included in Type 1 fonts % available for typesetting. This is effectively the characters in Adobe % Standard Encoding + ISO Latin 1 + extra characters from Lucida. % % Character code assignments were made as follows: % % (1) the Windows ANSI characters are almost all in their Windows ANSI % positions, because some Windows users cannot easily reencode the % fonts, and it makes no difference on other systems. The only Windows % ANSI characters not available are those that make no sense for % typesetting -- rubout (127 decimal), nobreakspace (160), softhyphen % (173). quotesingle and grave are moved just because it's such an % irritation not having them in TeX positions. % % (2) Remaining characters are assigned arbitrarily to the lower part % of the range, avoiding 0, 10 and 13 in case we meet dumb software. % % (3) Y&Y Lucida Bright includes some extra text characters; in the % hopes that other PostScript fonts, perhaps created for public % consumption, will include them, they are included starting at 0x12. % % (4) Remaining positions left undefined are for use in (hopefully) % upward-compatible revisions, if someday more characters are generally % available. % % (5) hyphen appears twice for compatibility with both % ASCII and Windows. % /TeXBase1Encoding [ % 0x00 (encoded characters from Adobe Standard not in Windows 3.1) /.notdef /dotaccent /fi /fl /fraction /hungarumlaut /Lslash /lslash /ogonek /ring /.notdef /breve /minus /.notdef % These are the only two remaining unencoded characters, so may as % well include them. /Zcaron /zcaron % 0x10 /caron /dotlessi % (unusual TeX characters available in, e.g., Lucida Bright) /dotlessj /ff /ffi /ffl /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef /.notdef % very contentious; it's so painful not having quoteleft and quoteright % at 96 and 145 that we move the things normally found there to here. /grave /quotesingle % 0x20 (ASCII begins) /space /exclam /quotedbl /numbersign /dollar /percent /ampersand /quoteright /parenleft /parenright /asterisk /plus /comma /hyphen /period /slash % 0x30 /zero /one /two /three /four /five /six /seven /eight /nine /colon /semicolon /less /equal /greater /question % 0x40 /at /A /B /C /D /E /F /G /H /I /J /K /L /M /N /O % 0x50 /P /Q /R /S /T /U /V /W /X /Y /Z /bracketleft /backslash /bracketright /asciicircum /underscore % 0x60 /quoteleft /a /b /c /d /e /f /g /h /i /j /k /l /m /n /o % 0x70 /p /q /r /s /t /u /v /w /x /y /z /braceleft /bar /braceright /asciitilde /.notdef % rubout; ASCII ends % 0x80 /.notdef /.notdef /quotesinglbase /florin /quotedblbase /ellipsis /dagger /daggerdbl /circumflex /perthousand /Scaron /guilsinglleft /OE /.notdef /.notdef /.notdef % 0x90 /.notdef /.notdef /.notdef /quotedblleft /quotedblright /bullet /endash /emdash /tilde /trademark /scaron /guilsinglright /oe /.notdef /.notdef /Ydieresis % 0xA0 /.notdef % nobreakspace /exclamdown /cent /sterling /currency /yen /brokenbar /section /dieresis /copyright /ordfeminine /guillemotleft /logicalnot /hyphen % Y&Y (also at 45); Windows' softhyphen /registered /macron % 0xD0 /degree /plusminus /twosuperior /threesuperior /acute /mu /paragraph /periodcentered /cedilla /onesuperior /ordmasculine /guillemotright /onequarter /onehalf /threequarters /questiondown % 0xC0 /Agrave /Aacute /Acircumflex /Atilde /Adieresis /Aring /AE /Ccedilla /Egrave /Eacute /Ecircumflex /Edieresis /Igrave /Iacute /Icircumflex /Idieresis % 0xD0 /Eth /Ntilde /Ograve /Oacute /Ocircumflex /Otilde /Odieresis /multiply /Oslash /Ugrave /Uacute /Ucircumflex /Udieresis /Yacute /Thorn /germandbls % 0xE0 /agrave /aacute /acircumflex /atilde /adieresis /aring /ae /ccedilla /egrave /eacute /ecircumflex /edieresis /igrave /iacute /icircumflex /idieresis % 0xF0 /eth /ntilde /ograve /oacute /ocircumflex /otilde /odieresis /divide /oslash /ugrave /uacute /ucircumflex /udieresis /yacute /thorn /ydieresis ] def %%EndProcSet %%BeginProcSet: texps.pro %! TeXDict begin/rf{findfont dup length 1 add dict begin{1 index/FID ne 2 index/UniqueID ne and{def}{pop pop}ifelse}forall[1 index 0 6 -1 roll exec 0 exch 5 -1 roll VResolution Resolution div mul neg 0 0]/Metrics exch def dict begin Encoding{exch dup type/integertype ne{pop pop 1 sub dup 0 le{pop}{[}ifelse}{FontMatrix 0 get div Metrics 0 get div def} ifelse}forall Metrics/Metrics currentdict end def[2 index currentdict end definefont 3 -1 roll makefont/setfont cvx]cvx def}def/ObliqueSlant{ dup sin S cos div neg}B/SlantFont{4 index mul add}def/ExtendFont{3 -1 roll mul exch}def/ReEncodeFont{CharStrings rcheck{/Encoding false def dup[exch{dup CharStrings exch known not{pop/.notdef/Encoding true def} if}forall Encoding{]exch pop}{cleartomark}ifelse}if/Encoding exch def} def end %%EndProcSet TeXDict begin 39158280 55380996 1000 600 600 (h1.dvi) @start /Fa 134[37 1[54 37 37 21 29 25 1[37 37 37 58 21 2[21 37 37 25 33 37 33 37 33 10[54 2[42 7[54 1[25 54 19[37 3[37 1[19 25 19 4[25 36[42 2[{TeXBase1Encoding ReEncodeFont}33 74.7198 /Times-Roman rf /Fb 206[29 49[{TeXBase1Encoding ReEncodeFont}1 58.1154 /Times-Roman rf %DVIPSBitmapFont: Fc lasy10 10.95 1 /Fc 1 51 df<007FB812E0B912F0A300F0CAFCB3B3A8B9FCA36C17E0343478B844>50 D E %EndDVIPSBitmapFont /Fd 148[22 107[{TeXBase1Encoding ReEncodeFont}1 49.8132 /Times-Italic rf %DVIPSBitmapFont: Ff cmr10 6 1 /Ff 1 44 df<497EB0B7FCA23900018000B020227D9C27>43 D E %EndDVIPSBitmapFont /Fg 206[25 49[{TeXBase1Encoding ReEncodeFont}1 49.8132 /Times-Roman rf %DVIPSBitmapFont: Fi cmex10 10.95 8 /Fi 8 106 df50 DI<12FEB3B3B3B3B3B3B3B3ACB612 FEA71FA363833D>I<15FEB3B3B3B3B3B3B3B3ACB6FCA71FA380833D>I<12FEB3B3B3A307 3963803D>I<12FEB3B3B3A3073968803D>I104 DI E %EndDVIPSBitmapFont /Fj 134[45 2[45 1[30 35 40 1[51 45 51 1[25 2[25 3[40 1[40 51 45 16[56 71 8[56 2[66 14[45 45 45 45 49[{ TeXBase1Encoding ReEncodeFont}22 90.9091 /Times-Bold rf /Fk 205[60 50[{TeXBase1Encoding ReEncodeFont}1 119.552 /Times-Roman rf %DVIPSBitmapFont: Fm cmmi10 14.4 1 /Fm 1 62 df<177017F8A2160117F0A2160317E0A2160717C0A2160F1780A2161F1700A2 5E163EA2167E167CA216FC5E15015EA215035EA215075EA2150F5EA2151F93C7FCA25D15 3EA2157E157CA215FC5D14015DA214035DA214075DA2140F5DA2141F92C8FCA25C143EA2 147E147CA214FC5C13015CA213035CA213075CA2130F5CA2131F91C9FCA25B133EA2137E 137CA213FC5B12015BA212035BA212075BA2120F5BA2121F90CAFCA25A123EA2127E127C A212FC5AA212702D7879D93C>61 D E %EndDVIPSBitmapFont %DVIPSBitmapFont: Fo msbm10 14.4 1 /Fo 1 91 df<48BA12E04819F0A3903DC07FFC000FC003E09026C1FF8091388007C02607 C3FCC7EA1F00D9CFF0EE0F80D99FC0023E131F01BFC8007E140001FE037C133E495D495F 494A4813FC4902035C4D485A4848EC07C04E5A4991380F8007041F5C4D485A90C8123E4E C7FC4C5BC900FC133E4C5B4B5A60923803E00103075C4C485AED0F804D5A92381F000F4B 5C033E49C8FC5D173E4B137E0201147C4B5B4A5A0207495AEDC003DA0F805B4C5AEC1F00 4A495A023E131F4A91C9FC163E5C01014A15064A01FC150F49485B4B5AD907C0171F010F 495AEC8007D91F0049153E4B5A133E017E49C9127E017C5B49013E16FE4B1501485A0003 4A1503D9E001EE07FCD807C049150F4A48ED1FBCD80F80EF3F3C001F4948157ED9000F16 FC003E4AEC03F84AC8380FF07C48EF7FC000FC013E913907FF8078BB12F8A31AF048527C D14D>90 D E %EndDVIPSBitmapFont %DVIPSBitmapFont: Fp cmsy10 8 3 /Fp 3 64 df0 D<137013F8EA01FCA3EA03F8A313F0A2120713 E0A3EA0FC0A31380121FA21300A25A123EA3123C127CA21278A212F85A12700E227EA412 >48 D<1406140EB3B3A3007FB712E0B8FC7E2B2B7CAA34>63 D E %EndDVIPSBitmapFont %DVIPSBitmapFont: Fq cmr10 8 2 /Fq 2 62 df<140EB3A3B812E0A3C7000EC8FCB3A32B2D7CA634>43 D61 D E %EndDVIPSBitmapFont /Fr 198[33 2[33 33 33 33 33 33 33 48[{TeXBase1Encoding ReEncodeFont}8 66.4176 /Times-Roman rf %DVIPSBitmapFont: Ft msbm10 10.95 1 /Ft 1 91 df<0003B812F05AA2903B0FFC001C01E0D93FC0013C13C0D80F7EC7EA7803D8 0EF802701380D80FE0ECF00749903901E00F0049ECC00E90C70003131E4C5A001E020713 3892380F0078001C020E1370031E13F04B485AC800385BED780303705BEDF0074A4848C7 FCEDC00E0203131E4A485AED00384A1378020E1370021E13F04A485A02385BEC78039138 70078002F090C8FC49485AECC00E0103131E49485AEC0038491378010E01701406011E01 F0140E49485A01385BD97803151E49485A01E090C8FC000149153CEBC00E0003011E157C 48484815FCEB00384801781401000E49EC03DC001E49EC0F9CD83C01ED1F3C003849EC7E 38D87803EC01F8484848EB1FF0B912F8A3373E7DBD41>90 D E %EndDVIPSBitmapFont %DVIPSBitmapFont: Fu cmr10 10.95 4 /Fu 4 62 df<1430147014E0EB01C0EB03801307EB0F00131E133E133C5B13F85B12015B 1203A2485AA2120F5BA2121F90C7FCA25AA3123E127EA6127C12FCB2127C127EA6123E12 3FA37EA27F120FA27F1207A26C7EA212017F12007F13787F133E131E7FEB07801303EB01 C0EB00E014701430145A77C323>40 D<12C07E12707E7E121E7E6C7E7F12036C7E7F1200 7F1378137CA27FA2133F7FA21480130FA214C0A3130714E0A6130314F0B214E01307A614 C0130FA31480A2131F1400A25B133EA25BA2137813F85B12015B485A12075B48C7FC121E 121C5A5A5A5A145A7BC323>I<1506150FB3A9007FB912E0BA12F0A26C18E0C8000FC9FC B3A915063C3C7BB447>43 D<007FB912E0BA12F0A26C18E0CDFCAE007FB912E0BA12F0A2 6C18E03C167BA147>61 D E %EndDVIPSBitmapFont /Fv 26[65 15[75 213[{}2 90.9091 /Symbol rf %DVIPSBitmapFont: Fw cmsy10 10.95 9 /Fw 9 55 df<007FB812F8B912FCA26C17F83604789847>0 D<121EEA7F80A2EAFFC0A4 EA7F80A2EA1E000A0A799B19>I<0060166000F816F06C1501007E15036CED07E06C6CEC 0FC06C6CEC1F806C6CEC3F006C6C147E6C6C5C6C6C495A017E495A6D495A6D6C485A6D6C 485A6D6C48C7FC903803F07E6D6C5A903800FDF8EC7FF06E5A6E5AA24A7E4A7EECFDF890 3801F8FC903803F07E49487E49486C7E49486C7E49486C7E017E6D7E496D7E48486D7E48 48147E4848804848EC1F804848EC0FC048C8EA07E0007EED03F048150148150000601660 2C2C73AC47>II<0207B612F8023F15FC49B7FC4916F8D90FFCC9FCEB1FE0017FCAFC13FE EA01F8485A485A5B485A121F90CBFC123EA25AA21278A212F8A25AA87EA21278A2127CA2 7EA27E7F120F6C7E7F6C7E6C7EEA00FE137FEB1FE0EB0FFC0103B712F86D16FCEB003F02 0715F891CAFCAE001FB812F84817FCA26C17F8364878B947>18 D<0207B612F8023F15FC 49B7FC4916F8D90FFCC9FCEB1FE0017FCAFC13FEEA01F8485A485A5B485A121F90CBFC12 3EA25AA21278A212F8A25AA87EA21278A2127CA27EA27E7F120F6C7E7F6C7E6C7EEA00FE 137FEB1FE0EB0FFC0103B712F86D16FCEB003F020715F8363678B147>26 D<19301978A2197C193CA2193E191EA2191F737EA2737E737EA2737E737E1A7C1A7EF21F 80F20FC0F207F0007FBB12FCBDFCA26C1AFCCDEA07F0F20FC0F21F80F27E001A7C624F5A 4F5AA24F5A4F5AA24FC7FC191EA2193E193CA2197C1978A2193050307BAE5B>33 D<0207B512E0023F14F049B6FC4915E0D90FFCC8FCEB1FE0017FC9FC13FEEA01F8485A48 5A5B485A121F90CAFC123EA25AA21278A212F8A25AA2B812E017F0A217E000F0CAFCA27E A21278A2127CA27EA27E7F120F6C7E7F6C7E6C7EEA00FE137FEB1FE0EB0FFC0103B612E0 6D15F0EB003F020714E02C3678B13D>50 D<176017F01601A2EE03E0A2EE07C0A2EE0F80 A2EE1F00A2163EA25EA25EA24B5AA24B5AA24B5AA24B5AA24BC7FCA2153EA25DA25DA24A 5AA24A5AA24A5AA24A5AA24AC8FCA2143EA25CA25CA2495AA2495AA2495AA2495AA249C9 FCA2133EA25BA25BA2485AA2485AA2485AA2485AA248CAFCA2123EA25AA25AA25A12602C 5473C000>54 D E %EndDVIPSBitmapFont /Fx 141[26 3[33 2[29 18 18 3[29 1[29 32[41 41 65[{ TeXBase1Encoding ReEncodeFont}9 66.4176 /Times-Italic rf %DVIPSBitmapFont: Fy cmmi10 8 1 /Fy 1 60 df<1238127C12FEA212FF127F123B1203A41206A3120CA21218123012701220 08147B8612>59 D E %EndDVIPSBitmapFont /FA 133[35 40 40 61 40 45 25 35 35 1[45 45 45 66 25 40 25 25 45 45 25 40 45 40 45 45 10[56 66 51 45 56 1[56 1[61 76 51 61 2[66 66 56 1[66 61 56 56 15[45 2[23 30 23 41[45 2[{TeXBase1Encoding ReEncodeFont}47 90.9091 /Times-Italic rf %DVIPSBitmapFont: FB cmmi10 10.95 5 /FB 5 63 df<121EEA7F80A2EAFFC0A4EA7F80A2EA1E000A0A798919>58 D<121EEA7F8012FF13C0A213E0A3127FEA1E601200A413E013C0A312011380120313005A 120E5A1218123812300B1C798919>I<183818FC1703EF0FF8EF3FE0EFFF80933803FE00 EE0FF8EE3FE0EEFF80DB03FEC7FCED0FF8ED3FE0EDFF80DA03FEC8FCEC0FF8EC3FE0ECFF 80D903FEC9FCEB0FF8EB3FE0EBFF80D803FECAFCEA0FF8EA3FE0EA7F8000FECBFCA2EA7F 80EA3FE0EA0FF8EA03FEC66C7EEB3FE0EB0FF8EB03FE903800FF80EC3FE0EC0FF8EC03FE 913800FF80ED3FE0ED0FF8ED03FE923800FF80EE3FE0EE0FF8EE03FE933800FF80EF3FE0 EF0FF8EF03FC17001838363678B147>II<126012F8B4FCEA7FC0EA1FF0EA07FCEA 01FF38007FC0EB1FF0EB07FCEB01FF9038007FC0EC1FF0EC07FCEC01FF9138007FC0ED1F F0ED07FCED01FF9238007FC0EE1FF0EE07FCEE01FF9338007FC0EF1FF0EF07F8EF01FCA2 EF07F8EF1FF0EF7FC0933801FF00EE07FCEE1FF0EE7FC04B48C7FCED07FCED1FF0ED7FC0 4A48C8FCEC07FCEC1FF0EC7FC04948C9FCEB07FCEB1FF0EB7FC04848CAFCEA07FCEA1FF0 EA7FC048CBFC12FC1270363678B147>I E %EndDVIPSBitmapFont /FC 140[55 17[57 97[{.167 SlantFont}2 90.9091 /Symbol rf /FD 107[40 40 24[40 45 45 66 45 45 25 35 30 45 45 45 45 71 25 45 25 25 45 45 30 40 45 40 45 40 3[30 1[30 3[86 66 66 56 51 61 1[51 66 66 81 56 66 35 30 66 66 51 56 66 61 61 66 6[25 45 45 45 45 45 45 45 45 45 45 25 23 30 23 2[30 30 30 2[45 32[51 51 2[{TeXBase1Encoding ReEncodeFont}73 90.9091 /Times-Roman rf /FE 134[60 2[60 66 40 47 53 2[60 66 1[33 2[33 66 60 40 53 66 53 66 60 12[80 66 86 1[73 3[80 93 1[47 93 1[73 1[86 86 1[86 10[60 60 60 60 60 60 9[40 39[{TeXBase1Encoding ReEncodeFont}37 119.552 /Times-Bold rf %DVIPSBitmapFont: FF lasy10 10 1 /FF 1 51 df<003FB712FEB9FCA300F0C9120FB3B3A4B9FCA4303079B43E>50 D E %EndDVIPSBitmapFont /FG 134[42 1[60 42 42 23 32 28 1[42 42 42 65 23 42 1[23 42 42 28 37 42 37 42 37 9[78 60 1[51 1[55 1[46 6[28 60 1[46 1[60 55 55 60 12[42 3[42 23 21 28 21 2[28 28 28 39[{TeXBase1Encoding ReEncodeFont}43 83.022 /Times-Roman rf /FH 139[28 32 37 14[37 46 42 31[60 65[{TeXBase1Encoding ReEncodeFont} 7 83.022 /Times-Bold rf /FI 134[44 1[66 44 1[28 39 39 2[50 50 72 28 44 1[28 1[50 28 44 50 2[50 6[55 4[72 1[50 5[83 1[66 7[66 61 20[33 45[{TeXBase1Encoding ReEncodeFont}25 99.6264 /Times-Italic rf /FJ 134[50 1[72 50 50 28 39 33 2[50 50 1[28 2[28 50 50 1[44 50 44 50 44 9[94 3[55 66 7[39 33 1[72 2[72 66 1[72 13[50 50 50 50 3[25 44[{ TeXBase1Encoding ReEncodeFont}32 99.6264 /Times-Roman rf /FK 134[72 1[104 2[40 56 48 1[72 72 72 112 40 2[40 72 72 48 64 72 64 72 64 13[80 2[80 7[104 3[104 96 1[104 19[48 45[{TeXBase1Encoding ReEncodeFont}26 143.462 /Times-Roman rf end %%EndProlog %%BeginSetup %%Feature: *Resolution 600dpi TeXDict begin %%PaperSize: A4 %%EndSetup %%Page: 1 1 1 0 bop 590 937 a FK(A)35 b(Cryptanalysis)e(of)j(the)f(High-bandwidth)d (Digital)1174 1120 y(Content)i(Protection)f(System)1684 1373 y FJ(Scott)25 b(Crosby)1382 1489 y FI(Carne)l(gie-Mellon)f(Univer) o(sity)1679 1721 y FJ(Ian)i(Goldber)n(g)1445 1837 y FI(Zer)l(o)e (Knowledg)o(e)h(Systems)887 2070 y FJ(Robert)g(Johnson)223 b(Da)o(wn)24 b(Song)224 b(Da)n(vid)25 b(W)-8 b(agner)1229 2186 y FI(Univer)o(sity)23 b(of)i(California)e(at)h(Berk)o(ele)m(y)1637 2388 y FJ(August)g(3,)g(2001)1788 2724 y FH(Abstract)800 2882 y FG(W)-7 b(e)30 b(describe)e(a)i(practical)e(attack)h(on)f(the)h (High)g(Bandwidth)f(Digital)h(Content)676 2981 y(Protection)23 b(\(HDCP\))h(scheme.)37 b(HDCP)25 b(is)h(a)e(proposed)f(identity-based) f(cryptosys-)676 3081 y(tem)e(for)g(use)h(o)o(v)o(er)e(the)i(Digital)g (V)-5 b(isual)20 b(Interf)o(ace)g(b)n(us,)g(a)h(consumer)e(video)h(b)n (us)h(used)676 3180 y(in)31 b(digital)f(VCRs,)35 b(camcorders,)d(and)e (personal)g(computers.)55 b(Public/pri)n(v)n(ate)29 b(k)o(e)o(y)676 3280 y(pairs)18 b(are)h(assigned)g(to)g(de)n(vices)f(by)h(a)g(trusted)f (authority)-5 b(,)17 b(which)i(possesses)g(a)h(master)676 3380 y(secret.)49 b(If)28 b(an)g(attack)o(er)f(can)h(reco)o(v)o(er)e (40)i(public/pri)n(v)n(ate)e(k)o(e)o(y)h(pairs)h(that)h(span)e(the)676 3479 y(module)18 b(of)h(public)f(k)o(e)o(ys,)h(then)g(the)h(authority') -5 b(s)18 b(master)h(secret)h(can)f(be)g(reco)o(v)o(ered)e(in)676 3579 y(a)27 b(fe)n(w)g(seconds.)44 b(W)m(ith)27 b(the)g(master)g (secret,)h(an)f(attack)o(er)f(can)h(ea)n(v)o(esdrop)e(on)h(com-)676 3679 y(munications)18 b(between)i(an)o(y)g(tw)o(o)h(de)n(vices)e(and)h (can)h(spoof)e(an)o(y)h(de)n(vice,)f(both)h(in)g(real)676 3778 y(time.)k(Additionally)-5 b(,)16 b(the)j(attack)o(er)e(can)i (produce)d(ne)n(w)i(k)o(e)o(y)g(pairs)g(not)g(on)g(an)o(y)f(k)o(e)o(y)h (re-)676 3878 y(v)n(ocation)j(list.)35 b(Thus)23 b(the)g(attack)o(er)f (can)h(completely)f(usurp)g(the)h(trusted)g(authority')-5 b(s)676 3977 y(po)n(wer)g(.)23 b(Furthermore,)16 b(the)i(protocol)e(is) j(still)g(insecure)e(e)n(v)o(en)g(if)h(all)h(de)n(vices')e(k)o(e)o(ys)g (are)676 4077 y(signed)i(by)h(the)g(central)g(authority)-5 b(.)23 b FF(2)448 4370 y FE(1)120 b(Intr)n(oduction)448 4577 y FD(The)18 b(High-bandwidth)j(Digital)e(Content)g(Protection)h (\(HDCP\))d(scheme)i(is)f(a)f(cryptographic)448 4690 y(e)o(xtension)37 b(to)d(the)h(Digital)g(V)-5 b(isual)34 b(Interf)o(ace)j(\(D)l(VI\))d(designed)j(to)d(pre)n(v)o(ent)h(the)g (cop)o(ying)448 4803 y(of)g(video)g(data)g(transmitted)i(o)o(v)o(er)d (the)h(D)l(VI)e(b)n(us.)62 b(D)l(VI)33 b(is)i(already)h(commonly)f (used)g(to)448 4915 y(send)i(digital)h(video)g(between)f(camcorders,)k (digital)d(VCRs,)g(and)e(personal)j(computers.)1920 5225 y(1)p eop %%Page: 2 2 2 1 bop 448 573 a FD(If)35 b(the)g(HDCP)e(enhanced)k(D)l(VI)d(standard) j(is)e(also)h(adopted)g(by)f(monitor)h(and)g(tele)n(vision)448 686 y(manuf)o(acturers,)28 b(then)c(it)g(could)h(serv)o(e)g(as)f(the)h (last)f(le)o(g)g(of)g(a)g(secure)h(channel)h(for)e(the)h(online)448 799 y(distrib)n(ution)h(of)21 b(tele)n(vision,)j(mo)o(vies,)f(and)f (other)g(video)h(data.)29 b(Online)22 b(content)i(distrib)n(utors)448 912 y(w)o(ould)g(lik)o(e)f(to)f(b)n(uild)i(this)g(channel)g(to)f(pre)n (v)o(ent)h(perfect)g(digital)g(copies)g(by)f(ne)n(v)o(er)g(e)o(xposing) 448 1024 y(the)h(digital)h(video)g(signal)g(as)e(plainte)o(xt)j(in)d (the)h(recei)n(v)o(er')-5 b(s)26 b(computer)-5 b(.)589 1137 y(Because)28 b(D)l(VI)e(de)n(vices)i(from)f(man)o(y)f(dif)n (ferent)j(manuf)o(acturers)h(need)d(to)g(interoperate)448 1250 y(and)i(perform)g(k)o(e)o(y)g(e)o(xchange)h(with)e(no)g(user)h (interv)o(ention,)k(the)28 b(HDCP)e(authors)k(chose)f(to)448 1363 y(use)j(an)g(identity-based)k(cryptosystem.)56 b(It)31 b(appears)j(that)e(the)g(authors)h(did)f(not)g(w)o(ant)g(the)448 1476 y(implementation)c(of)c(the)h(scheme)g(to)g(be)f(too)h(onerous,)i (and)d(so)h(a)n(v)n(oided)i(an)o(y)d(con)l(v)o(entional)448 1589 y(identity-based)i(scheme.)j(Instead,)23 b(the)o(y)f(designed)i(a) e(custom)g(scheme)g(that)g(is)g(f)o(ast,)g(easy)g(to)448 1702 y(implement,)j(and)f(insecure.)589 1815 y(In)31 b(the)g(HDCP)d(scheme,)33 b(de)n(vice)e(manuf)o(acturers)j(purchase)f (HDCP)28 b(licenses)k(from)f(a)448 1928 y(trusted)e(authority)-6 b(.)40 b(A)25 b(license)j(includes,)i(for)c(each)i(de)n(vice)f FA(A)p FD(,)f(a)g(public)i(v)o(ector)g FA(v)3126 1955 y Fx(A)3171 1928 y FD(,)e(called)448 2041 y(the)33 b(K)n(e)o(y)f (Selection)i(V)-10 b(ector)33 b(\(KSV\),)d(and)j(a)f(pri)n(v)n(ate)i(v) o(ector)l(,)i FA(u)2545 2068 y Fx(A)2590 2041 y FD(.)55 b(When)33 b(de)n(vices)h FA(A)d FD(and)448 2154 y FA(B)h FD(wish)h(to)g(communicate,)38 b(the)o(y)33 b(e)o(xchange)j FA(v)1993 2181 y Fx(A)2070 2154 y FD(and)e FA(v)2274 2180 y Fx(B)2319 2154 y FD(.)57 b FA(A)32 b FD(computes)i(the)g(dot)f (product)448 2267 y FA(u)493 2294 y Fx(A)552 2267 y Fw(\001)14 b FA(v)631 2293 y Fx(B)703 2267 y FD(and)28 b FA(B)d FD(computes)k FA(u)1362 2293 y Fx(B)1421 2267 y Fw(\001)14 b FA(v)1500 2294 y Fx(A)1545 2267 y FD(,)27 b(and)h(the)o(y)f(use)h (this)f(as)g(their)h(shared)h(secret)f(for)f(the)h(rest)448 2379 y(of)d(their)g(interactions.)36 b(The)24 b(trusted)i(authority)h (uses)f(some)e(secret)i(information)h(to)e(choose)448 2492 y FA(v)488 2520 y Fx(A)533 2492 y FD(,)30 b FA(v)626 2518 y Fx(B)671 2492 y FD(,)f FA(u)768 2520 y Fx(A)813 2492 y FD(,)h(and)f FA(u)1070 2518 y Fx(B)1143 2492 y FD(so)g(that)h(the)f(abo)o(v)o(e)h(computations)i(will)d(produce)i(the) e(same)g(answer)-5 b(.)448 2605 y(This)32 b(protocol)i(is)e(used)h(in)f (both)h(the)f(Upstream)g(and)h(Do)n(wnstream)f(v)o(ersions)i(of)e(HDCP) -10 b(.)448 2718 y(The)28 b(Upstream)g(v)o(ersion)i(of)e(HDCP)d(is)j (designed)i(for)f(the)f(communication)j(link)d(between)448 2831 y(softw)o(are)j(running)g(on)e(a)f(personal)k(computer)l(,)g(such) d(as)g(a)g(user)h(friendly)h(video)f(playback)448 2944 y(utility)-6 b(,)22 b(and)f(the)g(HDCP)d(de)n(vices)j(attached)i(to)d (that)h(computer)-5 b(.)29 b(The)19 b(Do)n(wnstream)i(protocol)448 3057 y(is)30 b(used)g(between)h(HDCP)d(de)n(vices.)48 b(Since)30 b(the)g(cryptographically)35 b(rele)n(v)n(ant)c(portions)h (of)448 3170 y(these)25 b(protocols)h(are)e(identical,)h(our)f(attack)h (applies)g(to)f(both.)589 3283 y(W)-7 b(e)23 b(e)o(xploit)i(a)e (well-kno)n(wn)i(cryptographic)j(design)d(mistak)o(e:)31 b(the)24 b(shared)h(secret)g(gen-)448 3396 y(eration)33 b(is)e(entirely)i(linear)-5 b(.)52 b(The)30 b(attack)j(only)f(needs)g (40)f(public/pri)n(v)n(ate)j(k)o(e)o(y)e(pairs)f(such)448 3509 y(that)d(the)f(public)i(k)o(e)o(y)e(pairs)h(span)g FA(M)d Fw(\032)d Fu(\()p Ft(Z)p FB(=)p FD(2)1937 3476 y Fr(56)2004 3509 y Ft(Z)p Fu(\))2104 3476 y Fr(40)2171 3509 y FD(,)k(the)i(module)g(generated)h(by)e(all)g(pub-)448 3621 y(lic)h(k)o(e)o(ys.)43 b(Since)28 b(HDCP)d(de)n(vices)30 b(di)n(vulge)g(their)e(public)i(k)o(e)o(ys)e(freely)-6 b(,)30 b(we)d(can)i(easily)g(test)448 3734 y(whether)35 b(a)f(set)g(of)f(40)h(de)n(vices)i(ha)n(v)o(e)e(public)h(k)o(e)o(ys)g (spanning)h FA(M)g FD(before)g(e)o(xpending)g(the)448 3847 y(ef)n(fort)31 b(to)e(e)o(xtract)i(their)g(pri)n(v)n(ate)g(k)o(e)o (ys.)47 b(W)l(ith)30 b(these)h(k)o(e)o(ys,)h(the)e(authority')-5 b(s)32 b(secret)f(can)f(be)448 3960 y(reco)o(v)o(ered)c(in)d(only)h(a)g (fe)n(w)e(seconds)k(on)d(an)o(y)h(desktop)i(computer)-5 b(.)589 4073 y(The)26 b(consequence)j(of)d(these)h(\003a)o(ws)e(is)g (that,)i(after)g(reco)o(v)o(ering)h(the)e(pri)n(v)n(ate)h(k)o(e)o(ys)f (of)g(40)448 4186 y(de)n(vices,)36 b(we)c(can)h(attack)h(e)n(v)o(ery)f (other)g(interoperable)k(HDCP)30 b(de)n(vice)j(in)g(e)o(xistence:)49 b(we)448 4299 y(can)37 b(decrypt)h(ea)n(v)o(esdropped)i (communications,)j(spoof)37 b(the)g(identity)h(of)f(other)g(de)n (vices,)448 4412 y(and)31 b(e)n(v)o(en)f(for)n(ge)i(ne)n(w)d(de)n(vice) i(k)o(e)o(ys)g(as)f(though)i(we)d(were)h(the)g(trusted)i(center)-5 b(.)50 b(Note)30 b(that)448 4525 y(this)35 b(allo)n(ws)f(us)g(to)g (bypass)i(an)o(y)e(re)n(v)n(ocation)i(list)f(or)f (\223blacklisting\224:)54 b(such)35 b(mechanisms)448 4638 y(are)25 b(rendered)h(completely)g(inef)n(fecti)n(v)o(e)h(by)d (these)h(\003a)o(ws)e(in)h(HDCP)-10 b(.)22 b(Therefore)j(we)f(recom-) 448 4751 y(mend)e(that)h(the)f(current)h(HDCP)d(cryptosystem)25 b(should)e(be)f(abandoned)j(and)e(replaced)g(with)448 4863 y(standard)j(cryptographic)i(primiti)n(v)o(es.)589 4976 y(The)d(HDCP)e(cryptosystem)29 b(is)c(also)h(unusual)h(in)e(that)h (it)f(can)h(be)f(brok)o(en)i(without)f(fully)1920 5225 y(2)p eop %%Page: 3 3 3 2 bop 1200 561 a FA(A)19 b Fw(!)i FA(B)e FD(:)200 b FA(v)1727 588 y Fx(A)1772 561 y FB(;)10 b FA(n)1852 588 y Fx(A)1387 697 y FA(B)19 b FD(:)200 b FA(K)1753 664 y Fp(0)1795 697 y Fu(=)20 b FA(v)1926 725 y Fx(A)1984 697 y Fw(\001)13 b FA(u)2067 723 y Fx(B)2112 697 y FB(;)30 b FA(R)2223 664 y Fp(0)2265 697 y Fu(=)20 b FA(h)p Fu(\()p FA(K)2502 664 y Fp(0)2525 697 y FB(;)10 b FA(n)2605 725 y Fx(A)2650 697 y Fu(\))1200 822 y FA(B)19 b Fw(!)i FA(A)e FD(:)200 b FA(v)1727 848 y Fx(B)1772 822 y FB(;)10 b FA(R)1863 789 y Fp(0)1387 947 y FA(A)19 b FD(:)200 b FA(K)25 b Fu(=)20 b FA(v)1904 973 y Fx(B)1961 947 y Fw(\001)13 b FA(u)2044 974 y Fx(A)2089 947 y FB(;)31 b FA(R)19 b Fu(=)h FA(h)p Fu(\()p FA(K)5 b FB(;)10 b FA(n)2537 974 y Fx(A)2583 947 y Fu(\))1387 1071 y FA(A)19 b FD(:)200 b(V)-10 b(eri\002es)23 b FA(R)d Fu(=)g FA(R)2210 1038 y Fp(0)1132 1258 y FD(T)-7 b(able)23 b(1:)29 b(The)23 b(HDCP)e(Authentication)28 b(Protocol)448 1517 y(understanding)38 b(its)c(operation.)61 b(The)33 b(HDCP)e(speci\002cation)36 b(does)f(not)f(describe)h(the)f(k)o(e)o(y)448 1630 y(generation)28 b(process)e(used)g(by)e(the)h(center)h(b)n(ut,)f(based)h(solely)g(on)e (the)h(properties)i(of)e(gener)n(-)448 1743 y(ated)g(k)o(e)o(ys,)f(we)f (can)i(characterize)i(all)d(possible)i(k)o(e)o(y)e(generation)j(strate) o(gies)g(and)d(sho)n(w)g(that)448 1856 y(the)o(y)30 b(are)g(all)f (insecure.)49 b(In)30 b(other)g(w)o(ords,)h(we)e(can)h(pro)o(v)o(e,)h (gi)n(v)o(en)f(just)g(the)g(interf)o(ace,)j(that)448 1969 y(e)n(v)o(ery)24 b(possible)i(implementation)g(that)f(follo)n(ws)f (this)g(interf)o(ace)i(is)d(insecure.)448 2261 y FE(2)120 b(The)30 b(HDCP)g(A)-6 b(uthentication)32 b(Pr)n(otocol)448 2468 y FD(The)26 b(HDCP)d(protocol)28 b(is)e(described)i(completely)g (in)e([1)q(].)35 b(W)-7 b(e)25 b(present)i(an)f(abstracted)j(v)o(er)n (-)448 2581 y(sion)22 b(that)g(captures)i(the)d(cryptographically)27 b(rele)n(v)n(ant)c(portions)h(of)d(both)h(the)g(Upstream)g(and)448 2694 y(Do)n(wnstream)33 b(v)o(ersions)g(of)f(HDCP)-10 b(.)29 b(A)i(trusted)i(authority)i(assigns)e(to)f(each)h(de)n(vice,)h FA(A)p FD(,)f(a)448 2807 y(public)28 b(v)o(ector)f FA(v)992 2835 y Fx(A)1059 2807 y Fw(2)21 b Fu(\()p Ft(Z)p FB(=)p FD(2)1331 2774 y Fr(56)1399 2807 y Ft(Z)p Fu(\))1499 2774 y Fr(40)1565 2807 y FD(,)26 b(called)i(the)e(K)n(e)o(y)f (Selection)j(V)-10 b(ector)27 b(\(KSV\),)d(and)j(a)f(pri-)448 2920 y(v)n(ate)35 b(v)o(ector)l(,)k FA(u)958 2948 y Fx(A)1029 2920 y Fw(2)26 b Fu(\()p Ft(Z)p FB(=)p FD(2)1306 2887 y Fr(56)1373 2920 y Ft(Z)p Fu(\))1473 2887 y Fr(40)1540 2920 y FD(.)61 b(The)34 b(v)o(ector)h FA(v)2098 2948 y Fx(A)2177 2920 y FD(consists)i(of)d(20)h(zeros)g(and)g(20)g(ones.)448 3033 y(The)25 b(v)o(ector)h FA(u)909 3061 y Fx(A)979 3033 y FD(must)f(be)g(k)o(ept)h(in)f(tamper)n(-proof)k(hardw)o(are)d (or)l(,)g(in)f(the)g(case)h(of)f(a)g(softw)o(are)448 3146 y(implementation,)36 b(obscured)d(by)e(code)h(obfuscation)j (techniques.)54 b(When)31 b(de)n(vices)i FA(A)d FD(and)448 3259 y FA(B)c FD(wish)h(to)h(communicate,)h(the)o(y)f(e)o(xchange)h FA(v)1955 3286 y Fx(A)2027 3259 y FD(and)e FA(v)2224 3285 y Fx(B)2270 3259 y FD(.)38 b FA(A)26 b FD(computes)j FA(K)e Fu(=)22 b FA(u)3014 3286 y Fx(A)3073 3259 y Fw(\001)14 b FA(v)3152 3285 y Fx(B)3224 3259 y FD(and)28 b FA(B)448 3372 y FD(computes)h FA(K)889 3339 y Fp(0)934 3372 y Fu(=)21 b FA(u)1071 3398 y Fx(B)1131 3372 y Fw(\001)14 b FA(v)1210 3399 y Fx(A)1255 3372 y FD(.)39 b(The)27 b(trusted)i(authority)g(has)f(used)g(some)f(secret)i(information)g(to) 448 3485 y(choose)c FA(v)763 3512 y Fx(A)809 3485 y FD(,)d FA(v)894 3511 y Fx(B)939 3485 y FD(,)h FA(u)1030 3512 y Fx(A)1075 3485 y FD(,)f(and)i FA(u)1319 3511 y Fx(B)1387 3485 y FD(so)g(that)g FA(K)h Fu(=)19 b FA(K)1892 3452 y Fp(0)1915 3485 y FD(.)589 3597 y(In)h(HDCP)-10 b(,)16 b(one)k(de)n(vice)h(is)e(the)h(transmitter)h(and)f(one)g(is)f(the)h (recei)n(v)o(er)-5 b(.)28 b(T)-7 b(o)19 b(v)o(erify)h(that)g(the)448 3710 y(k)o(e)o(y)g(agreement)h(process)g(has)e(been)h(successful,)j (the)c(transmitter)j FA(A)c FD(also)i(sends)g(a)f(nonce)h FA(n)3369 3738 y Fx(A)3414 3710 y FD(,)448 3823 y(and)27 b(the)g(recei)n(v)o(er)g(replies)h(with)e(the)h(16-bit)h(v)n(alue)f FA(R)2167 3790 y Fp(0)2214 3823 y FD(computed)h(by)f FA(R)2771 3790 y Fp(0)2815 3823 y Fu(=)21 b FA(h)p Fu(\()p FA(K)3053 3790 y Fp(0)3076 3823 y FB(;)10 b FA(n)3156 3851 y Fx(A)3201 3823 y Fu(\))p FD(.)37 b(The)448 3936 y(transmitter)24 b(performs)f(the)f(analogous)i(computation)g(and)e(v)o (eri\002es)g(that)g(the)g(results)h(are)f(the)448 4049 y(same.)46 b(The)29 b(non-in)l(v)o(ertible)34 b(function)d FA(h)e FD(is)h(completely)h(described)h(in)d(the)h(speci\002cation,)448 4162 y(b)n(ut)35 b(the)f(details)h(of)f(its)g(operation)j(are)d(not)g (important)i(here.)60 b(W)-7 b(e)33 b(assume)i(that)f(all)g(D)l(VI)448 4275 y(transmitters)e(can)d(interoperate)k(with)c(all)g(D)l(VI)f(recei) n(v)o(ers,)k(an)d(assumption)i(that)f(seems)f(to)448 4388 y(be)24 b(implied)g(by)g(the)g(speci\002cation.)589 4501 y(HDCP)g(also)k(supports)g(re)n(v)n(ocation)h(of)e(certain)h (KSVs.)35 b(T)m(ransmitters)28 b(are)f(required)h(to)448 4614 y(check)f(that)g(their)f(peer')-5 b(s)27 b(KSV)d(is)i(not)g(on)g (the)g(current)h(re)n(v)n(ocation)i(list.)36 b(According)27 b(to)f(the)448 4727 y(HDCP)g(license,)31 b(KSVs)26 b(can)j(be)f(placed) i(on)e(the)h(KRL)d(if)i(the)g(corresponding)33 b(pri)n(v)n(ate)c(k)o(e) o(y)448 4839 y(has)24 b(been)h(leak)o(ed,)f(or)g(if)f(requested)j(by)e (the)g(National)g(Security)h(Agenc)o(y)-6 b(.)1920 5225 y(3)p eop %%Page: 4 4 4 3 bop 498 485 2889 4 v 496 598 4 113 v 548 564 a FD(Name)p 813 598 V 913 598 V 634 w(Size)p 2038 598 V 2137 598 V 1029 w(Comment)p 3385 598 V 498 601 2889 4 v 498 618 V 496 731 4 113 v 554 697 a FA(v)594 724 y Fx(A)639 697 y FB(;)10 b FA(v)714 723 y Fx(B)p 813 731 V 913 731 V 1355 697 a FD(40)23 b(bits)p 2038 731 V 2137 731 V 591 w(Must)h(ha)n(v)o(e)g(Hamming)f(weight)h(20)p 3385 731 V 498 734 2889 4 v 496 847 4 113 v 549 813 a FA(u)594 841 y Fx(A)639 813 y FB(;)10 b FA(u)719 839 y Fx(B)p 813 847 V 913 847 V 965 813 a FD(V)-10 b(ector)24 b(of)f(40)h(56-bit)h (numbers)p 2038 847 V 2137 847 V 3385 847 V 498 850 2889 4 v 496 963 4 113 v 612 929 a FA(n)657 957 y Fx(A)p 813 963 V 913 963 V 1355 929 a FD(64)e(bits)p 2038 963 V 2137 963 V 3385 963 V 498 966 2889 4 v 496 1086 4 120 v 562 1045 a FA(K)5 b FB(;)10 b FA(K)729 1012 y Fp(0)p 813 1086 V 913 1086 V 1355 1045 a FD(56)23 b(bits)p 2038 1086 V 2137 1086 V 742 w FA(K)i Fu(=)20 b FA(v)2557 1072 y Fx(B)2615 1045 y Fw(\001)13 b FA(u)2698 1073 y Fx(A)p Fy(;)2761 1045 y FA(K)2827 1012 y Fp(0)2869 1045 y Fu(=)20 b FA(v)3000 1073 y Fx(A)3058 1045 y Fw(\001)13 b FA(u)3141 1072 y Fx(B)p 3385 1086 V 498 1089 2889 4 v 496 1202 4 113 v 572 1168 a FA(R)p FB(;)d FA(R)719 1135 y Fp(0)p 813 1202 V 913 1202 V 1355 1168 a FD(16)23 b(bits)p 2038 1202 V 2137 1202 V 651 w FA(R)d Fu(=)g FA(h)p Fu(\()p FA(K)5 b FB(;)10 b FA(n)2642 1196 y Fx(A)2688 1168 y Fu(\))p FB(;)g FA(R)2814 1135 y Fp(0)2856 1168 y Fu(=)20 b FA(h)p Fu(\()p FA(K)3093 1135 y Fp(0)3116 1168 y FB(;)10 b FA(n)3196 1196 y Fx(A)3242 1168 y Fu(\))p 3385 1202 V 498 1206 2889 4 v 1078 1359 a FD(T)-7 b(able)23 b(2:)29 b(Summary)23 b(of)h(HDCP)d(Protocol)k(V)-10 b(ariables)448 1650 y FE(3)120 b(Linear)30 b(Algebra)h(o)o(v)o(er)e Fo(Z)p Fm(=)p Fk(2)1895 1607 y FD(56)1992 1650 y Fo(Z)448 1857 y FD(Since)e Ft(Z)p FB(=)p FD(2)831 1824 y Fr(56)898 1857 y Ft(Z)21 b FD(is)27 b(not)g(a)f(\002eld,)g(not)h(all)g(the)g (basic)g(f)o(acts)h(from)e(linear)i(algebra)g(hold)f(in)g(this)448 1970 y(setting.)i(Nonetheless,)23 b(much)e(of)e(our)i(intuition)h (carries)f(o)o(v)o(er)f(with)g(not)g(too)h(man)o(y)f(changes.)448 2083 y(In)28 b(this)h(section)h(we)e(set)g(do)n(wn)g(the)h(fe)n(w)e (results)j(we)d(need.)44 b(Let)28 b FA(R)22 b Fu(=)h Ft(Z)p FB(=)7 b FA(p)2902 2050 y Fx(n)2935 2083 y Ft(Z)p FD(,)24 b(where)36 b FA(p)27 b FD(is)448 2196 y(prime.)i(The)23 b(follo)n(wing)i(f)o(act)f(is)g(used)g(without)h(proof.)448 2408 y Fj(F)n(act)e(1)46 b FA(The)29 b(standar)m(d)j(determinant)g (function,)h FD(det)q FA(,)d(is)g(multiplicative)o(,)k(and)c(a)f (matrix)h(T)448 2521 y(is)d(in)l(vertible)i(if)d(and)h(only)g(if)f FD(det)12 b FA(T)36 b(is)26 b(a)h(unit)g(in)f(R.)36 b(Since)27 b(R)22 b Fu(=)f Ft(Z)p FB(=)7 b FA(p)2700 2488 y Fx(n)2734 2521 y Ft(Z)p FA(,)22 b(this)27 b(implies)g(T)36 b(is)448 2634 y(in)l(vertible)27 b(if)c(and)h(only)g(if)g FD(gcd)q Fu(\()p FD(det)11 b FA(T)5 b FB(;)17 b FA(p)1731 2601 y Fx(n)1769 2634 y Fu(\))j(=)g FD(1)p FA(.)589 2847 y(R)25 b FD(has)h(e)o(xactly)i(one)e(chain)h(of)f(ideals,)i Fu(\()p FD(0)p Fu(\))22 b(=)g(\()7 b FA(p)2160 2814 y Fx(n)2197 2847 y Fu(\))22 b Fw(\032)f Fu(\()7 b FA(p)2433 2814 y Fx(n)p Fp(\000)p Fr(1)2556 2847 y Fu(\))22 b Fw(\032)f FB(:)10 b(:)g(:)h Fu(\()c FA(p)2898 2814 y Fr(1)2936 2847 y Fu(\))22 b Fw(\032)f Fu(\()7 b FA(p)3172 2814 y Fr(0)3210 2847 y Fu(\))22 b(=)f FA(R)p FD(.)448 2960 y(This)j(mak)o(es)g(Gaussian)h(elimination)h(w)o(ork)d(almost)h(as)g (well)f(as)h(o)o(v)o(er)f(a)g(\002eld.)448 3172 y Fj(Pr)n(oposition)i (2)46 b FA(Any)27 b(m)14 b Fw(\002)g FA(n)26 b(matrix)h(A)f(o)o(ver)i (R)e(can)i(be)f(tr)o(ansformed,)j(via)e(in)l(vertible)i(r)l(ow)448 3285 y(oper)o(ations,)24 b(into)d(an)f(upper)i(triangular)i(matrix)d (suc)o(h)f(that)h(if)g(the)f(leading)j(nonzer)l(o)f(term)e(of)448 3398 y(r)l(ow)25 b(i)f(is)h(in)g(column)39 b(j)r(,)25 b(then)g(the)g(leading)i(nonzer)l(o)g(term)e(of)f(r)l(ow)h(i)13 b Fu(+)g FD(1)24 b FA(is)h(in)g(column)40 b(j)15 b Fu(+)e FD(1)448 3511 y FA(or)24 b(later)-10 b(.)29 b(Furthermor)m(e)o(,)c(the) f(leading)h(terms)f(will)f(all)h(be)g(power)o(s)g(of)31 b(p.)448 3723 y(Pr)l(oof)o(.)57 b FD(The)23 b(Gaussian)i(elimination)h (algorithm)f(need)g(only)f(be)g(modi\002ed)g(slightly)-6 b(.)968 4390 y FA(A)20 b Fu(=)1135 3853 y Fi(2)1135 4013 y(6)1135 4067 y(6)1135 4122 y(6)1135 4176 y(6)1135 4231 y(6)1135 4285 y(6)1135 4340 y(6)1135 4394 y(6)1135 4449 y(6)1135 4503 y(6)1135 4558 y(6)1135 4613 y(6)1135 4667 y(6)1135 4725 y(4)1237 3922 y FA(a)1282 3949 y Fr(1)p Fy(;)p Fx(c)1362 3970 y Fg(1)1294 4096 y FD(0)1485 4037 y(.)1518 4062 y(.)1550 4088 y(.)1306 4546 y(.)1306 4580 y(.)1306 4613 y(.)1294 4839 y(0)1703 4209 y FA(a)1748 4237 y Fx(k)q Fy(;)p Fx(c)1825 4259 y Fd(k)1758 4339 y FD(0)138 b FA(a)1986 4368 y Fx(k)q Fq(+)p Fr(1)p Fy(;)p Fx(c)2148 4389 y Fd(k)q Ff(+)p Fg(1)2328 4339 y Fw(\003)83 b(\001)10 b(\001)g(\001)177 b(\003)2070 4473 y(\003)341 b(\001)10 b(\001)g(\001)1769 4565 y FD(.)1769 4599 y(.)1769 4632 y(.)2081 4565 y(.)2081 4599 y(.)2081 4632 y(.)352 b Fw(\001)10 b(\001)g(\001)1758 4858 y FD(0)267 b Fw(\003)341 b(\001)10 b(\001)g(\001)177 b(\003)2857 3853 y Fi(3)2857 4013 y(7)2857 4067 y(7)2857 4122 y(7)2857 4176 y(7)2857 4231 y(7)2857 4285 y(7)2857 4340 y(7)2857 4394 y(7)2857 4449 y(7)2857 4503 y(7)2857 4558 y(7)2857 4613 y(7)2857 4667 y(7)2857 4725 y(5)1920 5225 y FD(4)p eop %%Page: 5 5 5 4 bop 448 573 a FD(Let)28 b FA(c)637 600 y Fr(1)702 573 y FD(be)g(the)g(\002rst)g(non-zero)i(column.)44 b(Let)27 b FA(r)1993 600 y Fr(1)2058 573 y FD(be)h(a)g(ro)n(w)f(such)i(that,)h (for)e(all)g FA(r)r FD(,)h Fu(\()p FA(a)3207 587 y Fx(r)-6 b Fy(;)p Fx(c)3274 607 y Fg(1)3308 573 y Fu(\))23 b Fw(\022)448 686 y Fu(\()p FA(a)528 700 y Fx(r)554 720 y Fg(1)584 700 y Fy(;)p Fx(c)631 720 y Fg(1)665 686 y Fu(\))p FD(.)30 b(By)23 b(di)n(viding)j(ro)n(w)d FA(r)1403 713 y Fr(1)1464 686 y FD(by)h(a)g(unit,)h(we)e(can)h(transform)i FA(a)2530 700 y Fx(r)2556 720 y Fg(1)2585 700 y Fy(;)p Fx(c)2632 720 y Fg(1)2689 686 y FD(into)32 b FA(p)2906 653 y Fx(e)2935 674 y Fg(1)2992 686 y FD(for)25 b(some)f FA(e)3377 713 y Fr(1)3414 686 y FD(.)448 799 y(W)-7 b(e)29 b(then)g(interchange)k(ro) n(w)28 b FA(r)1435 826 y Fr(1)1501 799 y FD(with)h(ro)n(w)g(1.)45 b(W)-7 b(e)28 b(can)i(no)n(w)e(use)i(ro)n(w)e(1)h(to)g(cancel)i(all)e (the)448 912 y(other)e(non-zero)g(terms)f(belo)n(w)g FA(a)1524 939 y Fr(1)p Fy(;)p Fx(c)1604 960 y Fg(1)1638 912 y FD(,)f(since)h(the)g(column)g FA(c)2370 939 y Fr(1)2433 912 y FD(entries)h(of)e(all)h(the)f(other)i(ro)n(ws)448 1036 y(no)n(w)c(lie)g(in)g Fu(\()p FA(a)911 1064 y Fr(1)p Fy(;)p Fx(c)991 1085 y Fg(1)1026 1036 y Fu(\))p FD(.)28 b(W)-7 b(e)22 b(no)n(w)h(repeat)h(with)f(column)h FA(c)2193 1064 y Fr(2)2231 1036 y FD(,)e(the)h(\002rst)g(column)h(with)e(a)h (non-zero)448 1149 y(entry)k(in)e(ro)n(ws)h(2)p FB(;)10 b(:)g(:)g(:)h(;)f FA(m)p FD(,)25 b(and)h(so)g(on.)35 b(If,)25 b(after)h(sw)o(apping,)i(entry)f FA(a)2652 1178 y Fx(k)q Fy(;)p Fx(c)2729 1200 y Fd(k)2783 1149 y Fu(=)21 b FD(1,)26 b(then)g(we)f(may)448 1272 y(optionally)k(use)d(ro)n(w)g FA(k)h FD(to)e(cancel)j(the)e(non-zero)i(terms)e(abo)o(v)o(e)h FA(a)2569 1300 y Fx(k)q Fy(;)p Fx(c)2646 1322 y Fd(k)2679 1272 y FD(.)35 b(It)25 b(is)h(a)g(standard)i(f)o(act)448 1393 y(that)c(the)g(ro)n(w)f(operations)j(used)f(here)f(are)g(in)l(v)o (ertible.)31 b Fc(2)589 1566 y FD(De\002ne)38 b FC(s)g FD(:)28 b Fu(\()p Ft(Z)p FB(=)p FD(2)1205 1533 y Fr(56)1272 1566 y Ft(Z)p Fu(\))1372 1533 y Fr(40)1467 1566 y Fw(!)g Ft(Z)p FB(=)p FD(2)1741 1533 y Fr(56)1808 1566 y Ft(Z)33 b FD(by)38 b FC(s)10 b Fu(\()p FA(v)2174 1593 y Fr(1)2211 1566 y FB(;)g(:)g(:)g(:)i(;)e FA(v)2428 1593 y Fr(40)2499 1566 y Fu(\))28 b(=)2661 1573 y Fv(\345)2726 1530 y Fr(40)2726 1590 y Fx(i)p Fq(=)p Fr(1)2843 1566 y FA(v)2883 1592 y Fx(i)2906 1566 y FD(.)71 b(Then,)41 b(since)448 1679 y(KSVs)31 b(ha)n(v)o(e)i(Hamming)f(weight)g(20,)j(for)d(an)o(y)g(KSV)e FA(v)p FD(,)k FC(s)10 b Fu(\()p FA(v)p Fu(\))25 b(=)g FD(20.)55 b(Since)32 b FC(s)41 b FD(is)32 b(linear)l(,)448 1792 y FC(s)39 b FD(applied)31 b(to)f(an)o(y)g(linear)h(combination)h (of)e(KSVs)e(will)i(be)f(in)h(the)g(ideal)h Fu(\()p FD(4)p Fu(\))24 b Fw(\032)g Ft(Z)p FB(=)p FD(2)3287 1759 y Fr(56)3354 1792 y Ft(Z)p FD(.)448 1905 y(Since)k(not)f(all)g(v)o(ectors)h FC(a)35 b FD(in)27 b Fu(\()p Ft(Z)p FB(=)p FD(2)1602 1872 y Fr(56)1669 1905 y Ft(Z)p Fu(\))1769 1872 y Fr(40)1862 1905 y FD(ha)n(v)o(e)g FC(s)10 b Fu(\()p FC(a)e Fu(\))22 b Fw(2)g Fu(\()p FD(4)p Fu(\))p FD(,)28 b(no)f(set)g(of)g(KSVs)f(will)g (e)n(v)o(er)448 2018 y(span)d Fu(\()p Ft(Z)p FB(=)p FD(2)826 1985 y Fr(56)893 2018 y Ft(Z)p Fu(\))993 1985 y Fr(40)1059 2018 y FD(.)28 b(Let)20 b FA(M)k FD(be)e(the)f(module)h(spanned)i(by)d (all)h(possible)h(KSVs.)k(The)21 b(follo)n(w-)448 2131 y(ing)j(proposition)j(tells)d(us)g(when)g(a)f(set)g(of)h(KSVs)e(spans)i FA(M)t FD(.)448 2343 y Fj(Pr)n(oposition)h(3)46 b FA(A)22 b(set)j(of)e(KSVs)g(v)1566 2371 y Fr(1)1604 2343 y FB(;)10 b(:)g(:)g(:)h(;)f FA(v)1820 2371 y Fr(40)1914 2343 y FA(spans)26 b(M)c(if)i(and)g(only)h(if)f(the)g(matrix)19 b(V)35 b(whose)448 2456 y(r)l(ows)24 b(ar)m(e)f(v)824 2483 y Fr(1)862 2456 y FB(;)10 b(:)g(:)g(:)h(;)f FA(v)1078 2483 y Fr(40)1149 2456 y FA(,)23 b(has)h FD(gcd)q Fu(\()p FD(det)7 b FA(V)o FB(;)j FD(2)1762 2423 y Fr(56)1834 2456 y Fu(\))20 b(=)g FD(4)p FA(.)448 2697 y(Pr)l(oof)o(.)99 b FD(Let)25 b FA(V)984 2664 y Fp(0)1031 2697 y Fu(=)1125 2596 y Fi(h)1168 2697 y FA(v)1208 2664 y Fp(0)1208 2722 y Fx(i)10 b(j)1261 2596 y Fi(i)1334 2697 y FD(be)30 b(the)h(result)h (of)e(applying)j(the)e(abo)o(v)o(e)g(Gaussian)h(elimination)448 2826 y(algorithm)d(to)22 b FA(V)11 b FD(.)39 b(Since)27 b(the)g(Gaussian)h(elimination)i(is)c(in)l(v)o(ertible,)31 b(there)c(e)o(xists)h(a)f(matrix)443 2939 y FA(U)9 b FD(,)20 b(with)h(gcd)q Fu(\()p FD(det)7 b FA(U)f FB(;)k FD(2)1178 2906 y Fr(56)1249 2939 y Fu(\))19 b(=)e FD(1,)k(such)h(that) 16 b FA(V)1886 2906 y Fp(0)1926 2939 y Fu(=)d FA(U)t(V)e FD(.)27 b(Thus)21 b(det)6 b FA(U)2590 2906 y Fp(\000)p Fr(1)2689 2939 y FD(det)g FA(V)2873 2906 y Fp(0)2913 2939 y Fu(=)17 b FD(det)6 b FA(V)12 b FD(.)27 b(Since)448 3052 y(det)7 b FA(U)640 3019 y Fp(\000)p Fr(1)763 3052 y FD(is)37 b(coprime)g(to)f(2)1344 3019 y Fr(56)1415 3052 y FD(,)j(we)c(must)h(ha)n(v)o(e)h(gcd)q Fu(\()p FD(det)7 b FA(V)2384 3019 y Fp(0)2407 3052 y FB(;)j FD(2)2487 3019 y Fr(56)2558 3052 y Fu(\))28 b(=)f FD(gcd)q Fu(\()p FD(det)6 b FA(V)o FB(;)k FD(2)3136 3019 y Fr(56)3208 3052 y Fu(\))28 b(=)f FD(4.)448 3165 y(Since)20 b FA(V)736 3132 y Fp(0)783 3165 y FD(is)k(upper)h(triangular)l(,)j(det)6 b FA(V)1678 3132 y Fp(0)1721 3165 y Fu(=)1812 3172 y Fv(\325)1887 3129 y Fr(40)1887 3189 y Fx(i)p Fq(=)p Fr(1)2004 3165 y FA(v)2044 3132 y Fp(0)2044 3190 y Fx(ii)2086 3165 y FD(.)30 b(But)24 b FA(v)2334 3132 y Fp(0)2334 3190 y Fx(ii)2399 3165 y FD(is)h(a)f(po)n(wer)g(of)h(2)f(for)g(each)h FA(i)p FD(,)f(so)448 3278 y(det)7 b FA(V)632 3245 y Fp(0)671 3278 y Fu(=)758 3285 y Fv(\325)832 3242 y Fr(40)832 3302 y Fx(i)p Fq(=)p Fr(1)950 3278 y FA(v)990 3245 y Fp(0)990 3303 y Fx(ii)1048 3278 y Fu(=)15 b FD(4.)27 b(Since)20 b(the)f(only)h(nonzero)i(entry)e(in)f(ro)n(w)g(40)g(is)g FA(v)2751 3245 y Fp(0)2751 3304 y Fr(40)p Fy(;)p Fr(40)2907 3278 y FD(,)g(we)f(must)i(ha)n(v)o(e)448 3391 y FA(v)488 3358 y Fp(0)488 3417 y Fr(40)p Fy(;)p Fr(40)671 3391 y FD(a)27 b(multiple)i(of)f(4)f(by)h FC(s)37 b FD(considerations.)45 b(Since)28 b(det)6 b FA(V)2454 3358 y Fp(0)2499 3391 y Fu(=)22 b FD(4,)h FA(V)2750 3358 y Fp(0)2800 3391 y FD(has)28 b(the)g(follo)n(wing)448 3504 y(form.)1496 3785 y FA(V)1563 3747 y Fp(0)1606 3785 y Fu(=)1697 3520 y Fi(2)1697 3680 y(6)1697 3735 y(6)1697 3789 y(6)1697 3847 y(4)1799 3592 y FD(1)110 b(0)g(0)83 b Fw(\003)1799 3751 y FD(0)1932 3693 y(.)1965 3718 y(.)1998 3743 y(.)2109 3751 y(0)g Fw(\003)1799 3864 y FD(0)110 b(0)g(1)83 b Fw(\003)1799 3977 y FD(0)110 b(0)g(0)83 b(4)2324 3520 y Fi(3)2324 3680 y(7)2324 3735 y(7)2324 3789 y(7)2324 3847 y(5)448 4143 y FD(Let)28 b FA(v)637 4110 y Fp(0)637 4167 y Fx(i)687 4143 y FD(be)g(the)g FA(i)p FD(th)g(ro)n(w)g(of)f(this) i(matrix.)43 b(If)27 b FA(w)c Fu(=)f(\()p FA(w)2151 4170 y Fr(1)2188 4143 y FB(;)10 b(:)g(:)g(:)h(;)f FA(w)2425 4170 y Fr(40)2496 4143 y Fu(\))27 b FD(is)h(a)g(KSV)-12 b(,)26 b(then)i(put)h FA(w)3322 4110 y Fp(0)3366 4143 y Fu(=)448 4256 y FA(w)13 b Fw(\000)606 4263 y Fv(\345)671 4220 y Fr(39)671 4280 y Fx(i)p Fq(=)p Fr(1)788 4256 y FA(w)849 4282 y Fx(i)872 4256 y FA(v)912 4223 y Fp(0)912 4280 y Fx(i)956 4256 y Fu(=)20 b(\()p FD(0)p FB(;)10 b(:)g(:)g(:)i(;)e FD(0)p FB(;)g FA(w)1445 4223 y Fp(0)1445 4282 y Fr(40)1516 4256 y Fu(\))p FD(.)33 b(As)24 b(we)g(observ)o(ed)j (abo)o(v)o(e,)f FC(s)10 b Fu(\()p FA(w)2636 4223 y Fp(0)2658 4256 y Fu(\))21 b(=)g FA(w)2867 4223 y Fp(0)2867 4282 y Fr(40)2937 4256 y FD(,)j(lies)i(in)e Fu(\()p FD(4)p Fu(\))e Fw(\032)448 4369 y Ft(Z)p FB(=)p FD(2)603 4336 y Fr(56)670 4369 y Ft(Z)p FD(.)27 b(So)d(there)h(e)o(xists)h(a)e FA(c)g FD(such)h(that)g FA(w)1879 4336 y Fp(0)1879 4395 y Fr(40)1970 4369 y Fu(=)c FD(4)p FA(c)p FD(.)31 b(Hence)25 b FA(w)c Fu(=)2630 4376 y Fv(\345)2695 4333 y Fr(39)2695 4393 y Fx(i)p Fq(=)p Fr(1)2812 4369 y FA(w)2873 4395 y Fx(i)2896 4369 y FA(v)2936 4336 y Fp(0)2936 4393 y Fx(i)2972 4369 y Fu(+)13 b FA(cv)3136 4336 y Fp(0)3136 4395 y Fr(40)3206 4369 y FD(.)31 b(Note)448 4481 y(that)26 b(this)g(does)h(not)e(pro)o(v)o(e)h(the)g(e)o(xistence)h(of)f(a)f(KSV)e (matrix)e FA(V)36 b FD(with)26 b(gcd)q Fu(\()p FD(det)6 b FA(V)o FB(;)k FD(2)3148 4448 y Fr(56)3221 4481 y Fu(\))21 b(=)g FD(4,)448 4594 y(b)n(ut)k(such)g(matrices)h(can)e(easily)i(be)e (found)h(e)o(xperimentally)-6 b(.)34 b(Thus)25 b(the)f(ro)n(ws)g(of)g (the)h(matrix)443 4707 y FA(V)511 4674 y Fp(0)556 4707 y FD(abo)o(v)o(e)f(do)g(lie)f(in)h FA(M)t FD(.)589 4820 y(If,)g(on)g(the)g(other)h(hand,)g FA(v)1417 4848 y Fr(1)1455 4820 y FB(;)10 b(:)g(:)g(:)h(;)f FA(v)1671 4848 y Fr(40)1765 4820 y FD(span)25 b FA(M)t FD(,)e(then)h(there)h(e)o(xists)g(a)f (matrix)19 b FA(U)32 b FD(such)25 b(that)443 4933 y FA(V)511 4900 y Fp(0)554 4933 y Fu(=)16 b FA(U)t(V)11 b FD(.)32 b(Thus,)25 b(by)g(the)g(multiplicati)n(vity)k(of)24 b(det)r(,)g(gcd)q Fu(\()p FD(det)6 b FA(V)o FB(;)k FD(2)2570 4900 y Fr(56)2643 4933 y Fu(\))24 b FD(is)h(at)f(most)h(4.)33 b(By)24 b(a)g FC(s)1920 5225 y FD(5)p eop %%Page: 6 6 6 5 bop 448 573 a FD(ar)n(gument)21 b(similar)f(to)f(the)g(abo)o(v)o (e,)h(gcd)r Fu(\()p FD(det)6 b FA(V)o FB(;)k FD(2)1971 540 y Fr(56)2043 573 y Fu(\))19 b FD(is)f(at)h(least)h(4.)27 b(Thus)19 b(gcd)q Fu(\()p FD(det)6 b FA(V)o FB(;)k FD(2)3156 540 y Fr(56)3229 573 y Fu(\))16 b(=)f FD(4)p FB(:)448 686 y Fc(2)589 859 y FD(It)23 b(will)f(also)h(be)g(useful)h(to)e(kno)n (w)h(the)g(probability)i(that)f(40)12 b Fu(+)g FA(m)21 b FD(KSVs)g(contain)j(a)f(set)f(of)448 972 y(40)28 b(KSVs)e(that)j (span)f FA(M)t FD(.)41 b(The)27 b(follo)n(wing)i(table)g(w)o(as)e (created)j(by)e(generating)i(10000)g(sets)448 1084 y(of)f(40)15 b Fu(+)g FA(m)27 b FD(random)i(KSVs)e(and)j(testing)g(whether)g(the)e (set)h(contained)j(a)c(spanning)j(subset)448 1197 y(of)24 b(40)f(KSVs.)p 786 1281 2313 4 v 784 1394 4 113 v 861 1360 a(Number)g(of)h(KSVs)p 1545 1394 V 167 w(40)p 1804 1394 V 169 w(42)p 2063 1394 V 168 w(44)p 2321 1394 V 169 w(46)p 2580 1394 V 169 w(48)p 2839 1394 V 168 w(50)p 3097 1394 V 786 1397 2313 4 v 784 1510 4 113 v 836 1476 a(Prob)l(.)29 b(of)24 b(Spanning)p 1545 1510 V 102 w(.295)p 1804 1510 V 100 w(.773)p 2063 1510 V 101 w(.940)p 2321 1510 V 101 w(.982)p 2580 1510 V 101 w(.997)p 2839 1510 V 100 w(.999)p 3097 1510 V 786 1514 2313 4 v 448 1818 a FE(4)120 b(The)30 b(A)-6 b(uthority')l(s)29 b(Secr)n(et)448 2025 y FD(W)-7 b(e)30 b(no)n(w)h(pro)o(v)o(e)h(that)f(the)h(authority') -5 b(s)34 b(secret)e(information)i(can)d(be)g(reco)o(v)o(ered)i(by)e (an)g(at-)448 2138 y(tack)o(er)-5 b(.)32 b(The)23 b(main)h(insight)i (is)e(that)g(the)g(secret)i(can)e(be)g(captured)i(in)e(a)f(40)13 b Fw(\002)g FD(40)24 b(matrix,)h(and)448 2251 y(hence)i(techniques)i (from)d(linear)i(algebra)f(suf)n(\002ce)g(to)e(reco)o(v)o(er)i(it.)36 b(Before)27 b(we)e(proceed,)j(we)448 2364 y(must)c(note)g(that)g(the)g (center)h(may)f(choose)h(to)e(issue)i(only)f(KSVs)e(from)i(a)f (submodule,)j FA(N)6 b FD(,)21 b(of)448 2477 y FA(M)t FD(,)h(the)i(module)g(spanned)i(by)e(all)f(KSVs.)448 2690 y Fj(Obser)o(v)o(ation)i(1)46 b FA(Let)24 b(v)g(be)h(a)f(KSV)-12 b(,)24 b(and)h(suppose)i(u)2142 2717 y Fr(1)2203 2690 y FA(and)e(u)2408 2717 y Fr(2)2470 2690 y FA(ar)m(e)g(both)g(valid)h (private)g(k)o(e)m(ys)448 2802 y(for)e(v.)k(Then)c(u)918 2830 y Fr(1)968 2802 y Fw(\000)13 b FA(u)1097 2830 y Fr(2)1155 2802 y Fw(2)19 b FA(N)1302 2769 y Fp(?)1357 2802 y FA(.)448 3015 y(Pr)l(oof)o(.)55 b FD(Let)21 b Fu(\()p FA(v)944 2982 y Fp(0)967 3015 y FB(;)10 b FA(u)1047 2982 y Fp(0)1070 3015 y Fu(\))21 b FD(be)g(an)o(y)g(other)i(v)n(alid)e (k)o(e)o(y)h(pair)-5 b(.)28 b(Since)22 b FA(v)2388 2982 y Fp(0)2421 3015 y Fw(\001)10 b FA(u)2501 3042 y Fr(1)2557 3015 y Fu(=)18 b FA(v)10 b Fw(\001)g FA(u)2776 2982 y Fp(0)2818 3015 y Fu(=)18 b FA(v)2947 2982 y Fp(0)2980 3015 y Fw(\001)10 b FA(u)3060 3042 y Fr(2)3099 3015 y FD(,)20 b(we)h(ha)n(v)o(e)448 3128 y FA(v)488 3095 y Fp(0)524 3128 y Fw(\001)13 b Fu(\()p FA(u)642 3155 y Fr(1)692 3128 y Fw(\000)g FA(u)821 3155 y Fr(2)858 3128 y Fu(\))21 b(=)f FD(0)j(for)h(all)f FA(v)1355 3095 y Fp(0)1398 3128 y Fw(2)d FA(N)6 b FD(.)27 b Fc(2)589 3301 y FD(The)e(content)i(of)e(this)h(observ)n(ation)i(is)d(that,)h(if)e(tw) o(o)h(dif)n(ferent)i(k)o(e)o(y)f(v)o(ectors,)g FA(u)3099 3328 y Fx(A)3169 3301 y FD(and)f FA(u)3369 3268 y Fp(0)3369 3327 y Fx(A)3414 3301 y FD(,)448 3414 y(form)32 b(v)n(alid)h(k)o(e)o(y) f(pairs)h(with)f(the)g(same)g(KSV)-12 b(,)30 b(then)i FA(K)e Fu(=)24 b FA(K)2451 3381 y Fp(0)2498 3414 y Fu(=)h FA(u)2639 3441 y Fx(A)2700 3414 y Fw(\001)16 b FA(v)2781 3440 y Fx(B)2851 3414 y Fu(=)24 b FA(u)2991 3381 y Fp(0)2991 3440 y Fx(A)3052 3414 y Fw(\001)16 b FA(v)3133 3440 y Fx(B)3209 3414 y FD(for)32 b(all)448 3527 y(de)n(vices)25 b FA(B)p FD(.)j(Hence)c FA(u)1148 3554 y Fx(A)1216 3527 y FD(and)g FA(u)1415 3494 y Fp(0)1415 3553 y Fx(A)1483 3527 y FD(are)f(functionally)k(indistinguishable)q(.)448 3739 y Fj(Cor)n(ollary)f(4)46 b FA(The)27 b(map)f(T)34 b FD(:)22 b FA(M)j Fw(!)d Fu(\()p Ft(Z)p FB(=)p FD(2)1820 3706 y Fr(56)1888 3739 y Ft(Z)p Fu(\))1988 3706 y Fr(40)2054 3739 y FA(,)27 b(mapping)h(public)h(k)o(e)m(ys)f(to)f(private)i(k)o(e)m (ys,)448 3852 y(is)24 b(well)f(de\002ned)86 b FD(mod)21 b FA(N)1301 3819 y Fp(?)1356 3852 y FA(.)589 4065 y FD(W)-7 b(e)23 b(can)h(no)n(w)f(pro)o(v)o(e)h(that)g(the)g(map)f FA(S)h FD(has)g(a)f(particularly)k(nice)d(form.)448 4277 y Fj(Obser)o(v)o(ation)h(2)46 b FA(T)34 b(can)24 b(be)f(r)m(epr)m (esented)j(by)e(a)f FD(40)13 b Fw(\002)g FD(40)24 b FA(matrix,)f(S)q(.) 448 4490 y(Pr)l(oof)o(.)65 b FD(T)-7 b(o)24 b(sho)n(w)h(that)g(a)f(map) h(can)g(be)g(represented)j(by)d(a)g(matrix,)g(we)f(only)i(need)g(to)e (sho)n(w)448 4603 y(that)35 b(it)f(is)g(linear)-5 b(.)61 b(So)34 b(let)g FA(v)26 b Fu(=)g FA(cv)1577 4630 y Fr(1)1632 4603 y Fu(+)16 b FA(v)1759 4630 y Fr(2)1796 4603 y FD(.)60 b(Then)34 b Fu(\()p FA(cT)12 b Fu(\()p FA(v)2312 4630 y Fr(1)2350 4603 y Fu(\))17 b(+)f FA(T)11 b Fu(\()p FA(v)2626 4630 y Fr(2)2664 4603 y Fu(\)\))17 b Fw(\001)g FA(v)2833 4570 y Fp(0)2881 4603 y Fu(=)26 b FA(cT)12 b Fu(\()p FA(v)3156 4630 y Fr(1)3194 4603 y Fu(\))k Fw(\001)h FA(v)3327 4570 y Fp(0)3366 4603 y Fu(+)448 4715 y FA(T)11 b Fu(\()p FA(v)585 4743 y Fr(2)623 4715 y Fu(\))i Fw(\001)g FA(v)749 4682 y Fp(0)792 4715 y Fu(=)20 b FA(cT)12 b Fu(\()p FA(v)1061 4682 y Fp(0)1084 4715 y Fu(\))h Fw(\001)g FA(v)1210 4743 y Fr(1)1260 4715 y Fu(+)g FA(T)e Fu(\()p FA(v)1481 4682 y Fp(0)1504 4715 y Fu(\))i Fw(\001)g FA(v)1630 4743 y Fr(2)1688 4715 y Fu(=)20 b FA(T)11 b Fu(\()p FA(v)1916 4682 y Fp(0)1939 4715 y Fu(\))i Fw(\001)g FA(v)20 b Fu(=)g FA(T)11 b Fu(\()p FA(v)p Fu(\))i Fw(\001)g FA(v)2439 4682 y Fp(0)2463 4715 y FD(,)23 b(for)h(arbitrary)i FA(v)3014 4682 y Fp(0)3057 4715 y Fw(2)20 b FA(N)6 b FD(.)27 b(Thus)448 4828 y FA(T)11 b Fu(\()p FA(v)p Fu(\))22 b(=)d FA(cT)12 b Fu(\()p FA(v)910 4856 y Fr(1)948 4828 y Fu(\))h(+)g FA(T)d Fu(\()p FA(v)1216 4856 y Fr(2)1254 4828 y Fu(\))61 b FD(mod)21 b FA(N)1599 4795 y Fp(?)1654 4828 y FD(.)28 b Fc(2)1920 5225 y FD(6)p eop %%Page: 7 7 7 6 bop 589 573 a FD(Reco)o(v)o(ering)28 b FA(S)e FD(is)g(no)n(w)f (straightforw)o(ard.)40 b(First)26 b(collect)h(a)f(set)g(of)g(k)o(e)o (y)g(pairs)h Fu(\()p FA(v)3168 599 y Fx(i)3191 573 y FB(;)10 b FA(u)3271 599 y Fx(i)3294 573 y Fu(\))3329 540 y Fx(n)3329 600 y(i)p Fq(=)p Fr(1)448 686 y FD(such)29 b(that)g(the)f FA(v)984 712 y Fx(i)1034 686 y FD(span)h FA(N)6 b FD(.)40 b(Then)28 b(use)g(an)o(y)g(standard)i(technique)h(to)d (solv)o(e)g(the)g(systems)h(of)448 799 y(equations)24 b FA(U)30 b Fu(=)22 b FA(S)l(V)11 b FD(.)36 b(F)o(or)26 b(e)o(xample,)h(the)f(Gaussian)i(elimination)h(algorithm)e(of)g (Section)g(3)448 912 y(can)f(be)f(applied)j(here.)35 b(This)25 b(allo)n(ws)h(us)f(to)g(reco)o(v)o(er)i(all)e(of)g(the)h (trusted)h(center')-5 b(s)27 b(secret,)g(no)448 1024 y(matter)d(ho)n(w)f(it)h(picks)g(k)o(e)o(ys.)448 1317 y FE(5)120 b(F)m(or)o(ging)30 b(K)m(ey)f(P)o(airs)448 1524 y FD(Let)35 b FA(G)f FD(be)h(a)f(matrix)i(reco)o(v)o(ered)h(as)e (in)g(Section)g(4.)63 b(Then)35 b FA(G)f FD(and)i FA(S)f FD(agree)h(on)f(the)h(sub-)448 1637 y(module)c(spanned)i(by)d(the)g (reco)o(v)o(ered)i(v)o(ectors)g FA(v)2060 1665 y Fr(1)2098 1637 y FB(;)10 b(:)g(:)g(:)h(;)f FA(v)2314 1651 y Fx(n)2352 1637 y FD(,)32 b(and)f(quite)i(probably)g(disagree)448 1750 y(e)n(v)o(erywhere)e(else.)48 b(If)29 b FA(v)1237 1777 y Fr(1)1275 1750 y FB(;)10 b(:)g(:)g(:)h(;)f FA(v)1491 1764 y Fx(n)1558 1750 y FD(span)30 b FA(M)t FD(,)g(then)g FA(G)f FD(is)g(equi)n(v)n(alent)j(to)e FA(S)q FD(.)46 b(In)29 b(other)i(w)o(ords,)448 1863 y FA(Gv)21 b Fu(=)f FA(S)q(v)k FD(for)h(all)f(v)n(alid)h(KSVs)e FA(v)p FD(.)30 b(Thus,)25 b(to)f(for)n(ge)h(a)f(ne)n(w)g(k)o(e)o(y)g(pair)l(,)i(we)d (can)i(simply)g(pick)g(a)448 1976 y(random)g(KSV)-12 b(,)21 b FA(v)p FD(,)i(and)h(compute)h(the)f(corresponding)k(pri)n(v)n (ate)c(k)o(e)o(y)g FA(u)d Fu(=)e FA(Gv)p FD(.)589 2089 y(The)30 b(authority)i(may)d(try)h(to)g(pre)n(v)o(ent)h(the)f(total)g (reco)o(v)o(ery)h(of)f FA(S)g FD(by)g(only)g(assigning)i(to)448 2202 y(de)n(vices)24 b(k)o(e)o(y)d(pairs)i(with)f(KSVs)e(in)h(a)h (submodule)i(of)d FA(N)j Fw(\032)18 b FA(M)t FD(.)27 b(If)21 b FB(<)d FA(v)2691 2229 y Fr(1)2729 2202 y FB(;)10 b(:)g(:)g(:)h(;)f FA(v)2945 2216 y Fx(n)3001 2202 y FB(>)p Fu(=)18 b FA(N)24 b Fw(6)p Fu(=)18 b FA(M)t FD(,)448 2314 y(then)k(we)f(can)g(only)h(for)n(ge)h(k)o(e)o(y)e(pairs)h Fu(\()p FA(v)-7 b FB(;)10 b FA(u)p Fu(\))22 b FD(where)g FA(v)c Fw(2)g FA(N)6 b FD(.)26 b(Finding)c(ne)n(w)e(KSVs)g(in)h(the)g (span)448 2427 y(of)30 b(the)f(reco)o(v)o(ered)i(KSVs)d(may)h(be)g(dif) n(\002cult.)1928 2394 y Fr(1)2012 2427 y FD(This)h(could)g(be)f(a)g (problem)i(if)e(we)f(wish)h(to)448 2540 y(b)n(uild)k(a)e(de)n(vice)i (that)f(interoperates)k(with)31 b(other)i(HDCP)c(de)n(vices)k(and)f (the)g(authority)i(has)448 2653 y(placed)25 b(all)f(our)g(reco)o(v)o (ered)h(KSVs)d(on)i(the)g(k)o(e)o(y)f(re)n(v)n(ocation)k(list.)589 2766 y(Ho)n(we)n(v)o(er)l(,)21 b(the)f(HDCP)e(protocol)k(does)f(not)f (require)i(de)n(vices)f(to)f(check)i(that)e(their)h(peer')-5 b(s)448 2879 y(k)o(e)o(y)27 b(is)g(not)g(the)g(same)g(as)f(their)i(o)n (wn,)e(and)i(so)e(a)h(\223parotting\224)i(attack)f(is)f(possible.)40 b(T)-7 b(o)26 b(b)n(uild)448 2992 y(an)32 b(interoperable)k(recei)n(v)o (er)l(,)f(we)c(can)i(simply)f(embed)h(the)f(matrix)g FA(G)f FD(in)h(the)g(de)n(vice,)j(and)448 3105 y(program)c(it)e(to)g (reply)i(to)e(all)h(authentication)j(challenges)f(with)e(the)f(KSV)f (it)h(just)h(recei)n(v)o(ed)448 3218 y(from)e(the)f(transmitter)-5 b(.)42 b(It)27 b(can)h(compute)g(the)g(corresponding)k(pri)n(v)n(ate)c (k)o(e)o(y)f(on)h(the)f(\003y)g(and)448 3331 y(proceed)37 b(with)e(the)g(authentication)k(protocol.)65 b(W)-7 b(e)33 b(can)j(essentially)h(perform)f(the)f(same)448 3444 y(trick)e(to)e(b)n (uild)i(interoperable)j(transmitters,)g(b)n(ut)c(the)g(transmitter)i (will)d(ha)n(v)o(e)i(to)e(perform)448 3556 y(tw)o(o)21 b(authentications.)32 b(The)21 b(\002rst)f(time,)h(it)g(will)f(send)i (a)e(random)i(KSV)d(and)i(collect)h(the)f(KSV)448 3669 y(of)g(its)g(peer)-5 b(.)29 b(The)20 b(transmitter)j(will)e(then)h (abort)g(the)f(authentication)k(and)d(restart)g(it)f(using)h(the)448 3782 y(KSV)g(it)h(just)h(learned)h(from)f(the)g(recei)n(v)o(er)-5 b(.)589 3895 y(One)19 b(might)g(be)g(tempted)h(to)f(correct)h(the)f (defects)h(in)f(HDCP)e(by)h(signing)j(the)e(KSVs)e(with)448 4008 y(a)24 b(pri)n(v)n(ate)g(k)o(e)o(y)g(kno)n(wn)g(only)h(to)e(the)h (central)i(authority)-6 b(.)31 b(Then,)24 b(when)g(tw)o(o)f(de)n(vices) i(e)o(x)o(ecute)448 4121 y(the)j(authentication)33 b(protocol,)d(the)o (y)f(e)o(xchange)h(the)e(certi\002cates)i(containing)h(their)d(KSVs,) 448 4234 y(v)o(erify)d(each)g(others')h(certi\002cates)g(using)f(the)g (authority')-5 b(s)27 b(public)e(k)o(e)o(y)-6 b(,)24 b(and)h(proceed)h(as)e(be-)448 4347 y(fore.)37 b(This)26 b(change)h(accomplishes)i(v)o(ery)e(little.)37 b(Ea)n(v)o(esdropping)29 b(w)o(ould)e(still)f(be)g(possible)448 4460 y(since)32 b(the)g(certi\002cates,)i(and)e(hence)g(the)f(KSVs,)g(of)g(each)g(de)n (vice)i(w)o(ould)e(be)g(a)n(v)n(ailable)i(to)448 4573 y(the)28 b(ea)n(v)o(esdropper)j(who)d(could)g(then)h(compute)f(the)g (corresponding)k(pri)n(v)n(ate)d(k)o(e)o(ys)f(needed)448 4686 y(to)h(decrypt)h(the)f(traf)n(\002c.)45 b(De)n(vices)29 b(w)o(ould)g(still)h(be)f(clonable)h(by)f(embedding)i(the)e(victim')-5 b(s)p 448 4747 1196 4 v 550 4808 a Fb(1)583 4835 y Fa(It')l(s)24 b(not)i(hard)g(to)f(reduce)i(subset-sum)f(to)f(the)h(problem)g(of)f (\002nding)h(a)g(ne)n(w)f(KSV)g(in)g(the)h(span)g(of)f(some)448 4927 y(other)20 b(KSVs.)i(Ho)n(we)n(v)o(er)m(,)d(since)g(the)g (dimension)i(is)d(only)i(40,)f(we)f(can)i(brute-force)f(this)g(problem) h(if)e(necessary)-5 b(.)1920 5225 y FD(7)p eop %%Page: 8 8 8 7 bop 448 573 a FD(certi\002cate)23 b(and)f(pri)n(v)n(ate)h(k)o(e)o (y)f(in)f(the)h(clone.)29 b(The)21 b(parotting)j(attack)f(abo)o(v)o(e)f (is)f(still)h(a)n(v)n(ailable,)448 686 y(too.)52 b(The)31 b(only)h(thing)g(certi\002cates)i(pre)n(v)o(ent)e(is)f(for)n(ging)i(ne) n(w)e(k)o(e)o(ys.)52 b(The)31 b(Digital)h(T)m(rans-)448 799 y(mission)26 b(Content)g(Protection)g(\(DTCP\))d(standard)k (includes)g(a)d(Restricted)j(Authentication)448 912 y(protocol)g(that)f (may)e(be)h(just)h(such)g(a)e(certi\002cate-enhanced)30 b(v)n(ariant)c(of)f(HDCP[2)o(].)33 b(The)24 b(in-)448 1024 y(formation)k(needed)g(to)e(fully)h(e)n(v)n(aluate)h(the)e (security)i(of)e(DTCP)e(is)i(not)g(publicly)i(a)n(v)n(ailable,)448 1137 y(b)n(ut)21 b(what)f(little)h(is)f(public)i(gi)n(v)o(es)f(reason)g (to)f(be)h(sharply)h(concerned)h(that)d(DTCP')-5 b(s)19 b(restricted)448 1250 y(authentication)28 b(protocol)e(may)d(be)h (susceptible)i(to)e(similar)g(attacks.)448 1543 y FE(6)120 b(Conclusion)448 1750 y FD(These)28 b(attacks)i(are)e(v)o(ery)g(po)n (werful)h(and)f(v)o(ery)g(\003e)o(xible.)42 b(T)-7 b(o)26 b(reco)o(v)o(er)j(the)f(center')-5 b(s)30 b(master)448 1863 y(secret,)g(we)c(need)j(40)e(k)o(e)o(y)h(pairs,)h(and)f(we)e(ha)n (v)o(e)i(a)f(v)n(ariety)i(of)e(w)o(ays)h(to)f(get)h(them.)40 b(W)-7 b(e)27 b(can)448 1976 y(re)n(v)o(erse)d(engineer)h(40)d(dif)n (ferent)j(HDCP)20 b(video)k(softw)o(are)g(utilities,)g(we)e(can)h (break)h(open)f(40)448 2089 y(de)n(vices)28 b(and)e(e)o(xtract)h(the)f (k)o(e)o(ys)g(via)g(re)n(v)o(erse)h(engineering,)i(or)d(we)f(can)h (simply)h(license)g(the)448 2202 y(k)o(e)o(ys)h(from)e(the)h(trusted)h (center)-5 b(.)40 b(According)28 b(to)f(the)g(HDCP)d(License)k (Agreement,)g(de)n(vice)448 2314 y(manuf)o(acturers)e(can)c(b)n(uy)h (10000)h(k)o(e)o(y)e(pairs)h(for)g($16000.)30 b(Gi)n(v)o(en)22 b(these)h(40)f(spanning)j(k)o(e)o(ys,)448 2427 y(the)g(master)h(secret) g(can)f(be)g(reco)o(v)o(ered)h(in)f(seconds.)35 b(So)24 b(in)h(essence,)h(the)f(trusted)i(authority)448 2540 y(sells)h(a)d(lar)n(ge)j(portion)g(of)f(its)f(master)h(secret)h(to)e(e) n(v)o(ery)h(HDCP)d(licensee.)39 b(W)l(ith)27 b(the)g(master)448 2653 y(secret)f(in)d(hand,)i(we)f(can)g(ea)n(v)o(esdrop)i(on)f(all)f (de)n(vice)h(communications,)i(spoof)e(an)o(y)f(de)n(vice,)448 2766 y(and)j(clone)g(an)o(y)g(de)n(vice,)h(all)e(in)g(real)h(time.)37 b(W)-7 b(e)25 b(can)i(produce)h(a)e(de)n(vice)h(that,)g(by)g(parroting) 448 2879 y(back)e(the)e(KSVs)f(of)i(its)f(peers,)h(cannot)h(be)f (disabled)h(by)f(an)o(y)g(blacklist.)31 b(W)l(ith)23 b(a)g(reasonable)448 2992 y(amount)29 b(of)e(computation,)k(we)c(can)h (also)g(produce)i(ne)n(w)d(de)n(vice)i(k)o(e)o(ys)f(not)g(on)g(an)o(y)f (k)o(e)o(y)h(re-)448 3105 y(v)n(ocation)f(list.)j(F)o(or)23 b(these)i(reasons,)h(we)d(recommend)j(that)e(HDCP)e(be)i(abandoned)j (in)d(f)o(a)n(v)n(or)448 3218 y(of)g(con)l(v)o(entional)j (cryptographic)h(schemes.)448 3510 y FE(Refer)n(ences)448 3717 y FD([1])47 b(Intel)32 b(Corporation.)61 b FA(High-Bandwidth)33 b(Digital)g(Content)f(Pr)l(otection)h(System)p FD(,)h(1.00)600 3830 y(edition,)25 b(February)g(2000.)448 4018 y([2])47 b(Hitachi,)31 b(Ltd.)d(and)i(Intel)g(Corporation)i(and)d(Matsushita)j (Electronic)f(Industrial)h(Co.,)600 4131 y(Ltd.)i(and)i(Son)o(y)f (Corporation)j(and)e(T)-7 b(oshiba)36 b(Corporation.)73 b FA(Digital)36 b(T)-5 b(r)o(ansmission)600 4244 y(Content)24 b(Pr)l(otection)i(System,)e(V)-10 b(olume)23 b(1)p FD(,)g(July)h(2001.) 1920 5225 y(8)p eop %%Trailer end userdict /end-hook known{end-hook}if %%EOF