what ~1.25 turned out to be or complex poles and dvds
DESCRIPTION
What ~1.25 turned out to be or Complex poles and DVDs. Ilya Mironov Microsoft Research, SVC October 3 rd , 2003. One-to-One Communications. Alice. Bob. One-to-Many Communications. Alice. Bob. Carl. Zing. One-to-Many Communications. Alice. Bob. Carl. Zing. - PowerPoint PPT PresentationTRANSCRIPT
What ~1.25 turned out to What ~1.25 turned out to bebeoror
Complex poles and DVDsComplex poles and DVDsIlya MironovIlya Mironov
Microsoft Research, SVCMicrosoft Research, SVC
October 3October 3rdrd, 2003, 2003
One-to-One One-to-One CommunicationsCommunications
Alice Bob
One-to-Many One-to-Many CommunicationsCommunications
Alice
Bob Carl Zing
One-to-Many One-to-Many CommunicationsCommunications
Alice
Bob Carl Zing
One-to-Many One-to-Many CommunicationsCommunications
Alice
Bob Carl Zing
One-to-Many One-to-Many CommunicationsCommunications
Alice
Bob Carl Zing
BroadcastBroadcast
Alice
Bob Carl Zing
BroadcastBroadcast
Alice
Bob Carl Zing
Real Life Examples of Real Life Examples of BroadcastBroadcast
Pay-per-viewPay-per-view Satellite radio, TV (“dishes”)Satellite radio, TV (“dishes”) DVD playersDVD players
Stateless receivers
Broadcast encryptionBroadcast encryption
source
receivers
k
k k k k k k kk k
k
One rogue user compromises the whole system
Very little overhead
Broadcast encryptionBroadcast encryption
source
receivers
k1, k2, k3, k4, k5,…, kn
k1
k2 k3 k4 k5 k6 k7 kn
…
broadcast E[k1,k], E[k2,k],…, E[kn,k], E[k,M]
Broadcast encryptionBroadcast encryption
source
receivers
k1, k2, k3, k4, k5,…, kn
k1
k2 k3 k4 k5 k6 k7 kn
…
Too many keys Simple user revocation
Botched attemptsBotched attempts
CSS (most famous for the DeCSS CSS (most famous for the DeCSS crack)crack)
CPRM (IBM, Intel, Matsushita, CPRM (IBM, Intel, Matsushita, Toshiba) Can revoke only 10,000 Toshiba) Can revoke only 10,000 devices in 3Mbdevices in 3Mb
Subset-cover frameworkSubset-cover framework (Naor-Naor-Lotspiech’01)(Naor-Naor-Lotspiech’01)
S3
S5
S6
S1
S2S4
S7
S8
Subset-cover frameworkSubset-cover framework (Naor-Naor-Lotspiech’01)(Naor-Naor-Lotspiech’01)
S3
S5
S6
S1
S2S4
S7
S8
k3 k4k5
u
receiver u knows keys:
Key distributionKey distribution
Based on some formal characteristic: Based on some formal characteristic: e.g., DVD player’s serial numbere.g., DVD player’s serial number
Using some real-life descriptors:Using some real-life descriptors:— CMU students/facultyCMU students/faculty— researchersresearchers— Pennsylvania state residentsPennsylvania state residents— college-educatedcollege-educated
Broadcast using subset Broadcast using subset covercover
S3
S5
S6
S1S8
S10
header uses k1, k3, k5, k6, k8, k10
Subtree differenceSubtree differenceAll receivers are associated with theleaves of a full binary tree k0
k00 k01
k0…0 k0…1 k1…1
Subtree differencesSubtree differences
i
j
special set Si,j
Subtree differenceSubtree difference
Subtree differenceSubtree difference
Subtree differenceSubtree difference
Subtree differenceSubtree difference
Subtree differenceSubtree difference
Subtree differenceSubtree difference
Subtree differenceSubtree difference
Subtree differenceSubtree difference
Greedy algorithmGreedy algorithm
Easy greedy algorithm for Easy greedy algorithm for constructing a subtree cover for any constructing a subtree cover for any set of revoked usersset of revoked users
Greedy algorithmGreedy algorithm
Find a node such that both of its Find a node such that both of its children have exactly one revoked children have exactly one revoked descendantdescendant
Greedy algorithmGreedy algorithm
Add (at most) two sets to the coverAdd (at most) two sets to the cover
Greedy algorithmGreedy algorithm
Revoke the entire subtreeRevoke the entire subtree
Greedy algorithmGreedy algorithm
Could be less than two setsCould be less than two sets
Average-case analysisAverage-case analysis
R - number of revoked usersR - number of revoked users
C – number of sets in the coverC – number of sets in the cover
C ≤ 2R-1C ≤ 2R-1 averaged over sets of fixed size averaged over sets of fixed size
[NNL’01][NNL’01]
E[C] ≤ 1.38RE[C] ≤ 1.38R simulation experiments give [NNL’01]simulation experiments give [NNL’01]
E[C] ~ RE[C] ~ R1.251.25
HypothesisHypothesis
1.25… = 5/41.25… = 5/4
Different ModelDifferent Model
Revoke each user independently at Revoke each user independently at random with probability prandom with probability p
Exact formulaExact formula
2 2 2
0
[ ] 1lim 2 2 (1 ) ,
[ ] 1
k kk
nk
E Cq q q
E R q
where 1 1.q p
If a user is revoked with probability If a user is revoked with probability p«1:p«1:
Exact formulaExact formula
2 2 2
0
[ ] 1lim 2 2 (1 ) ,
[ ] 1
k kk
nk
E Cq q q
E R q
where
If a user is revoked with probability If a user is revoked with probability p«1:p«1:
(...)f 1 1.q p
AsymptoticAsymptotic
0
0.25
0.5
0.75
1
1.25
1.5
0 0.25 0.5 0.75 1p
1.245111.24511
E[C]/E[R]
AsymptoticAsymptotic
E[C]/E[R]1.2451134…1.2451134…
1.2451114…1.2451114…
1.24509
1.245095
1.2451
1.245105
1.24511
1.245115
0 0.000005 0.00001
p
Exact formulaExact formula
2 2 2
0
[ ] 1lim 2 2 (1 ) ,
[ ] 1
k kk
nk
E Cq q q
E R q
where 1 .q p
If a user is revoked with probability If a user is revoked with probability p«1:p«1:
(...)f
Singularities of Singularities of ff
Function Function ff cannot be analytically cannot be analytically continued beyond the unit diskcontinued beyond the unit disk
One approachOne approach
5 pages of dense computations – 5 pages of dense computations – series, o, O, lim, etc.series, o, O, lim, etc.
produce only the constant termproduce only the constant term
Mellin transformMellin transform
* 1
0( ) ( ) ( ) sf x f s f x x dx
* * 11( ) ( ) ( )
2
c i s
c if s f s f s x ds
i
ApproximationApproximation
where 1 0x q
For small qFor small q
2 2 2 2 2 2
0 0
( ) 2 (1 ) 2 (1 )k k k kk k x x
k k
f q q q e e
The Mellin TransformThe Mellin Transform
* 1(1 )
1( ) ( )(1 2 3 )
1 2s s
sf s s
Poles at 0, -1, -2, -3, … and 2 / ln 2 1ki
Complex polesComplex poles
0-1-2-3
(1 )
1
1 2 s
1( )(1 2 3 )s ss
2 / ln 2 1ki
…
Mellin transformMellin transform
* 1
0( ) ( ) ( ) sf x f s f x x dx
* * 11( ) ( ) ( )
2
c i s
c if s f s f s x ds
i
ApproximationApproximation
22 log2 2
\{0}
( ) 3log 4 / 3 ( 2 log )
( ),
ki p
k
f q ki p e
o p
where p = 1-qwhere p = 1-q
AsymptoticAsymptotic
E[C]/E[R]1.2451134…1.2451134…
1.2451114…1.2451114…3log2 4/3
1.24509
1.245095
1.2451
1.245105
1.24511
1.245115
0 0.000005 0.00001
p
Average-case analysisAverage-case analysis
R - number of revoked usersR - number of revoked users
C – number of sets in the coverC – number of sets in the cover
If a user is revoked with probability p«1:If a user is revoked with probability p«1:
E[C] ≈ 1.24511 E[R]E[C] ≈ 1.24511 E[R]
Knuth and de BruijnKnuth and de Bruijn
Solution communicated by de Bruijn Solution communicated by de Bruijn to Knuth for analysis of the radix-to Knuth for analysis of the radix-exchange sort algorithm (vol. 3, 1exchange sort algorithm (vol. 3, 1stst ed, p. 131)ed, p. 131)
De Bruijn, Knuth, Rice, “The average De Bruijn, Knuth, Rice, “The average height of planted plane trees,” 1972height of planted plane trees,” 1972
Further readingFurther reading
Flajolet, Gourdon, Dumas, “Mellin Flajolet, Gourdon, Dumas, “Mellin transform and asymptotics: transform and asymptotics: Harmonics sums”, Theor. Comp. Sc., Harmonics sums”, Theor. Comp. Sc., 123(2), 1994123(2), 1994
Back-up slidesBack-up slides
HalevyHalevy--Shamir schemeShamir scheme
Noticed that subtree differences are Noticed that subtree differences are decomposable:decomposable:
HalevyHalevy--Shamir schemeShamir scheme
Fewer special sets reduce memory Fewer special sets reduce memory requirement on receiversrequirement on receivers
ImprovementImprovement
For practical parameters save For practical parameters save additionally 20% compared to the additionally 20% compared to the Halevy-Shamir schemeHalevy-Shamir scheme