SUN Microsystems have announced a new open source DRM solution. But they’ve ignored on of the most fundamental laws of modern cryptography; Kerckhoffs’s axiom. Work of genius? By the look of the press releases – no – just a pure oversight and lack of understanding of a complex, unfamiliar field.

Sun’s DReaM project, was launched with great fanfare as an open source DRM format. The problrem is that if it is “open” in the true sense–i.e. a publicly available standard that anyone is free to implement–“open DRM” it is just a easy to compile a program with the code that that unprotects anyone elses protected files as it is to build one that does anything else. Some DRM companies will release the source code to licensed authorised clients, but none will simply publish the code publicly for just this reason.

In a marketing ploy to make all of their products more “open” SUN have figured that if we can have open operating systems and open processors, why not DRM. Well there is a reason why this is not the case. At the heart of any DRM system is a cryptography system. There is a fundamental law of modern cryptography called Kerckhoffs’s axiom. It states that keys, rather than   encryption  algorithms, lie at the heart of the science of secrecy, a principle and it was first explicitly stated as an axiom by the Dutch linguist and cryptographer August Kerckhoffs von Nieuwenhof in 1883.

And the problem – or rather the impossibility in Digital Rights Management is that you need to both give the viewer or user of content the keys – and hide them at the same time. If this is on his or her own computer this means that in principle – and according to standard cryptographic rule – Digital Rights Management is impossible. This has led to a number of refutations of the validity of Digital Rights Management on the basis of ‘cryptographic’ integrity by cryptographers as distinguished as Ross Anderson and Bruce Schneier. The point is though that any open source DRM system will allow anyone who downloads the source code to make a little routine to get anyone elses keys and unlock their content for free. This is not a minor oversight – it is the fundamental reason why DRM is different from cryptography – and the reason why to talk about open source DRM shows a lack of understanding of what DRM really is and how it works.


Source by Will Gibson