Cryptanalysis of BGW broadcast encryption schemes for DVD content protection
Security systems should not only be correctly devised but also be correctly used. In Crypto 2005, Boneh, Gentry and Waters (BGW) proposed two efficient broadcast encryption schemes proven secure in their security definition. They also suggested for a number of applications of their schemes including satellite TV subscription services and DVD content protections. In contrast to this suggestion, we show that any legitimate decoder(s) can collude with the revoked decoders to produce exponentially many equivalent decryption keys, and moreover, this activity cannot be traced by the dealer. Our results remind of abuse that their schemes are not suitable for the satellite TV subscription services or DVD content protection applications, although their schemes may be applicable in trusted environments such as conference key distribution.