I am trying to create a system where to unlock the application one needs to ente

Question

I am trying to create a system where to unlock the application one needs to enter a serial code. I have read many articles on the theme but there are two problems bugging me. One is, If I have a keygen and I can generate as many keys as I like then anyone else can do that too, but solving this by requiring a long "private key" there occurs another problem.

Usually serial codes are supposed to be short and easy to type but even the shortest Elliptical curve signature algorithm has a signature size of 160-bits which could not possibly fit into the 100 bits I have. Is it possible to use a threshold approach?

I have seen many similar questions (please do not mark as duplicate) but none have answered my main question as to how can you treat the serial code as a signed document if the length of signature is at least 60 bits more than the maximum allowable size of a serial code?

Could you please give a deeper insight on my question and bare with my lack of knowledge in many areas? Thank you.

Explanation / Answer

If you want N serial numbers, your serial numbers will have to use n bits for uniqueness, where n=log2N. So if you have 100 bits to use for the serial, you could use 20 to get about a million serials and have 80 bits to use for a cryptographic MAC or signature.

Now there are two approaches, the symmetric and the asymmetric.

+ In the symmetric approach, you have a key k and calculate a b-bit MAC for each n-bit ID: S=I||MACk(I).

This is very easy and allows an arbitrary split between b and n by truncating a longer MAC if needed. However, if the program can be easily studied, you may find the key and be able to use that for a key generator.

With b=80 this is quite secure as long as the key remains secret. (Within the realm of plausibility if the adversary is dedicated, but very unlikely against a random CD key.)

+ In the asymmetric approach, you have a key-pair (s,p) and calculate a signature for the ID that can be verified with the public key.

Here you would need a public key system with exactly b-bit signatures. OTOH, it would prevent even someone who can find the public key from creating serials... but wouldn't prevent someone from overwriting the public key with their own.

However, with b=80 you'd need an 80-bit elliptic curve, which is not secure (nor would a 100-bit one be). It's only approximately as secure as a 40-bit symmetric key would be, and can be broken relatively easily without special hardware.

Therefore, if you need only 100-bit serials, I would recommend the former route. It's just security through obscurity, but the alternative isn't secure either.

Related Questions

Navigate

• Browse (All)
• Browse I
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.