Breaking DVB-CSA

  • Erik Tews
  • Julian Wälde
  • Michael Weiner
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7242)


Digital Video Broadcasting (DVB) is a set of standards for digital television. DVB supports the encryption of a transmission using the Common Scrambling Algorithm (DVB-CSA). This is commonly used for PayTV or for other conditional access scenarios. While DVB-CSA support 64 bit keys, many stations use only 48 bits of entropy for the key and 16 bits are used as a checksum. In this paper, we outline a time-memory-tradeoff attack against DVB-CSA, using 48 bit keys. The attack can be used to decrypt major parts a DVB-CSA encrypted transmission online with a few seconds delay at very moderate costs. We first propose a method to identify plaintexts in an encrypted transmission and then use a precomputed rainbow table to recover the corresponding keys. The attack can be executed on a standard PC, and the precomputations can be accelerated using GPUs. We also propose countermeasures that prevent the attack and can be deployed without having to alter the receiver hardware.


Smart Card Lookup Table Block Cipher Stream Cipher Round Function 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    DVB Common Scrambling Algorithm - Distribution Agreements. Technical report, ETSI (June 1996)Google Scholar
  2. 2.
    ETSI Technical Report 289 - Digital Video Broadcasting (DVB); Support for use of scrambling and Conditional Access (CA) within digital broadcasting systems. Technical report, ETSI (October 1996)Google Scholar
  3. 3.
    ETSI EN 300 421 - Digital Video Broadcasting (DVB); Framing structure, channel coding and modulation for 11/12 GHz satellite services. Technical report, ETSI (August 1997)Google Scholar
  4. 4.
    ETSI EN 300 429 - Digital Video Broadcasting (DVB); Framing structure, channel coding and modulation for cable systems. Technical report, ETSI (April 1998)Google Scholar
  5. 5.
    ETSI EN 300 744 - Digital Video Broadcasting (DVB); Framing structure, channel coding and modulation for digital terrestrial television. Technical report, ETSI (January 2009)Google Scholar
  6. 6.
    Kühn, G.J., et al.: System and apparatus for blockwise encryption/decryption of data. Technical report (August 1998)Google Scholar
  7. 7.
    Kühn, G.J., et al.: ETSI EN 301 192 - Digital Video Broadcasting (DVB); DVB specification for data broadcasting. Technical report (April 2008)Google Scholar
  8. 8.
    Kim, W.-H., Chen, K.-J., Cho, H.-S.: Design and implementation of MPEG-2/DVB scrambler unit and VLSI chip. IEEE Transactions on Consumer Electronics 43(3), 980–985 (1997)CrossRefGoogle Scholar
  9. 9.
    Li, W.: Security Analysis of DVB Common Scrambling Algorithm. In: Data, Privacy, and E-Commerce, ISDPE 2007, pp. 271–273. IEEE (2007)Google Scholar
  10. 10.
    Oechslin, P.: Making a Faster Cryptanalytic Time-Memory Trade-Off. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 617–630. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  11. 11.
    I. Rec. H. 262– iso/iec 13818-2. Information technology–Generic coding of moving pictures and associated audio information–Video (2000)Google Scholar
  12. 12.
    Simpson, L., Henricksen, M., Yap, W.-S.: Improved Cryptanalysis of the Common Scrambling Algorithm Stream Cipher. In: Boyd, C., González Nieto, J. (eds.) ACISP 2009. LNCS, vol. 5594, pp. 108–121. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  13. 13.
    Weinmann, R.-P., Wirt, K.: Analysis of the DVB Common Scrambling Algorithm (2003)Google Scholar
  14. 14.
    Wirt, K.: Fault Attack on the DVB Common Scrambling Algorithm. In: Gervasi, O., Gavrilova, M.L., Kumar, V., Laganá, A., Lee, H.P., Mun, Y., Taniar, D., Tan, C.J.K. (eds.) ICCSA 2005. LNCS, vol. 3481, pp. 577–584. Springer, Heidelberg (2005)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Erik Tews
    • 1
  • Julian Wälde
    • 1
  • Michael Weiner
    • 2
  1. 1.Fachbereich InformatikTechnische Universität DarmstadtDarmstadtGermany
  2. 2.Technische Universität MünchenGermany

Personalised recommendations