PRIVATE.ME PLATFORM

xPeek: Digital Cinema Distribution

Replace single-key DCP/KDM cinema distribution with XorIDA threshold reconstruction at the theater. No single intercepted package reveals the film — a fundamentally different security model than AES-128 key wrapping.

Entertainment COMING SOON XorIDA Powered

Section 01

The Problem

Digital Cinema Packages (DCP) rely on AES-128 encryption with RSA-2048 Key Delivery Messages (KDM). One key per content element. One compromised KDM exposes the entire film. The HDCP master key leaked in 2010 and has never been revoked.

The DCP standard was designed in 2005 and has not fundamentally changed. Every theater receives the same content encrypted with a single key. Key management is centralized — a breach at the KDM distribution point compromises every theater's copy simultaneously.

The Narrowbeer replay attack (USENIX 2025) demonstrated that even the transport layer is vulnerable. PlayReady SL3000 certificates leaked in 2025, undermining the entire trust chain. The cinema industry needs a distribution model where no single point of failure exposes content.

The Old Way

Section 02

The PRIVATE.ME Solution

xPeek replaces single-key DCP distribution with XorIDA threshold shares delivered through independent channels. Theater playback requires combining shares from a threshold quorum — no single intercepted package contains viewable content.

Content is split into shares distributed via satellite, fiber, and physical media. Each delivery channel carries a share that is mathematically indistinguishable from random data. Playback reconstruction happens inside the theater's secure media block, requiring threshold shares plus time-locked authorization.

Unlike DCP's reliance on AES-128 computational security, xPeek provides information-theoretic protection. There is no key to steal, no encryption to break. The security guarantee is mathematical: k-1 shares reveal exactly zero bits of the original content, regardless of computational power.

The New Way

Section 03

How It Works

xPeek integrates XorIDA threshold splitting into cinema distribution with per-reel HMAC integrity, multi-channel delivery, and time-locked theater reconstruction.

Key Security Properties

Shares travel through independent distribution channels — no single channel carries complete content. Theater reconstruction requires threshold shares plus time-window authorization via xLock. Per-reel HMAC-SHA256 ensures integrity. Revocation is instant: invalidate any share and playback becomes impossible.

Section 04

Use Cases

🎬

Cinema

Theatrical Release

Distribute feature films through split channels so no single interception reveals the movie.

Theatrical

🌍

International

Global Day-and-Date Release

Simultaneous worldwide release with per-territory threshold reconstruction.

Global

📡

Satellite

Satellite Pre-Position

Pre-position encrypted shares via satellite with time-locked reconstruction for premiere.

Satellite

🏟️

Events

Live Event Cinema

Split live event broadcasts across channels for authenticated theater-only viewing.

Live Events

Section 05

Integration

Quick Start

import { splitDCP, authorizePlayback } from '@private.me/xpeek';

// Split feature film for 3-channel distribution
const shares = await splitDCP({
  content: dcpBuffer,
  threshold: { k: 2, n: 3 },
  channels: ['satellite', 'fiber', 'physical'],
  playWindow: { start: '2026-06-01', end: '2026-09-01' }
});
// Authorize theater playback within time window
await authorizePlayback(theaterId, shares, { requireXlock: true });

splitDCP(opts: DCPOpts): Promise<Result<ChannelShare[], SplitError>>

Splits digital cinema content into k-of-n XorIDA threshold shares with multi-channel distribution, time-locked playback windows, and per-reel HMAC integrity. Returns channel-assigned share packages.

Section 06

Security Properties

Property	Mechanism	Guarantee
Content Protection	XorIDA k-of-n split	✓ Information-theoretic
Reel Integrity	HMAC-SHA256 per-reel	✓ Tamper-evident
Playback Auth	xLock + time-lock	✓ Dual-factor bound
Key Management	No keys (split IS security)	✓ Nothing to steal

$26.6B

Content protection market

<1ms

Split latency

K-of-N

Threshold

VERIFIED BY XPROVE

Verifiable Data Protection

Every operation in this ACI produces a verifiable audit trail via xProve. HMAC-chained integrity proofs let auditors confirm that data was split, stored, and reconstructed correctly — without accessing the data itself.

XPROVE AUDIT TRAIL

Every XorIDA split generates HMAC-SHA256 integrity tags. xProve chains these into a tamper-evident audit trail that proves data was handled correctly at every step. Upgrade to zero-knowledge proofs when regulators or counterparties need public verification.

Read the xProve white paper →

GET STARTED

Ready to deploy xPeek?

Talk to Ren, our AI sales engineer, or book a live demo with our team.

Book a Demo

VERIFIABLE WITHOUT CODE EXPOSURE

Ship Proofs, Not Source

xPeek generates cryptographic proofs of correct execution without exposing proprietary algorithms. Verify integrity using zero-knowledge proofs — no source code required.

XPROVE CRYPTOGRAPHIC PROOF

Download proofs:

Tier 1 HMAC (~0.7KB)
Tier 2 Commit-Reveal (~0.5KB)
Tier 3 IT-MAC (~0.3KB)
Tier 4 KKW ZK (~0.4KB)

Verify proofs online →

Use Cases

🏛️

REGULATORY

FDA / SEC Submissions

Prove algorithm correctness for distributed systems without exposing trade secrets or IP.

Zero IP Exposure

🏦

FINANCIAL

Audit Without Access

External auditors verify secure operations without accessing source code or production systems.

FINRA / SOX Compliant

🛡️

DEFENSE

Classified Verification

Security clearance holders verify distributed systems correctness without clearance for source code.

CMMC / NIST Ready

🏢

ENTERPRISE

Procurement Due Diligence

Prove security + correctness during RFP evaluation without NDA or code escrow.

No NDA Required

Deployment Options

🌐

SaaS Recommended

Fully managed infrastructure. Call our REST API, we handle scaling, updates, and operations.

Zero infrastructure setup
Automatic updates
99.9% uptime SLA
Enterprise SLA available

View Pricing →

📦

SDK Integration

Embed directly in your application. Runs in your codebase with full programmatic control.

npm install @private.me/xpeek
TypeScript/JavaScript SDK
Full source access
Enterprise support available

Get Started →

🏢

On-Premise Upon Request

Enterprise CLI for compliance, air-gap, or data residency requirements.

Complete data sovereignty
Air-gap capable deployment
Custom SLA + dedicated support
Professional services included

Request Quote →

Enterprise On-Premise Deployment

While xPeek is primarily delivered as SaaS or SDK, we build dedicated on-premise infrastructure for customers with:

Regulatory mandates — HIPAA, SOX, FedRAMP, CMMC requiring self-hosted processing
Air-gapped environments — SCIF, classified networks, offline operations
Data residency requirements — EU GDPR, China data laws, government mandates
Custom integration needs — Embed in proprietary platforms, specialized workflows

Includes: Enterprise CLI, Docker/Kubernetes orchestration, RBAC, audit logging, and dedicated support.

Contact sales for assessment and pricing →