Serial Key Dust Settle -

At each guess, the attacker removes one possible completion from the keyspace. The probability distribution shifts from a delta peak (one candidate guessed) toward uniform. The KL divergence decreases proportionally to the fraction of remaining untested keys. Solving the difference equation yields exponential decay. ∎ 4. Implications for License System Design The "settling" phenomenon implies that an attacker who learns any non-trivial prefix can reduce the effective keyspace exponentially fast. For example, with ( n=20, m=10 ) unknown chars (( \approx 50 ) bits entropy), the dust settles after approximately ( 2^49 ) guesses—still infeasible. However, if validation logic introduces bias (e.g., only 1% of random strings pass checksum), then ( N_\textvalid ) is small, and settling occurs rapidly.

After each partial disclosure, the remaining unknown "dust" of the key—the unresolved characters—experiences a transient period where the probability distribution over possible completions is non-uniform. We define the "dust settling" as the moment when this distribution becomes statistically indistinguishable from uniform (maximum entropy) given the known constraints. serial key dust settle

[ D(t) = D_KL(P_t(K_U) \parallel U_\textvalid) ] At each guess, the attacker removes one possible

No prior work has quantified how long (in terms of computational steps or guesses) it takes for this dust to settle. This paper fills that gap. 2. Formal Model 2.1 Key Representation Let a serial key be a string ( K = k_1 k_2 \ldots k_n ) where each ( k_i \in \Sigma ), ( |\Sigma| = 32 ) (alphanumeric excluding ambiguous chars). Total keyspace size ( N = 32^n ). 2.2 Partial Disclosure Event An attacker learns a set of positions ( P \subset 1,\ldots,n ) and their values. Let ( U = 1,\ldots,n \setminus P ) be the unknown positions. Before any attack, entropy ( H(K) = n \log_2 32 ). After disclosure, conditional entropy: Solving the difference equation yields exponential decay

[ H(K | K_P) = |U| \log_2 32 ]

Software licensing, entropy decay, partial key disclosure, brute-force resistance, key space settlement. 1. Introduction Serial keys (e.g., XXXXX-XXXXX-XXXXX-XXXXX ) are typically 20–25 alphanumeric characters, offering between 80 and 120 bits of entropy. However, real-world attacks rarely brute-force the entire space. Instead, an attacker may incrementally discover segments: for instance, they acquire the first 8 bits via a debugger leak, or they observe that a valid key starts with "A1B2C".

| Attempts (log2) | KL Divergence (bits) | |----------------|----------------------| | 0 | 8.000 | | 10 | 7.998 | | 20 | 7.125 | | 30 | 3.210 | | 34 | 0.008 (< ε) |