I have a technical question:
The whitepaper isn't very specific about how the encryption works.


As I understand it:

• each tune is encrypted with a single symmetric key by AES256 and the encrypted tune is stored on IPFS
• this symmetric key is distributed to each purchaser in end-to-end encrypted fashion via Ethereum smart contract, whereas the symmetric key is encrypted with the purchaser's public key for each purchaser individually

This means:

• whoever knows the key and the IPFS hash can listen to the tune
• whoever purchased the tune knows the key and can potentially share it publicly
• moreover, encrypting the same key with millions of public keys will reduce the strength of the encryption (the whitepaper doesn't state if RSA or ECC key pairs will be used or how many bits they plan to use, so it's hard to quantify this flaw. 'lightweight' might mean few bits.

One way around this problem would be to end-to-end encrypt the tune for each purchaser individually. But this would mean that there is one file per purchaser that has to be stored (and one IPFS hash per tune and purchaser that has to be stored on the Ethereum blockchain). I doubt that such an amount of data can be stored economically, even with filecoin-like incentives.

Another question is: who knows the tune's symmetric key and is able to encrypt it for new purchasers? Will the publisher have to run a node that does this for new customers?