I have a basic question about access restriction on IPFS. Let's say Netflix wants to host its movies on IPFS. Now, I want to access a movie. Thus, Netflix uses my public key to encrypt the file. Everybody can download the file but only I can decrypt it. But if my neighbour wants to wach the same movie, Netflix has to upload a newly encrypted file. However, I will not be able to share my dowloaded version of the film as the newly encrypted file will appear as a duplicate on the network. Apparently, this defeats one of the purposes of IPFS. 

Is it possible to share data on IPFS restricted to certain people without duplicating files on the network? How could such a scenario be achieved? 

Is there a way for Netflix to share like an universal encrypted version? 

As far as I know, Netflix files can only be played through the Netflix app. So would it be an option to restrict the access to the file on the application layer? For example one could use a smart contract to keep track of active members. The Netflix app would then first check the smart contract and only play the movie if the user has paid.