[Cfrg] patent situation regarding hash2curve as used in some PAKE nominations
Björn Haase <bjoern.m.haase@web.de> Sun, 22 September 2019 19:56 UTC
Return-Path: <bjoern.m.haase@web.de>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5FDD812002E for <cfrg@ietfa.amsl.com>; Sun, 22 Sep 2019 12:56:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.698
X-Spam-Level:
X-Spam-Status: No, score=-2.698 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, LOTS_OF_MONEY=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=web.de
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3kDZd4muKcjl for <cfrg@ietfa.amsl.com>; Sun, 22 Sep 2019 12:56:57 -0700 (PDT)
Received: from mout.web.de (mout.web.de [217.72.192.78]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F171A120024 for <cfrg@irtf.org>; Sun, 22 Sep 2019 12:56:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=web.de; s=dbaedf251592; t=1569182209; bh=0J4/7GN4SqSaHxez+kAQfGQaHg7BHmQfsAcjuY6Uptg=; h=X-UI-Sender-Class:Subject:To:References:From:Date:In-Reply-To; b=mbF29/vXd//CKf3q2TESR3//fxlcrwaaU0cViviJaFdtbqK4TNn1rMt050ND83Jd5 WZDt+MLf0lhfeo76B8KwyrRyfNSlE0sDjmCMJ7lANlxdRXdf7uxZiv8OkQcthtZ2XB fnhGr9pyVButyPTJNq8z0u0rXJtjXCpCrB+vN+qw=
X-UI-Sender-Class: c548c8c5-30a9-4db5-a2e7-cb6cb037b8f9
Received: from [192.168.2.161] ([94.218.65.48]) by smtp.web.de (mrweb103 [213.165.67.124]) with ESMTPSA (Nemesis) id 0MIeYe-1iEKtt08eu-002CSr for <cfrg@irtf.org>; Sun, 22 Sep 2019 21:56:49 +0200
To: cfrg@irtf.org
References: <VI1PR0501MB22558468E3C0549F452736CC838E0@VI1PR0501MB2255.eurprd05.prod.outlook.com> <CACykbs2-4XVJKZU_f90QN42XH-ec1HoUx02ts19gd3=AjjYTCA@mail.gmail.com> <CAAt2M1-zVqxQNQSts6PZmQrC7dcK4RKdn4vHKh_MeOAAK-=aPg@mail.gmail.com> <8f1cca24-ee64-7999-58bb-b4c206284716@web.de>
From: Björn Haase <bjoern.m.haase@web.de>
Message-ID: <d062e0b1-dc7b-2449-2f82-74aa6f9927e2@web.de>
Date: Sun, 22 Sep 2019 21:56:43 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.0
MIME-Version: 1.0
In-Reply-To: <8f1cca24-ee64-7999-58bb-b4c206284716@web.de>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: quoted-printable
X-Provags-ID: V03:K1:3hiotfx5+FYbkmb7mlSJR7aXYJZfeiIaYwrXYbYyT1QgpbtjjWt 2h8BpL8dIBMviMXvOvnLTiudWkrerYBNixcOlhSa90gpyh+7NwP+n4v/fK0Ii/3VDQYbRyz zUsPbrUV9k2ekrb/ilSj5G1oCIrtpkWsYypnW3jpz8yyiziudE6LkZHfmYxoezDoDdWMSKd ecI/ZYy1S2FWzdh7H9Q3A==
X-UI-Out-Filterresults: notjunk:1;V03:K0:3iSqbu1ERgQ=:Ko5SzPfGSa24thvEpHRVz6 bgUzT2CH8GQb/dtxZZUe46kk7NFmve3b1ucGoFd2HmVFfH3vV42MLqvSqXCga9Ny1MX+KYDNo 8c7XCtxgtC/pECFEkLGJqnsdVA5jM5H800AQHTJt8K+pioo4I2iK5KhtbUy3CF2BTUnwgmUv1 /c3osLJLiqTjXEZG0zCwbpJ70yz6diXPp1BH9zbostctPsSFWuBSGVyfwyI5rTyfIzM6xYtcy tXp1jhVGyr/124wwfFPxDxIwirfPvdGB+SRc76qx4a15/VllzO28/PQzqDp41g+6cFsDsNBgr K51eYGObBOV87+qHv9K7V1bdi3Ew4kt7vqndrH4fzKQfYN2QjDWxHau8pKAvbLrAr5Nq8igkO UFXRC3sCzzaUViSw67/PAA1Nkx8M8+ucNM/fmRJ/Fg3oBpRP8edC4IvUtJnxclSYulJKXAE54 V1zDOoTct3px/e1T1v9LFAxnpfcSD0BJE9fb2A75HIYUVv62rDZKfQ0nsy0e6RCw5MRhZEG6p H9FMbuQodGBtQHKtTUXPG+FIO0wbzqldFkdOrm8nSXtoR23BLqGQwwBGYP4lTWdCasZYJR6bp Sbet4bdy+vByIY2P91ebvjXtlWns3qeO5WIZAF11aLWkSfX2rAhMj4lckI0GsXsC2WEjinq3W tqPpyw8T34c/4LHwipHDd9EZYpfOeNAeTlXMW4bgTkkMBPXY3SBnffGgO9W1nRpbBWGU4XqCc uUGU817QBDtq1kb3Jt5gKCBXQkttikKf723wmy7GvSIwfVQbTafvnuSaYKgCgsWv0aNNBorfF PQIlxl677BI85XrTG7MMGKBzmjyk7Fdpl+LUZNw1VNuQS2ZIiG/ffBw9da07tazd9zysF966E 5YlnmZQZjDjHH5y0IpAAO0db9xNnFNxgZqP4O+x0t8piCbjXt//9vJiORiJz0N43ibaRIPqXc 6gGYPfwy8XMbtHyDceWzZ+sUBea2lhDZZbFclJkj4R0sOMl2rSXsNwMu8PRWfVnjrtI7PtTUQ OUCWPZ94/yRlUoDpH83ey/l1r0WiObYLUnrq1edG0yUz2LZcgn9CsaKXdCevXtvL6uZpLJ3e7 aXSwsCnx2JMaeEMPa1zrHjZZ/+xMWyw2gq0j7WDOTeRCL+5I6nZZn0p++ALOgQovM/Sr/QWMf YWpGr/JkTeYRPCYFrcA2aiygVCMlaVOKLlcj2my+bFuaLCTRXogtDlchAja0FfIM7vPC7kT1g TroA8lr5FJpRGNMgonEveCr9oM4WDF7FtvJgey/H+50xIaSRsZMZgWNIe4x0=
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/3X7cG6S79Irkw573XIocLyHV3fo>
Subject: [Cfrg] patent situation regarding hash2curve as used in some PAKE nominations
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sun, 22 Sep 2019 19:57:00 -0000
In the last week I have spent some time regarding the patent situation for hash-2-curve which is an important requirement for some of the PAKE nominations. We were aware of some patent pitfalls that drove us to include a patent circumvention approach based on the TBPEKE construction in our paper "for the case of need". After some discussion with patent people and some further research I now come to the conclusion that with the recent draft of the hash2curve RFC, we should be keeping safely away from the patents. Methods such as the circumvention approach from Appendix A of the AuCPace paper are most surely not necessary and should not be used. The important aspect is that it seems that in all relevant countries divisional applications seem to be ruled out for patents that once have been granted. Historically this was not the case everywhere, but legislation seem to have been harmonized. This means that for the existing patents that we only need to consider what is actually claimed and not what might be interpreted successfully into the descriptive text. My main concern so far was that the patent family of the joint work of Icart and Coron might generate trouble in the context of divisional applications because the descriptive text explicitly references also to the use of any non-square special value as part of the mapping algorithm for simplying SWU. I now come to the conclusion, that as long we keep away from the exact value of the non-square "-1" for simplified SWU constructions, we should not be facing patent problems. @Riad: Maybe you could also double check that what you are doing in the RFC for your version of the simplified SWU is not covered by claim 1 of US 8,718,276 B2. Yours, Björn.
- Re: [Cfrg] aPAKE Analysis / Why System-Level-View Björn Haase
- Re: [Cfrg] aPAKE Analysis / Why System-Level-View Jonathan Hoyland
- Re: [Cfrg] aPAKE Analysis / Why System-Level-View Natanael
- Re: [Cfrg] aPAKE Analysis / Why System-Level-View Björn Haase
- Re: [Cfrg] aPAKE Analysis / Why System-Level-View Björn Haase
- [Cfrg] patent situation regarding hash2curve as u… Björn Haase
- Re: [Cfrg] aPAKE Analysis / Why System-Level-View Natanael