[Cfrg] US Patent 6,327,661 is 20 years old
Phillip Hallam-Baker <phill@hallambaker.com> Fri, 20 December 2019 15:19 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0007F1200B2 for <cfrg@ietfa.amsl.com>; Fri, 20 Dec 2019 07:19:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.398
X-Spam-Level:
X-Spam-Status: No, score=-1.398 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.249, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.25, HTML_MESSAGE=0.001, LOTS_OF_MONEY=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HM0DNLp2zQKS for <cfrg@ietfa.amsl.com>; Fri, 20 Dec 2019 07:19:36 -0800 (PST)
Received: from mail-oi1-f173.google.com (mail-oi1-f173.google.com [209.85.167.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7BF28120098 for <cfrg@irtf.org>; Fri, 20 Dec 2019 07:19:36 -0800 (PST)
Received: by mail-oi1-f173.google.com with SMTP id a67so4677083oib.6 for <cfrg@irtf.org>; Fri, 20 Dec 2019 07:19:36 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=ww0oAjoWacUOQQlKiK7jCE8bBexeE1O/h8m1K1mB2Z4=; b=gYu2tjLceZTgN530KxE5GIWGqn3HWCJ+2Zpd2s4xW3lVZvxVW54V/o1PkbR5uGZ+1I r9LaYMLRgXPYiLqI+pGUZuPR775LmSqYTFxeNCitkNXc0QjSJDyzC4DJBJgUnl3wV7l0 TSJiCfu3Ve4duHDciu1JNOY4FqsQ/neW3H3Sdw8f2gTMVM+ZSw422z912bJQpNe8IYdF K0pr541BlFIxS27SZt8J/JxtP+4+5z4VyDIMqSQKJLQCPCubUa3I4b8PhmPYcKrHTb1J 6MubmAtxlRLWa3y0wDxXLSJwFo01mZowH/VuRF0zyY7YrW+/Pir2Bo4Waxzmd/ypz8ve oNSA==
X-Gm-Message-State: APjAAAV+j0dRzseXsR7Ejz54g/xWTty0+YCsHVUp6w/7DzCSBRCyeotn upUg9tocPWMFm89P/e81a+slRr1/HBcH7kDrVwYZCuKvIEs=
X-Google-Smtp-Source: APXvYqyPEtc5JW1nRwi3BbjTtMcH5roZL5SxBafnPabAzXrG6BPw2QBZXuytEEgmrqkNcASamEUIL4KP1vjDX+SAac0=
X-Received: by 2002:aca:cdd6:: with SMTP id d205mr3877356oig.90.1576855175598; Fri, 20 Dec 2019 07:19:35 -0800 (PST)
MIME-Version: 1.0
From: Phillip Hallam-Baker <phill@hallambaker.com>
Date: Fri, 20 Dec 2019 10:19:24 -0500
Message-ID: <CAMm+LwgWu3Gx3cFXXkDDB85pirfaZjQ+ZJJSZ96o+ap4Nhj_FQ@mail.gmail.com>
To: IETF SAAG <saag@ietf.org>, cfrg@irtf.org
Content-Type: multipart/alternative; boundary="0000000000009a973b059a2434d0"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/AbBPO4irQf54nIHxqb6BdT5Jl6E>
Subject: [Cfrg] US Patent 6,327,661 is 20 years old
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Dec 2019 15:19:38 -0000
US Patent 6,327,661: Using unpredictable information to minimize leakage from smartcards and other cryptosystems was filed in June 1999. It is therefore more than 20 years old which usually means it has expired. http://patft.uspto.gov/netacgi/nph-Parser?Sect2=PTO1&Sect2=HITOFF&p=1&u=%2Fnetahtml%2FPTO%2Fsearch-bool.html&r=1&f=G&l=50&d=PALL&RefSrch=yes&Query=PN%2F6327661 This is a particularly important patent as it covers use of randomization to prevent the Fourier side channel attacks Paul Kocher is known for (he is the inventor). There are some extensions of the scheme that are covered by patents still in force (e.g. US10181944B2 but that one is of extreme specificity and clearly intended to keep a lock on a particular standard). I believe that it is very important that we begin using these techniques because Montgomery Ladders are not sufficient to provide protection against timing attacks so X25519/X448 are rather more vulnerable to side channel attack than people would like to admit and Ed25519/Ed448 are not protected at all. The Mesh uses similar math and as of ten minutes ago, the code for the X25519/X448 implementation passes its unit tests. My current plan is to separate this work from the rest of the Mesh and propose it to CFRG. If there is IETF work on the Mesh, the crypto parts are going to be sent there for consideration in any case. It is my understanding (see disclaimer) that this means that there is prior art for all the essential technologies used in the Mesh. Provisional patent applications were filed on certain parts of the Mesh technology but these have been abandoned with the exception of one application describing a non essential technology that the IETF has decided not to pursue in any case (US Patent Application 20190036892). Disclaimer: This is not legal advice, no warranties, all parties are responsible for performing due diligence etc.
- [Cfrg] US Patent 6,327,661 is 20 years old Phillip Hallam-Baker