[Cfrg] US Patent 6,327,661 is 20 years old

Phillip Hallam-Baker <phill@hallambaker.com> Fri, 20 December 2019 15:19 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 0007F1200B2 for <cfrg@ietfa.amsl.com>; Fri, 20 Dec 2019 07:19:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.398
X-Spam-Status: No, score=-1.398 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.249, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.25, HTML_MESSAGE=0.001, LOTS_OF_MONEY=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id HM0DNLp2zQKS for <cfrg@ietfa.amsl.com>; Fri, 20 Dec 2019 07:19:36 -0800 (PST)
Received: from mail-oi1-f173.google.com (mail-oi1-f173.google.com []) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7BF28120098 for <cfrg@irtf.org>; Fri, 20 Dec 2019 07:19:36 -0800 (PST)
Received: by mail-oi1-f173.google.com with SMTP id a67so4677083oib.6 for <cfrg@irtf.org>; Fri, 20 Dec 2019 07:19:36 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=ww0oAjoWacUOQQlKiK7jCE8bBexeE1O/h8m1K1mB2Z4=; b=gYu2tjLceZTgN530KxE5GIWGqn3HWCJ+2Zpd2s4xW3lVZvxVW54V/o1PkbR5uGZ+1I r9LaYMLRgXPYiLqI+pGUZuPR775LmSqYTFxeNCitkNXc0QjSJDyzC4DJBJgUnl3wV7l0 TSJiCfu3Ve4duHDciu1JNOY4FqsQ/neW3H3Sdw8f2gTMVM+ZSw422z912bJQpNe8IYdF K0pr541BlFIxS27SZt8J/JxtP+4+5z4VyDIMqSQKJLQCPCubUa3I4b8PhmPYcKrHTb1J 6MubmAtxlRLWa3y0wDxXLSJwFo01mZowH/VuRF0zyY7YrW+/Pir2Bo4Waxzmd/ypz8ve oNSA==
X-Gm-Message-State: APjAAAV+j0dRzseXsR7Ejz54g/xWTty0+YCsHVUp6w/7DzCSBRCyeotn upUg9tocPWMFm89P/e81a+slRr1/HBcH7kDrVwYZCuKvIEs=
X-Google-Smtp-Source: APXvYqyPEtc5JW1nRwi3BbjTtMcH5roZL5SxBafnPabAzXrG6BPw2QBZXuytEEgmrqkNcASamEUIL4KP1vjDX+SAac0=
X-Received: by 2002:aca:cdd6:: with SMTP id d205mr3877356oig.90.1576855175598; Fri, 20 Dec 2019 07:19:35 -0800 (PST)
MIME-Version: 1.0
From: Phillip Hallam-Baker <phill@hallambaker.com>
Date: Fri, 20 Dec 2019 10:19:24 -0500
Message-ID: <CAMm+LwgWu3Gx3cFXXkDDB85pirfaZjQ+ZJJSZ96o+ap4Nhj_FQ@mail.gmail.com>
To: IETF SAAG <saag@ietf.org>, cfrg@irtf.org
Content-Type: multipart/alternative; boundary="0000000000009a973b059a2434d0"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/AbBPO4irQf54nIHxqb6BdT5Jl6E>
Subject: [Cfrg] US Patent 6,327,661 is 20 years old
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Dec 2019 15:19:38 -0000

US Patent 6,327,661: Using unpredictable information to minimize leakage
from smartcards and other cryptosystems was filed in June 1999. It is
therefore more than 20 years old which usually means it has expired.


This is a particularly important patent as it covers use of randomization
to prevent the Fourier side channel attacks Paul Kocher is known for (he is
the inventor).

There are some extensions of the scheme that are covered by patents still
in force (e.g. US10181944B2 but that one is of extreme specificity and
clearly intended to keep a lock on a particular standard).

I believe that it is very important that we begin using these techniques
because Montgomery Ladders are not sufficient to provide protection against
timing attacks so X25519/X448 are rather more vulnerable to side channel
attack than people would like to admit and Ed25519/Ed448 are not protected
at all.

The Mesh uses similar math and as of ten minutes ago, the code for the
X25519/X448 implementation passes its unit tests. My current plan is to
separate this work from the rest of the Mesh and propose it to CFRG. If
there is IETF work on the Mesh, the crypto parts are going to be sent there
for consideration in any case.

It is my understanding (see disclaimer) that this means that there is prior
art for all the essential technologies used in the Mesh. Provisional patent
applications were filed on certain parts of the Mesh technology but these
have been abandoned with the exception of one application describing a non
essential technology that the IETF has decided not to pursue in any case
(US Patent Application 20190036892).

Disclaimer: This is not legal advice, no warranties, all parties are
responsible for performing due diligence etc.