Re: [Cfrg] Preliminary disclosure on twist security ...
Watson Ladd <watsonbladd@gmail.com> Wed, 26 November 2014 15:55 UTC
Return-Path: <watsonbladd@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6D81F1A034F for <cfrg@ietfa.amsl.com>; Wed, 26 Nov 2014 07:55:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, LOTS_OF_MONEY=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id r6iunctdbR43 for <cfrg@ietfa.amsl.com>; Wed, 26 Nov 2014 07:55:22 -0800 (PST)
Received: from mail-yk0-x235.google.com (mail-yk0-x235.google.com [IPv6:2607:f8b0:4002:c07::235]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DA0EE1A0363 for <cfrg@irtf.org>; Wed, 26 Nov 2014 07:55:21 -0800 (PST)
Received: by mail-yk0-f181.google.com with SMTP id 142so1380223ykq.40 for <cfrg@irtf.org>; Wed, 26 Nov 2014 07:55:21 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=1QSqHIvxh2qJA0r7ky7JRbL7Yk7csz9H2ak+dDl2ppc=; b=cpk1O83eZywV6YHBz0jXjrfCkgeExvx/qzEbz5jLE02J6QyNChpNafnmwKXecD4NCq 742fCrmfMHBi6+SNI4thH5ULEoNAzYrB3yhKRvYUwI8u1K4UaQN6bgpbeGFMsYp9Acd6 DRlwGC8vW7jqJFvRcYft+v+CeOclzydgajYS2bN1692aYY1edwQ14sAeXMNe6d4PGy3H eGVqJpWeVp2G0klp1n5tMRP5uQISbuthqMgLASDD3qDmkCs4XlGzs2soINc4y9M/gKey qdAmg7DiNgtGKH7P5DGZcy5cvXusSpGuolDqQEtG8lb505zr/0pv4yM0rSTztPrnvJ+L ZUag==
MIME-Version: 1.0
X-Received: by 10.170.89.130 with SMTP id g124mr22378167yka.24.1417017321078; Wed, 26 Nov 2014 07:55:21 -0800 (PST)
Received: by 10.170.195.21 with HTTP; Wed, 26 Nov 2014 07:55:21 -0800 (PST)
In-Reply-To: <810C31990B57ED40B2062BA10D43FBF5D072C5@XMB116CNC.rim.net>
References: <810C31990B57ED40B2062BA10D43FBF5D072C5@XMB116CNC.rim.net>
Date: Wed, 26 Nov 2014 07:55:21 -0800
Message-ID: <CACsn0ck5vgB5qojL2o38Vb=mt9ZFNres+EVXBsBK=VRjrpwLzw@mail.gmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
To: Dan Brown <dbrown@certicom.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: http://mailarchive.ietf.org/arch/msg/cfrg/CMesUt2LhRc_6n8q7umLdIUw84Y
Cc: "cfrg@irtf.org" <cfrg@irtf.org>, "djb@cr.yp.to" <djb@cr.yp.to>
Subject: Re: [Cfrg] Preliminary disclosure on twist security ...
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Nov 2014 15:55:23 -0000
The patent in question is US6563928. The claim cited reads as follows: "53. A method of establishing a session key for encryption of data between a pair of correspondents comprising the steps of one of said correspondents selecting a finite group G, establishing a subgroup S having an order q of the group G, determining an element α of the subgroup S to generate greater than a predetermined number of the q elements of the subgroup S and utilising said element α to generate a session key at said one correspondent." "59: 58. A method according to claim 53 wherein said order of said subgroup is of the form utilising an integral number of a product of a plurality of large primes. 59. A method according to claim 58 wherein the order of said subgroup is of the form nrr′ where n, r and r′ are each integers and r and r′ are each prime numbers." This doesn't appear to have anything to do that directly with twist security. It does appear to cover the algorithm Microsoft proposed for dealing with points of low order on NUMS curves in claim 15. The claim above would seem to cover any implementation of discrete logarithm based cryptography that uses subgroup membership checks as a means to ensure contributory behavior. Sincerely, Watson Ladd 2014-11-26 7:35 GMT-08:00 Dan Brown <dbrown@certicom.com>: > _______________________________________________ > Cfrg mailing list > Cfrg@irtf.org > http://www.irtf.org/mailman/listinfo/cfrg -- "Those who would give up Essential Liberty to purchase a little Temporary Safety deserve neither Liberty nor Safety." -- Benjamin Franklin
- [Cfrg] Preliminary disclosure on twist security .… Dan Brown
- Re: [Cfrg] Preliminary disclosure on twist securi… Dan Brown
- Re: [Cfrg] Preliminary disclosure on twist securi… Watson Ladd
- Re: [Cfrg] Preliminary disclosure on twist securi… Alyssa Rowan
- Re: [Cfrg] Preliminary disclosure on twist securi… Dan Brown
- Re: [Cfrg] Preliminary disclosure on twist securi… Dan Brown
- Re: [Cfrg] Preliminary disclosure on twist securi… Watson Ladd
- Re: [Cfrg] Preliminary disclosure on twist securi… Dan Brown
- Re: [Cfrg] Preliminary disclosure on twist securi… Michael Hamburg
- Re: [Cfrg] Preliminary disclosure on twist securi… Dan Brown
- Re: [Cfrg] Preliminary disclosure on twist securi… Michael Hamburg