Re: [Cfrg] Elliptic Curve patents

Michael Scott <mike.scott@miracl.com> Fri, 07 October 2016 12:57 UTC

Return-Path: <mike.scott@miracl.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5E8761294C7 for <cfrg@ietfa.amsl.com>; Fri, 7 Oct 2016 05:57:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, LOTS_OF_MONEY=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=miracl-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TTkZpoTQwZWv for <cfrg@ietfa.amsl.com>; Fri, 7 Oct 2016 05:57:27 -0700 (PDT)
Received: from mail-it0-x22a.google.com (mail-it0-x22a.google.com [IPv6:2607:f8b0:4001:c0b::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 56FDB1294BC for <cfrg@irtf.org>; Fri, 7 Oct 2016 05:57:27 -0700 (PDT)
Received: by mail-it0-x22a.google.com with SMTP id z65so6211334itc.0 for <cfrg@irtf.org>; Fri, 07 Oct 2016 05:57:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=miracl-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=gbKX1Dagmjn8238hu29FJ2VJ/fK2PH5w7Sqx7NdjayE=; b=OvknzlfLykq6uO7b6akhuoWf45UZ2NBIZuzcwSfi5zdtbO7rEukhSK7mcTumdM6yOs NYyBVf05mJD7gHN/4qR8t2acn0yBS6EolDXkkLLE0SgY4emK7C0p/+ZbgbB8q1xqIao8 Lkr88RA5UBGwTGNx/+8xd7xqH/v+DnawlXwPDYtshInp0VypuFlQRVhHAm7Iig42uxTl XbzL7YWjShHc46gwNE3JbXymwnv0tDS2aH9s8cGT/WuI/Ye68OkPsRtNtI2XqfQqymU5 CTiVG47hJgWMxP08kPR4TMc2Hn9OEY5KdE4n/h/ochxpix43QypkCIRIc9jv+KCcr4EX EK3w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=gbKX1Dagmjn8238hu29FJ2VJ/fK2PH5w7Sqx7NdjayE=; b=erLD3HyIyBEFy0H0dtJGyFNfyThWt+efurVcK1V9uzeYZ7b5v2hXAKp33viR+b4seJ cSxdfBRaOeoHKbDxwANc97mAobtQfLtlXqcoLMTe5I7r/9D6+31VcRbFQhBTXDhfpK4M u5mB3gkVzYeGRA5fJp3e/7g9DG4LaBxKKiza5jYKa/vxVqWcTEZDBw4fhFtQnSMU/vII LH2yxgj+5EWvXIiwjFNTGvgZKBL5OJYxcAqQN5Y/dYTq0U4n0icjuxqq4AQwksUqvb9b 37nYNmsO7hC4sQSIHcgzIDvi0ldsNbiS7cUKygrBSDSBnehPW1GjxoQPX7BKqynd+IKd estw==
X-Gm-Message-State: AA6/9RnjcA8I578w+R+LHlsRfVZ2P+9vWMeShVIQ8w4HlxQFckdB669m9JApw9eA3n76saLdvRPBUOMj6uXf22H9
X-Received: by 10.36.233.65 with SMTP id f62mr13038616ith.36.1475845046632; Fri, 07 Oct 2016 05:57:26 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.36.133.11 with HTTP; Fri, 7 Oct 2016 05:57:26 -0700 (PDT)
In-Reply-To: <20161007123222.5709905.79318.5815@blackberry.com>
References: <CAEseHRo8HPiyC62Q6wuXkC1THxFJDM+m9ivTRuMfif-AcUWE_w@mail.gmail.com> <20161007123222.5709905.79318.5815@blackberry.com>
From: Michael Scott <mike.scott@miracl.com>
Date: Fri, 7 Oct 2016 13:57:26 +0100
Message-ID: <CAEseHRqnWx3LKqqX4C6H8Nf9ZnCuHv2W4yBg8U3huQAz06F6WA@mail.gmail.com>
To: Dan Brown <danibrown@blackberry.com>
Content-Type: multipart/alternative; boundary=94eb2c117188bf93c9053e45f3ec
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/Z7pMOsekCXv0nqmMUQdPtTv8t4U>
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] Elliptic Curve patents
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Oct 2016 12:57:29 -0000

Hello Dan,


Here is another of Meyer's patents, that I think may cause a problem for a
method of multiplicative masking recommended by yourself and others (Scott
Fluhrer?) in the past, and commonly used for modular inversion in the
context of ECDSA signature

https://www.google.com/patents/US20080201398


Mike



On Fri, Oct 7, 2016 at 1:32 PM, Dan Brown <danibrown@blackberry.com> wrote:

> how are "strong" primes defined here?
>
>
> *From: *Michael Scott
> *Sent: *Friday, October 7, 2016 5:57 AM
> *To: *cfrg@irtf.org
> *Subject: *[Cfrg] Elliptic Curve patents
>
> I was just doing some checking on the status of patents as applicable to
> Elliptic Curve Cryptography, and I came across the very impressive patent
> portfolio of one Bernd Meyer.
>
> http://patents.justia.com/inventor/bernd-meyer?page=2
>
> See for example this one..
>
> Cryptographic method with elliptical curves
> <http://patents.justia.com/patent/8582761>
> Patent number: 8582761
> Abstract: A method determines an elliptical curve, suitable for a
> cryptographic method. An elliptical curve to be tested is prepared. The
> order of a twisted elliptical curve associated with the elliptical curve to
> be tested is determined. It is automatically checked whether the order of
> the twisted elliptical curve is a strong prime number. If the order of the
> twisted elliptical curve is a strong prime number, the elliptical curve to
> be tested is selected as an elliptical curve suitable for cryptographical
> methods.
> Type: Grant
> Filed: March 6, 2007
> Date of Patent: November 12, 2013
> Assignee: Siemens Aktiengesellschaft
> Inventors: Jean Georgiades, Anton Kargl, Bernd Meyer
>
> Now I know that no-one here is a lawyer. But I would read this as
> suggesting that Siemens holds a patent on twist secure curves (like
> GoldiLocks).
>
> Tell me it ain't so. And not just that, if you look at the full portfolio,
> many other commonly used techniques for ECC are also covered.
>
>
> Mike Scott
>
>