Re: [Cfrg] Elliptic Curve patents
"D. J. Bernstein" <djb@cr.yp.to> Fri, 07 October 2016 23:13 UTC
Return-Path: <djb-dsn2-1406711340.7506@cr.yp.to>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 475A1129473 for <cfrg@ietfa.amsl.com>; Fri, 7 Oct 2016 16:13:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.199
X-Spam-Level:
X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mmzCXMmoGO-9 for <cfrg@ietfa.amsl.com>; Fri, 7 Oct 2016 16:13:47 -0700 (PDT)
Received: from calvin.win.tue.nl (calvin.win.tue.nl [131.155.70.11]) by ietfa.amsl.com (Postfix) with SMTP id 819FA12946C for <cfrg@irtf.org>; Fri, 7 Oct 2016 16:13:46 -0700 (PDT)
Received: (qmail 17573 invoked by uid 1017); 7 Oct 2016 23:13:43 -0000
Received: from unknown (unknown) by unknown with QMTP; 7 Oct 2016 23:13:43 -0000
Received: (qmail 4927 invoked by uid 1000); 7 Oct 2016 23:13:38 -0000
Date: Fri, 07 Oct 2016 23:13:38 -0000
Message-ID: <20161007231338.4926.qmail@cr.yp.to>
From: "D. J. Bernstein" <djb@cr.yp.to>
To: cfrg@irtf.org
Mail-Followup-To: cfrg@irtf.org
In-Reply-To: <CAEseHRo8HPiyC62Q6wuXkC1THxFJDM+m9ivTRuMfif-AcUWE_w@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/h_kopTHkQkde7MQ42UdJ748Zhag>
Subject: Re: [Cfrg] Elliptic Curve patents
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Oct 2016 23:13:49 -0000
Michael Scott writes: > But I would read this as suggesting that Siemens holds a patent on > twist secure curves (like GoldiLocks). https://cr.yp.to/talks/2001.10.29/slides.ps gives an example of a curve for ECC selected with 16*prime order. It summarizes the performance of the Montgomery ladder and says "Twist has order 8*prime, so don't need to check whether compressed input K_b is on curve." https://groups.google.com/forum/message/raw?msg=sci.crypt/mu_paShEU3w/m491pYxHbtAJ has a similar comment. As far as I know, the first attempt to patent twist security was http://www.freepatentsonline.com/DE10161138A1.html, but this was filed in Germany after my slides were posted, so the slides automatically count as prior art even if the "inventors" claim that they were first. In the US, back then, there was a 1-year period after publication when other people were free to file a patent on the same idea, as long as they claimed that they had invented it earlier. For some reason this 1-year period was called a "grace period" rather than a "fraud period". Anyway, Germany never had any similar rule, and as far as I know these "inventors" didn't start filing for ECC patents in the US until many years later. ---Dan
- [Cfrg] Elliptic Curve patents Michael Scott
- Re: [Cfrg] Elliptic Curve patents Kyle Rose
- Re: [Cfrg] Elliptic Curve patents Dan Brown
- Re: [Cfrg] Elliptic Curve patents Michael Scott
- Re: [Cfrg] Elliptic Curve patents Bodo Moeller
- Re: [Cfrg] Elliptic Curve patents D. J. Bernstein