Re: [Cfrg] Comb algorithm IPR status

Mike Hamburg <> Fri, 06 March 2015 04:54 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id E46641AC442 for <>; Thu, 5 Mar 2015 20:54:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: 1.555
X-Spam-Level: *
X-Spam-Status: No, score=1.555 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FH_HOST_EQ_D_D_D_D=0.765, FH_HOST_EQ_D_D_D_DB=0.888, HELO_MISMATCH_ORG=0.611, HOST_MISMATCH_NET=0.311, RDNS_DYNAMIC=0.982, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id ggIsC7cEzRyM for <>; Thu, 5 Mar 2015 20:54:52 -0800 (PST)
Received: from ( []) (using TLSv1.1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id DDC141AC43D for <>; Thu, 5 Mar 2015 20:54:51 -0800 (PST)
Received: from [] (unknown []) by (Postfix) with ESMTPSA id 038CD3AA26; Thu, 5 Mar 2015 20:52:23 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;; s=sldo; t=1425617544; bh=ikIrrW+ls1rSHVgtiZLjWbLuxbzc922jgwkscifhGFk=; h=Date:From:To:CC:Subject:References:In-Reply-To:From; b=KUK6MZpXQuxcY9CXhnTFsW67yewXyhBoivtIaTRfMib7/yBjJsJhWx3JJV/E6TwDr zPEawMfN+r7ZvatmQaIV9xARxftMwGfAZ6r5pikLdnEOAcL7T8dYM/BWOplG2QyUGA QBnikYrSvMl2d7Osw1hEIhiGtQLMoGMNPvBxqaFo=
Message-ID: <>
Date: Thu, 05 Mar 2015 20:54:51 -0800
From: Mike Hamburg <>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.5.0
MIME-Version: 1.0
To: Benjamin Black <>, Alyssa Rowan <>
References: <> <> <> <> <> <>
In-Reply-To: <>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
Archived-At: <>
Cc: "" <>
Subject: Re: [Cfrg] Comb algorithm IPR status
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 06 Mar 2015 04:54:53 -0000

On 03/05/2015 06:54 PM, Benjamin Black wrote:
> There are only two possibilities:
> 1) The combs in the reference implementations of Goldilocks448 and 
> NUMS 512 are not the same, in which case you have an existence proof 
> of there being multiple techniques to achieve high performance and 
> there never was a legitimate IPR concern.
> 2) The combs in the reference implementations of Goldilocks448 and 
> NUMS 512 are the same, in which case you have the IPR concern express 
> previously.
> Which is it?

Hi Benjamin,

The combs are different (SABS vs mLSBS), but it does not follow that 
there was no IPR
concern.  The '907 patent could have covered SABS in addition to mLSBS, 
or some
other patent could have read on either or both, or I could have misread 
your code and it
wasn't doing anything patented, etc.

I said in my second public email on the subject -- the one in which I 
apologized for rashly
drafting the first an hour and a half earlier --

I expect (though I am not sure) that any patents that may turn up will 
not affect which
curves should be chosen, either because they can be worked around or 
because they
apply equally to all curves.  However, it is likely that patents will 
influence protocols and
internal algorithms, and perhaps also things coordinate choice or point 
Conceivably the result could be relevant to the Montgomery vs Edwards 
particularly if there is no IPR-free version of the comb algorithm.

Again, the '907 issue was not about curve choice, at least not for me.

-- Mike