Re: [Cfrg] Preliminary disclosure on twist security ...

Dan Brown <dbrown@certicom.com> Wed, 26 November 2014 15:51 UTC

Return-Path: <dbrown@certicom.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5643C1A0318 for <cfrg@ietfa.amsl.com>; Wed, 26 Nov 2014 07:51:08 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id P0Nf-22E0dtT for <cfrg@ietfa.amsl.com>; Wed, 26 Nov 2014 07:51:02 -0800 (PST)
Received: from smtp-p01.blackberry.com (smtp-p01.blackberry.com [208.65.78.88]) by ietfa.amsl.com (Postfix) with ESMTP id 39D051A0273 for <cfrg@irtf.org>; Wed, 26 Nov 2014 07:51:01 -0800 (PST)
Received: from xct106cnc.rim.net ([10.65.161.206]) by mhs210cnc.rim.net with ESMTP/TLS/AES128-SHA; 26 Nov 2014 10:51:00 -0500
Received: from XMB116CNC.rim.net ([fe80::45d:f4fe:6277:5d1b]) by XCT106CNC.rim.net ([fe80::d824:6c98:60dc:3918%16]) with mapi id 14.03.0174.001; Wed, 26 Nov 2014 10:50:59 -0500
From: Dan Brown <dbrown@certicom.com>
To: "'cfrg@irtf.org'" <cfrg@irtf.org>
Thread-Topic: Preliminary disclosure on twist security ...
Thread-Index: AdAJieU4Ye2dd7TATPKiXX6WalzfrwABn2cQ
Date: Wed, 26 Nov 2014 15:50:59 +0000
Message-ID: <810C31990B57ED40B2062BA10D43FBF5D07388@XMB116CNC.rim.net>
References: <810C31990B57ED40B2062BA10D43FBF5D072C5@XMB116CNC.rim.net>
In-Reply-To: <810C31990B57ED40B2062BA10D43FBF5D072C5@XMB116CNC.rim.net>
Accept-Language: en-CA, en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [10.65.160.249]
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=SHA1; boundary="----=_NextPart_000_017C_01D00966.DD188430"
MIME-Version: 1.0
Archived-At: http://mailarchive.ietf.org/arch/msg/cfrg/oD1LPTwXiwF11peHt_LrzhQITTg
Subject: Re: [Cfrg] Preliminary disclosure on twist security ...
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Nov 2014 15:51:08 -0000

Not sure why this first appeared as blank, sorry about that.  I've pasted
the text below for a 2nd try:

> -----Original Message-----
> From: Dan Brown

RFC 3979 "strongly encourages" a "preliminary disclosure" for any technology

being "seriously considered".

I am not sure which of this RG list or if 
http://www.ietf.org/ipr/file-disclosure.html is the correct place to make
such 
a preliminary disclosure. The RG list is more convenient for me, so here it 
goes.

Upon review today, I noticed that US Patent 6,563,928 B1, Claim 59,
supported 
in interpretation by reference to the patent specification's Column 5, lines

37-46 (which describes the case Zp*, but carries over, per the claim, to the

elliptic curve case) seems to anticipate some aspects of twist security that

are, arguably, exactly those aspects critical to avoiding an attack.  As
such, 
the patent holder may try to assert this against implementations of twist 
security.   Accordingly, I am disclosing this possibility.

Best regards,

Dan