Re: [Cfrg] Comb algorithm IPR status

Benjamin Black <b@b3k.us> Fri, 06 March 2015 08:40 UTC

Return-Path: <b@b3k.us>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F11881ACD37 for <cfrg@ietfa.amsl.com>; Fri, 6 Mar 2015 00:40:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.977
X-Spam-Level:
X-Spam-Status: No, score=-1.977 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id C5Diq0xEzQlB for <cfrg@ietfa.amsl.com>; Fri, 6 Mar 2015 00:40:49 -0800 (PST)
Received: from mail-ie0-f177.google.com (mail-ie0-f177.google.com [209.85.223.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F1E5F1ACD1F for <cfrg@irtf.org>; Fri, 6 Mar 2015 00:40:48 -0800 (PST)
Received: by iebtr6 with SMTP id tr6so10585359ieb.4 for <cfrg@irtf.org>; Fri, 06 Mar 2015 00:40:48 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=t0ExF0ST2sV8H2pifW5INo1MuCiVPs8MaWYHKDL3NOM=; b=lMQSoBXWqJ0wvLwiVHfTFUx/T63VOeor7fj2Yaqv7X0ZetxYQswnSlMjUYzOq03WPZ i9IePG/dcgo+oAfHW7cBINUUXvkudC6Axv/oF/E9ajRuJaaWL3X7PGzByig84PO9g2KR nkskL7DrIkrJak3d9BUOFgErqerf6ZWERJDZe16+2sNbwPRsmdpaqdJvGQYZ/P8IjEAI 1lY57zIvSQSRA9tJM8MHfveRS0mQBsgl/0xGA7jPraLCqV95xdq4F4G5vS2Ot3IUNwVi 21nWoWySEDvvg2fuig4npkDFVHlncvPG19YgbUt3AlDLagborQT0FhZE6WWMeLUY/kGw fBXA==
X-Gm-Message-State: ALoCoQn0wob5SS3k52yWtpSbvWFCp/e2MbNJgrm0ORvpL3r0BBG2Sg2BRirgKYG35Qgg+8hMTozV
X-Received: by 10.42.79.205 with SMTP id s13mr8852512ick.67.1425631248369; Fri, 06 Mar 2015 00:40:48 -0800 (PST)
MIME-Version: 1.0
Received: by 10.36.28.145 with HTTP; Fri, 6 Mar 2015 00:40:28 -0800 (PST)
In-Reply-To: <54F9331B.6080101@shiftleft.org>
References: <54EDDBEE.5060904@isode.com> <54F8E2B1.80304@isode.com> <CA+Vbu7y-6ocP9yPrYYVmSGyboHQvLzQFonzkejwE4jxOs0ww6A@mail.gmail.com> <7FFDF55A-61BC-4114-9E8B-F23E43C42426@shiftleft.org> <54F905BA.4020102@akr.io> <CA+Vbu7ytzEa0kGhB62Go5TqK+p18NLPTEvtZcmxOo63ppKzJBA@mail.gmail.com> <54F9331B.6080101@shiftleft.org>
From: Benjamin Black <b@b3k.us>
Date: Fri, 6 Mar 2015 00:40:28 -0800
Message-ID: <CA+Vbu7zokG=zf0SiF9szEkyP=QdrikjiW4orekU5bUdU8+5ssw@mail.gmail.com>
To: Mike Hamburg <mike@shiftleft.org>
Content-Type: multipart/alternative; boundary=20cf3011e34523e48805109aa47f
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/qZBZGtpRjw1pTR9S5HEAsz-G-gs>
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] Comb algorithm IPR status
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Mar 2015 08:40:51 -0000

I have always agreed and continue to agree that the IP question is
unrelated to curve choice. Thank you for the apology.

On Thu, Mar 5, 2015 at 8:54 PM, Mike Hamburg <mike@shiftleft.org> wrote:

>
> On 03/05/2015 06:54 PM, Benjamin Black wrote:
>
>> There are only two possibilities:
>>
>> 1) The combs in the reference implementations of Goldilocks448 and NUMS
>> 512 are not the same, in which case you have an existence proof of there
>> being multiple techniques to achieve high performance and there never was a
>> legitimate IPR concern.
>> 2) The combs in the reference implementations of Goldilocks448 and NUMS
>> 512 are the same, in which case you have the IPR concern express previously.
>>
>> Which is it?
>>
>
> Hi Benjamin,
>
> The combs are different (SABS vs mLSBS), but it does not follow that there
> was no IPR
> concern.  The '907 patent could have covered SABS in addition to mLSBS, or
> some
> other patent could have read on either or both, or I could have misread
> your code and it
> wasn't doing anything patented, etc.
>
> I said in my second public email on the subject -- the one in which I
> apologized for rashly
> drafting the first an hour and a half earlier --
>
> """
> I expect (though I am not sure) that any patents that may turn up will not
> affect which
> curves should be chosen, either because they can be worked around or
> because they
> apply equally to all curves.  However, it is likely that patents will
> influence protocols and
> internal algorithms, and perhaps also things coordinate choice or point
> encoding.
> Conceivably the result could be relevant to the Montgomery vs Edwards
> discussion,
> particularly if there is no IPR-free version of the comb algorithm.
> """
>
> Again, the '907 issue was not about curve choice, at least not for me.
>
> Cheers,
> -- Mike
>