[saag] US Patent 6,327,661 is 20 years old
Phillip Hallam-Baker <phill@hallambaker.com> Fri, 20 December 2019 15:19 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EF34F12009E for <saag@ietfa.amsl.com>; Fri, 20 Dec 2019 07:19:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.398
X-Spam-Level:
X-Spam-Status: No, score=-1.398 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.249, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.25, HTML_MESSAGE=0.001, LOTS_OF_MONEY=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id opkQGgiVWfNF for <saag@ietfa.amsl.com>; Fri, 20 Dec 2019 07:19:36 -0800 (PST)
Received: from mail-oi1-f179.google.com (mail-oi1-f179.google.com [209.85.167.179]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A3A261200B1 for <saag@ietf.org>; Fri, 20 Dec 2019 07:19:36 -0800 (PST)
Received: by mail-oi1-f179.google.com with SMTP id c16so4697412oic.3 for <saag@ietf.org>; Fri, 20 Dec 2019 07:19:36 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=ww0oAjoWacUOQQlKiK7jCE8bBexeE1O/h8m1K1mB2Z4=; b=Ac1FXC5hw1XI5Y3vcvmoW+g9qexRzzpMw/g2pKWgaZn4VMpBfbOui7wm/8b2uCptl0 OmNBIILXG09prPz06wECTTKZcRzh5q6S8hlzESiAzeUEt38j1Zf+B+GzftD0bkFsxaAq q8RJ3n3HCPLjrqr05DNdnczBukvp4LGWfD6Q5vAJRsCSDiu+QlKyaiH6KD5Zhz6813qU cskQ5lljbXrehf8MLg3GXQkPRC3XVerSJCr9JkGNzmtM1K3yziO92HJtqVm57sBkB3RH ROz8pXEbM9muipiKahTl1nAas9SJDDQe8KeeaTzrbYBL9dEb1N002hNW2VzDlDagT0uC +SMQ==
X-Gm-Message-State: APjAAAUdLpB2akfiNaaIwX/7vpmmM0c6z8vWgRQyOcJonpJcPnVoTtGG J29LLkosQI3ivHPY5UXOQ5rXFzPnBG+edoMxYARzvJXQN4Q=
X-Google-Smtp-Source: APXvYqyPEtc5JW1nRwi3BbjTtMcH5roZL5SxBafnPabAzXrG6BPw2QBZXuytEEgmrqkNcASamEUIL4KP1vjDX+SAac0=
X-Received: by 2002:aca:cdd6:: with SMTP id d205mr3877356oig.90.1576855175598; Fri, 20 Dec 2019 07:19:35 -0800 (PST)
MIME-Version: 1.0
From: Phillip Hallam-Baker <phill@hallambaker.com>
Date: Fri, 20 Dec 2019 10:19:24 -0500
Message-ID: <CAMm+LwgWu3Gx3cFXXkDDB85pirfaZjQ+ZJJSZ96o+ap4Nhj_FQ@mail.gmail.com>
To: IETF SAAG <saag@ietf.org>, cfrg@irtf.org
Content-Type: multipart/alternative; boundary="0000000000009a973b059a2434d0"
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/d_D6CCQj16ajdU2HwBMOzKgw7RI>
Subject: [saag] US Patent 6,327,661 is 20 years old
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Dec 2019 15:19:38 -0000
US Patent 6,327,661: Using unpredictable information to minimize leakage from smartcards and other cryptosystems was filed in June 1999. It is therefore more than 20 years old which usually means it has expired. http://patft.uspto.gov/netacgi/nph-Parser?Sect2=PTO1&Sect2=HITOFF&p=1&u=%2Fnetahtml%2FPTO%2Fsearch-bool.html&r=1&f=G&l=50&d=PALL&RefSrch=yes&Query=PN%2F6327661 This is a particularly important patent as it covers use of randomization to prevent the Fourier side channel attacks Paul Kocher is known for (he is the inventor). There are some extensions of the scheme that are covered by patents still in force (e.g. US10181944B2 but that one is of extreme specificity and clearly intended to keep a lock on a particular standard). I believe that it is very important that we begin using these techniques because Montgomery Ladders are not sufficient to provide protection against timing attacks so X25519/X448 are rather more vulnerable to side channel attack than people would like to admit and Ed25519/Ed448 are not protected at all. The Mesh uses similar math and as of ten minutes ago, the code for the X25519/X448 implementation passes its unit tests. My current plan is to separate this work from the rest of the Mesh and propose it to CFRG. If there is IETF work on the Mesh, the crypto parts are going to be sent there for consideration in any case. It is my understanding (see disclaimer) that this means that there is prior art for all the essential technologies used in the Mesh. Provisional patent applications were filed on certain parts of the Mesh technology but these have been abandoned with the exception of one application describing a non essential technology that the IETF has decided not to pursue in any case (US Patent Application 20190036892). Disclaimer: This is not legal advice, no warranties, all parties are responsible for performing due diligence etc.
- [saag] US Patent 6,327,661 is 20 years old Phillip Hallam-Baker