The main rationale behind granting patent monopoly is for the disclosure of the technique to the public. As such, patents are public record. There is no danger of violating copyright by publishing patents, already public information. Here is RSADSI's patent portfolio: Public Key Cryptographic Apparatus and Method ("Hellman-Merkle") No. 4,315,552 Exponential Cryptographic Apparatus and Method ("Hellman-Pohlig") No. 4,434,414 Cryptographic Apparatus and Method ("Diffie-Hellman") No. 4,200,770 Cryptographic Communications System and Method ("Rivest-Shamir-Adelman") No. 4,405,829 Method For Identifying Subscribers And For Generating And Verifying Electronic Signatures In A Data Exchange System ("Schnorr") No. 4,995,082 In my own opinion, the RSA and DH patents are relatively strong, given that they cover particular algorithms and not whole classes of techniques. The key word here is relative; they might not hold themselves, but they are certainly much more likely to hold that some of their others. PKP makes the following statement. This is right out of RFC-1421, one of the Privacy Enhanced Mail (PEM) documents. "These patents are stated by PKP to cover all known methods of practicing the art of Public Key encryption, including the variations collectively known as El Gamal." It is my opinion that this statement is false, and not only false, but an improper extension of patent monopoly. The weakest link is the Hellman-Merkle patent, which PKP uses to claim all public key cryptography. Public key cryptography as such is certainly not patentable, since it is merely a collection of characteristics of specific systems; public key cryptography is not a specific process or method, but a collection of such processes and methods. Only specifics are patentable. Public key cryptography is an idea, and ideas are not patentable. The next weakest link is the Hellman-Pohlig patent, which is, I believe, that which PKP uses to claim that all uses of the discrete log problem (e.g. El-Gamal) are also covered. Here again, the use of an item without reference to a specific process or machine is not patentable. The specific use of exponentiation in the H-P patent is for an RSA pseudofield (i.e. mod pq), but with exponent two. As such, if we are going to prioritize patents, I would gather them in the order indicated. As far as doing forward references, The H-M patent is likely the most interesting, since it will lead to many other patent public key ciphers. The RSA patent is likely the next, because it is so widely known and mathematically simple. Eric