Re: Clipper in patent trouble?
Even worse, Micali is claiming that his patent on fair cryptosystems (#5,276,737) covers Clipper as well. In the Wall Street Journal (May 31, 1994, p. B6): Mr Micali, whose patent was issued in January, says his patent covers the concept of breaking an encryption key into multiple parts that are guaranteed to work, and are held by escrow agents. It seems to me that Clipper does not guarantee that the multiple parts will work in anywhere near the same way as his scheme does (see my book for details); Clipper is simply a secret splitting scheme. On the other hand, Micali filed his patent application in Apr 92, a full year before Clipper became public. I think Micali has a good case. In patent law, the claims are vital. Exactly what it is that you're claiming is new is described in the claims; something infringes if it includes all of the elements of any one claim. Here's claim 15 of that patent: 15. A method, using a cryptosystem, for enabling a predetermined entity to monitor communications of users suspected of unlawful activities while protecting the privacy of law-abiding users, wherein a group of users has a secret key, comprising the steps of: breaking the secret key into shares; providing trustees pieces of information that include shares of the secret key; and upon a predetermined request, having the trustees reveal the shares of the secret key of a user suspected of unlawful activity to enable the entity to reconstruct the secret key and monitor communications to the suspect user. Sure sounds like Clipper to me... (Claims 1-14 deal with Micali's major stuff, the ``fair'' public-key based systems.) If Micali's claim holds up, it provides Cypherpunks with a whole new weapon against obnoxious cryptographic protocols -- build 'em first, patent 'em, and *don't* license them to the government... (Of course, since the U.S. uses a ``first to invent'' standard, they could defeat that by opening up secret NSA archives to show that they really had it first...) Btw -- I found the patent online via WWW; see http://town.hall.org/ and do the obvious. If you want just that single patent, go to ftp://ftp.town.hall.org/patent/data1/05276/05276737, or do the obvious ftp.
... Micali's major stuff, the ``fair'' public-key based systems. Just to throw another sound bite in the pot: Why would anyone in their right mind use a cryptosystem that's only "fair" when they have their choice of so many "good" and "excellent" ones like IDEA and RSA as well? :-) :-) disclaimer: I haven't read Micali's papers in detail, but I understand that the "fair' cryptosystem is effectively "key escrow in software". Actually, I haven't seen his protocols discussed in any level of detail on this list. An overview might help improve the S/N ratio here.. build 'em first, patent 'em, and *don't* license them to the government... Alternatively, hold out for 10% of the capital cost of the *entire* communications system and put the money to good use if they're stupid enough to pay. - Bill
Bill Sommerfeld writes:
... Micali's major stuff, the ``fair'' public-key based systems.
Just to throw another sound bite in the pot:
Why would anyone in their right mind use a cryptosystem that's only "fair" when they have their choice of so many "good" and "excellent" ones like IDEA and RSA as well? :-) :-)
Micali's scheme could be very useful for ensuring that a secret is not lost forever upon the death, departure, or forgetfulness of an employee. Even Cypherpunks Inc. would probably be interested in a crypto system that allows reconstruction of a key by some process, for secrets belonging to the company. Generally, a whole range of algorithms and protocols is not a bad thing. (A similar example is a protocol for digicash that only "allows" partial withdrawals of one's cash...why would anyone "want" such a limiting system? Think about it.) So long as the market is able to function, and is not distorted by coercive laws, expect various sorts of systems. This said, I dislike the "fair" appelation, as it seems to be a kind of propagandizing. In this age of hype, not surprising. But very bad if the "fair" name gets used to help make such schemes mandatory for private citizens.
disclaimer: I haven't read Micali's papers in detail, but I understand that the "fair' cryptosystem is effectively "key escrow in software". Actually, I haven't seen his protocols discussed in any level of detail on this list. An overview might help improve the S/N ratio here..
I look forward to hearing your summary, Bill! Micali's paper was presented at the '92 Crypto Conference ("Proceedings" should be readily available in the usual places: university libraries and large technical bookstores, or by special order from Springer-Verlag), around the same time Denning was describing this and other possible "trial balloons" for key escrow. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway."
participants (3)
-
smb@research.att.com -
sommerfeld@localhost.medford.ma.us -
tcmay@netcom.com