Rijndael & Hitachi

Vin McLellan vin at shore.net
Thu Oct 5 02:43:45 PDT 2000


>         On Wed, 04 Oct 2000, Vin McLellan <me> wrote:
>
> >          Not to take anything from Rijndael, which is both popular and
> > widely respected among many critical professionals, but I suspect that one
> > of the more long-lasting (pseudo-conspiratorial) theories about the
> > selection of Rijndael as the AES will be built around the fact that
> > Rijndael's design apparently allowed it -- and it alone of the final five
> > -- to escape the scope of a current US patent issued to Hitachi (which is
> > said to cover the use of data rotation in encryption.)
> >
> >          (Thus -- as the tale may be told -- did the "inadequacies" of the
> > US Patent and Trademark Office define US and world crypto standards for 
> the
> > 21st Century;-)
> >  <snip>

         Paulo S. L. M. Barreto <paulo.barreto at terra.com.br> replied:
<snip>
>I certainly noticed the fact that Rijndael was not mentioned in the Hitachi
>claim.  However, so did Bruce Schneier, and he pointed out that Rijndael's
>ShiftRow operation is in fact a rotation, and so it should be also be
>covered by Hitachi's claims.  Therefore, all AES finalists were
>seemingly equally endangered.  I personally find Hitachi's claims absurd, and
>I wanted to know whether NIST thought the same way as I did.

         I just found Schneier's 5/14 note: "AES Comment: the Hitachi 
patent," (on Sci.Crypt, via dejanews.) I was not aware that Rijndael's 
ShiftRow op was a rotation. That was a great letter. The TwoFish authors 
(among many others;-) obviously agree with your analysis.

>However, I think you might use the 21st century US legal system to 
>manifest your concerns, if indeed you have any, that Hitachi's patent 
>hindered the choice of any other algorithm (as this was rumoured a few 
>days ago in this list -- I wonder who posted it, don't you, Vin?), against 
>NIST's own statement on the contrary, made in the final report available 
>from NIST's web site.

         Oh, come on!

         I do think the Hitachi claim should be challenged and disputed.
I also don't think it is surprising -- particularly when the AES website's 
IP forum spins around the Hitachi patents and the relevance of the Hitachi 
claims is, in that forum, left unresolved -- that unaligned and wholly 
objective curious observers might bring up the question now.

         As the basis of an AES conspiracy theory, the two Hitachi patents 
strike me as pretty frail. (Rijndael is clearly a powerful and elegant 
algorithm, fully a peer if not the Obvious Choice among the five great 
cryptographic creations matched in the AES Finals.) OTOH, far more specious 
allegations have entangled millions in Byzantine mystery scenarios, on far 
less obtuse topics.

         My impression is that NIST covered itself with glory in its 
handling of the AES competition, but -- really! -- who in their right mind 
is gonna take the word of a US federal agency that the existence of issued 
US patents, and the scope of the patent-owner's claims, was irrelevant to 
their deliberations. (Even if it is true;-)

>I'll bet most people that were committed (perhaps financially) to
>any other of the finalists will show a reaction similar to yours. Well, this
>reaction is not unexpected anyway -- just remember that saying about 
>Greeks and Trojans.

         My comment was simply that the Hitachi patent claims set the stage 
for rumors that may shadow the AES choice for years. I think that is 
unfortunate. Personally, I think it is embarrassing that the Hitachi 
patents were ever issued.

         My impression is that -- despite their vigorous competitive 
impulses -- the cryptographers who carried their work into the AES Finals 
all showed a great deal of respect for each other's work. They all shared 
the Pantheon of their Craft, and even the contenders were ennobled.  In the 
aftermath of the NIST decision, I haven't heard sour grapes comments from 
any of them -- and I would be very surprised if I did. All the grumbling is 
just background noise from the wee folk, and I suspect it would be pretty 
much the same tenor, no matter which algorithm was chosen.

         Suerte,
                 _Vin

Vin McLellan
The Privacy Guild
Chelsea, MA USA





More information about the cypherpunks-legacy mailing list