Fwd: [cryptography] ECC patent FUD revisited

coderman coderman@gmail.com
Sun Jan 5 09:32:08 PST 2014


---------- Forwarded message ----------
From: D. J. Bernstein <djb@cr.yp.to>
Date: Sun, Jan 5, 2014 at 1:36 AM
Subject: [cryptography] ECC patent FUD revisited


NSA's Kevin Igoe writes, on the semi-moderated cfrg@irtf.org list:
> Certicom has granted permission to the IETF to use the NIST curves,
> and at least two of these, P256 and P384, have p = 3 mod 4.  Not
> being a patent lawyer, I have no idea what impact the Certicom patents
> have on the use of newer families of curves, such as Edwards curves.

There are several interesting aspects to this patent FUD. Notice that
the FUD is being used to argue against switching to curves that improve
ECC security. Notice also the complete failure to specify any patent
numbers---so the FUD doesn't have any built-in expiration date, and
there's no easy way for the reader to investigate further.

http://www.certicom.com/index.php/licensing/certicom-ip says that
Certicom "discovered and patented many fundamental innovations" and has
"more than 350 patents and patents pending worldwide". This sounds
impressive until you look at what the portfolio actually contains.

The reality is that Certicom has contributed essentially nothing to
state-of-the-art ECC. Its patent portfolio consists of a few fringe
ideas and a few obsolete ideas---nothing essential for mainstream ECC
usage. Nobody needs MQV, for example: traditional DH achieves the same
security goals in a much more straightforward way, and very few people
notice the marginal performance benefit provided by MQV.

The reason that Certicom has so many "patents and patents pending
worldwide", despite having contributed so few ideas, is that it keeps
splitting its patent applications. For example, the original MQV patent
filings in early 1995 ended up being split into an incredibly redundant
collection of US patents 5761305, 5889865, 5896455, 5933504, 6122736,
6487661, 7243232, 7334127, 7779259, 8090947, and 8209533, not to mention
the corresponding non-US patents CA2237688, DE69636815, EP0873617, etc.

---Dan



More information about the cypherpunks mailing list