On Jan 5, 2014, at 1:36 AM, D. J. Bernstein <d...@cr.yp.to> wrote: > NSA's Kevin Igoe writes, on the semi-moderated c...@irtf.org list: >> Certicom has granted permission to the IETF to use the NIST curves, >> and at least two of these, P256 and P384, have p = 3 mod 4. Not >> being a patent lawyer, I have no idea what impact the Certicom patents >> have on the use of newer families of curves, such as Edwards curves. > > There are several interesting aspects to this patent FUD. Notice that > the FUD is being used to argue against switching to curves that improve > ECC security. Notice also the complete failure to specify any patent > numbers---so the FUD doesn't have any built-in expiration date, and > there's no easy way for the reader to investigate further.
The FUD provides good reasons to move to new curves. For example - curves that do not need to check if a provided public key is on the curve … Paul > > http://www.certicom.com/index.php/licensing/certicom-ip says that > Certicom "discovered and patented many fundamental innovations" and has > "more than 350 patents and patents pending worldwide". This sounds > impressive until you look at what the portfolio actually contains. > > The reality is that Certicom has contributed essentially nothing to > state-of-the-art ECC. Its patent portfolio consists of a few fringe > ideas and a few obsolete ideas---nothing essential for mainstream ECC > usage. Nobody needs MQV, for example: traditional DH achieves the same > security goals in a much more straightforward way, and very few people > notice the marginal performance benefit provided by MQV. > > The reason that Certicom has so many "patents and patents pending > worldwide", despite having contributed so few ideas, is that it keeps > splitting its patent applications. For example, the original MQV patent > filings in early 1995 ended up being split into an incredibly redundant > collection of US patents 5761305, 5889865, 5896455, 5933504, 6122736, > 6487661, 7243232, 7334127, 7779259, 8090947, and 8209533, not to mention > the corresponding non-US patents CA2237688, DE69636815, EP0873617, etc. > > ---Dan > _______________________________________________ > cryptography mailing list > cryptography@randombit.net > http://lists.randombit.net/mailman/listinfo/cryptography _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography