Mike Rosing (eresrch@msn.fullfeed.com)
Mon, 8 Feb 1999 22:08:20 -0600 (CST)
>
> Hold on! That settles the copyright's issue for the library, but not the
> patent's for the underlying algorithms. As you can see at
> http://grouper.ieee.org/groups/1363/patents.html , there are claims on
> several areas of ECC cryptography. Most of them come from Certicom
> (http://grouper.ieee.org/groups/1363/letters/Certicom.txt), but apparently
> also R3 Security Engineering has a patent and a patent application covering
> the Nyberg-Rueppel digital signature key agreement method.
Most of Certicom's patents do not mention ECC. The few patents they
have that are explicitly for ECC are for gate implementations of
GF(2^155) and GF(2^253). Use a different field and you don't violate the
patent.
NR is patented, but again, there is no mention of ECC in that patent.
Any patent lawyer worth what they are paid can get around that.
Crandal has a patent on ECC, but it's for a very specific DH
implementation. Use any GF(2^n) field and you skip past that one.
ECDSA is not patented either. Nor are any of the low level math
implementations (there are lots of trade secrets tho).
I've been thru a lot of patents and have yet to find any that my code
infringes on. If you have specific patent numbers I'll go read 'em,
because I sure haven't found any to worry about. Neither have any of the
law professors who've looked at it.
Certicom does lay claim to MQV (a very nice authentication/key exchange
algorithm). However, the patent has not issued, and may never issue. It
is not clear which version of MQV would be patented (if a patent is
granted). This is a high level algorithm, ECC itself is not (and can not)
be patented. It's just math. All you can patent is a specific
implementation of the math.
What's interesting is that I put out a version of MQV in '94. The patent
has still not issued, so we don't know when MQV was sent in to the patent
office. If it's sometime in '96 when the P1363 standard group started,
I may be ok by prior art. I may be ok anyway since that version did
not implement the algorithm as described, it just did the equivelent math.
Patenting algorithms is kind of stupid. It makes much more sense to
describe an algorithm and keep a trade secret on tricks to make it go fast.
Once cast in stone as a patent, it's pretty easy to use math to get
around it.
My code is free and clear. At present it violates no patents. It may
violate some version of MQV someday, when it does I'll change it.
Patience, persistence, truth,
Dr. mike
The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:18:27