James A. Donald (jamesd@echeque.com)
Thu, 11 Mar 1999 01:54:16 -0500
--
James A. Donald wrote:
> > David Wagner's tokens can only be checked with the
> > private key. There is no relevant public key that plays
> > any role in the protocol, thus Chaum's patent on
> > undeniable signatures appears irrelevant.
At 08:24 PM 3/10/99 +0100, Anonymous wrote:
> This is not quite true. If the secret key is k and the
> public key is g^k, David Wagner shows how to get a
> signature on a value y which is of the form y^k. This is
> exactly the same as Chaum's undeniable signature.
David Wagner is signing as described in Chaum's patent, and
he is blinding almost as described in Chaum's patent,
(arguably exactly as is described in Chaum's patent).
But a patent claims certain specific functions "I claim a way
to do such and such". David Wagner is not doing what Chaum
claims a patent on.
The relevant claims by Chaum are claims 7 and 9
7. The method according to claim 3, wherein said signing
step
comprises raising said unsigned message
to a signing power derived from said
private key, such exponentiation being
performed in a finite structure where
the inverse of such exponents is
unknown.
9. The method as in claim 1, further comprising the steps
of:
blinding said unsigned message
responsive to a blinding key before
providing the resulting blinded
unsigned message to said signing
party in place of said unsigned
message; and unblinding said
undeniably signed message returned
by said signing party responsive to
said blinding key.
It seems to me that if the first sentence in claim 7 and
claim 9 were omitted, this would purport to patent the key
steps in David Wagner's protocol, but because David Wagner is
not using the method of claim 1 or claim 3, the patent is
irrelevant. Obviously Chaum cannot claim to patent the step
of raising a number to a power, nor the step of multiplying a
number by a random factor. Chaum can only claim to patent
the use of these steps for a particular purpose, the purpose
of implementing the method described in claim 1. He cannot
claim the use of these steps for the purpose of implementing
some other method that he did not foresee.
Now there may be some additional patent that covers David
Wagner's method, but the blind undeniable signature patent
does not.
> Undeniable signature verification is impossible without a
> public key. This modification would make the protocol even
> more dissimilar from Chaum's blinded and undeniable
> signature patents.
Agreed, though I would say it is not the absence of the key
that makes this different from Chaum's patent, but the
absence of the method described in claim 1 or 3 of the patent, and
the absence of any method with the purpose or function
described in claim 1 or 3 of the patent.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
v71jepl3x94EJomPoyLHk1F/gX4cW3fePJO5nH90
46GEITXbv7n2H4GKkMV98F8CrhPZfXtl6qASB44yx
-----------------------------------------------------
We have the right to defend ourselves and our property, because
of the kind of animals that we are. True law derives from this
right, not from the arbitrary power of the omnipotent state.
http://www.jim.com/jamesd/ James A. Donald
The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:18:50