[Mac_crypto] Re: Certicom? [...] [Fwd: NSA Turns To Commercial Software For Encryption]

R. A. Hettinga mac_crypto@vmeng.com
Mon, 27 Oct 2003 14:27:45 -0500

--- begin forwarded text

Status:  U
Delivered-To: fork@xent.com
To: fork@xent.com
Date: Mon, 27 Oct 2003 16:37:55 +0100 (CET)
From: harley@argote.ch (Dr. Robert J. Harley)
Subject: Re: Certicom? [...] [Fwd: NSA Turns To Commercial Software For
List-Id: Friends of Rohit Khare <fork.xent.com>
List-Archive: <http://lair.xent.com/pipermail/fork>
List-Post: <mailto:fork@xent.com>
List-Help: <mailto:fork-request@xent.com?subject=help>
List-Subscribe: <http://xent.com/mailman/listinfo/fork>,
Sender: fork-bounces@xent.com

RAH wrote:
> > FWIW, this is about going rate for RSA too, BTW.
> Was. RSA's patent has expired.

And ECC never has been and never can be patented.  Some protocols and
implementation methods are (just as they are for RSA etc.)

>BTW, the only decent *software* ECC, FEE, is patented, by Apple.

Are you serious?  So many holes... so little time...

Let's see.  Are you talking about software or about technology?

Re: Software; I have never seen FEE software lauded.  Apple uses an
implementation of it in MacOS... other than that... uh...???

Re: Technology; Apples uses it is as a minor PR opportunity to claim
that they are doing crypto research.  The patent is an abusive one on
trivia (see below).  One day Crandall thought of using simple primes
in ECC (like about 1000 other people) and patented it.  NeXT used this
as a PR opportunity to claim that they had developed it on purpose to
avoid licensing RSA.  They also said anybody could use FEE without
licensing it.

Then Apple bought NeXT.  Dunno what their position is but it is
irrelevant.  FEE is bog standard ECC over prime fields, using primes
of the form p = 2^d-c with small c such as 2^233-3.  This makes
reduction simpler and speeds up operations a bit.  It is absolutely
trivial to pick other simple primes not covered by the patent, such as
p = 2^248-2^100-1.  All of the NIST curves over prime fields are of
this form, such as p = 2^224-2^96+1.

Personally, I would avoid such special cases anyway.

     .-.                                                               .-.
    /   \           .-.                                 .-.           /   \
   /     \         /   \       .-.     _     .-.       /   \         /     \
  /       \       /     \     /   \   / \   /   \     /     \       /       \
 /         \     /       \   /     `-'   `-'     \   /       \     /         \
            \   /         `-'                     `-'         \   /
             `-'                                               `-'
FoRK mailing list

--- end forwarded text

R. A. Hettinga <mailto: rah@ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'