[cryptography] NSA's position in the dominance stakes

Steven Bellovin smb at cs.columbia.edu
Tue Nov 16 15:33:34 EST 2010

> One way out or the morass would be to have a reference implementation
> known not to infringe.

Absent a statement by (all) relevant patent holders, you never "know" that something doesn't infringe.  At most, you know that the patent holder(s) have not (yet) filed suit.

You may also think that the patent is invalid.  Consider claim 1 of the second patent David cited:

1. A method for validating digital information transmitted in a data communication system, said method comprising the steps of:

a) obtaining an elliptic curve public key generated from a corresponding private key in accordance with an elliptic curve cryptographic scheme, said scheme conforming to a predetermined arithmetic algorithm and said scheme conforming to defined system parameters including an elliptic curve defined over a finite field,
b) upon obtaining said public key, verifying said public key is a point lying on said curve, and
c) utilising said public key in a cryptographic operation within said cryptographic scheme upon obtaining such verification.

Claims 2, 3, and 4 are even worse:

2. A method according to claim 1 wherein verification that said point is on said curve is performed by substituting said point in said curve.

3. A method according to claim 1 wherein said verification is performed by a certifying authority included in said cryptographic scheme.

4. A method according to claim 3 including the step of incorporating within a certificate an indication that said public key has been verified.

You may think that it's a mind-bogglingly obvious test to want to do.  I might think that.  The patent office, however, was persuaded that it wasn't obvious.  According to law, that means that the patent is presumed valid.  As Marsh has noted, patent litigation is *very* expensive.  And remember that you have to persuade a jury of N high school graduates -- if you're lucky -- that the experts in the patent office got it wrong.  

Yes, this is FUD.  Do you have deep enough pockets to fight them?  Remember that the NSA chose to license the patents instead of fighting.

		--Steve Bellovin, http://www.cs.columbia.edu/~smb

More information about the cryptography mailing list