[cryptography] Point compression prior art?

Paul Crowley paul at ciphergoth.org
Wed May 4 04:33:05 EDT 2011

On 03/05/11 19:59, Zooko O'Whielacronx wrote:
> Have you seen DJB's "Irrelevant patents on elliptic-curve cryptography"

Yep. DJB uses "discard y" point compression in Curve25519, which works 
with ECDH for the reasons he gives but does not work in many other 
applications, such as ECDSA.

> DJB also has this page, which goes into more detail about 6141420:
> http://cr.yp.to/patents/us/6141420.html

This discusses "discard y" and the Eurocrypt '92 paper describing point 
compression in GF(2^m) I discussed in my earlier email.  The implication 
is that at least some of claims 30 to 41 are invalidated by that paper, 
but I'm not sure I can infer from this a specific technique for GF(p) 
point compression that the patent cannot cover.

\/ o\ Paul Crowley, paul at ciphergoth.org
/\__/ http://www.ciphergoth.org/

More information about the cryptography mailing list