[cryptography] Point compression prior art?

James A. Donald jamesd at echeque.com
Tue May 17 21:17:23 EDT 2011

On 2011-05-17 8:55 AM, David-Sarah Hopwood wrote:
> On 03/05/11 19:59, Zooko O'Whielacronx wrote:
>> Have you seen DJB's "Irrelevant patents on elliptic-curve cryptography"
>> http://cr.yp.to/ecdh/patents.html
> [...]
>> My Curve25519 software never computes y, so it is not covered by the
>> patent. It should, in any case, be obvious to the reader that a patent
>> cannot cover compression mechanisms published seven years before the
>> patent was filed.
>> """
>> DJB also has this page, which goes into more detail about 6141420:
>> http://cr.yp.to/patents/us/6141420.html
>> Contrary to the "filed 1994.07.29" above, the patent was actually
>> filed January 29, 1997:
>> http://patft.uspto.gov/netacgi/nph-Parser?Sect1=PTO1&Sect2=HITOFF&d=PALL&p=1&u=%2Fnetahtml%2FPTO%2Fsrchnum.htm&r=1&f=G&l=50&s1=6,141,420.PN.&OS=PN/6,141,420&RS=PN/6,141,420
> True, but it has the "related U.S. patent document" with application number
> 282263, which was filed in July 1994. That date is what is most relevant
> for the "published seven years before the patent was filed" comment.
>> Which means it expires January 29, 2017.
> If a granted patent has prior art for a given claim, then it is invalid
> for that claim, and cannot be infringed, so its expiration date is not
> important. (The holder can of course claim that it is infringed, but they
> could do that for any random patent they hold, regardless of relevance.)

The most useful fact in the above link is that the best method for point 
compression of elliptic curves, in all elliptic curves and any elliptic 
curve, was published in 1992, 19 years ago.  (x plus one bit that 
discriminates between the two y values)

Since then, people have been publishing uselessly weird and complicated 
ways of compressing points on an elliptic curve, and then claiming that 
since they have a patent for some obscure, complicated, and useless ways 
of compressing a point in certain obscure and arcane special cases, 
anyone who compresses points has to pay them money.

Which is typical of the vast majority of patents.

More information about the cryptography mailing list