[cryptography] Lawyer: "Are you familiar with public key encryption?" -- Whitfield Diffie: "Yes, I am"

Eugen Leitl eugen at leitl.org
Mon Nov 25 06:17:31 EST 2013


http://arstechnica.com/tech-policy/2013/11/newegg-trial-crypto-legend-diffie-takes-the-stand-to-knock-out-patent/

Newegg trial: Crypto legend takes the stand, goes for knockout patent punch

Taking a bet on Whit Diffie, as the trial against "patent troll" TQP wraps up
Monday.

by Joe Mullin - Nov 25 2013, 6:58am WEST
 
Whitfield Diffie and Newegg lawyer Alan Albright, outside the federal
courthouse is Marshall, Texas.

Joe Mullin

Newegg’s chief counsel testifies: 30 infringement claims in last 8 years
alone

Newegg on trial: Mystery company TQP rewrites the history of encryption

Newegg on trial, day one: Picking a patent jury

Newegg hurtles toward Texas showdown with famed “patent troll”

MARSHALL, TX—Newegg's courtroom face-off with patent-licensing giant TQP
Development is nearing its end. TQP has sued hundreds of companies saying it
has patented the common Web encryption scheme of combining SSL with the RC4
cipher. Almost 140 companies have paid TQP a total of more than $45 million.
But online retailer Newegg, which has sworn not to settle with "patent
trolls" like TQP, took the case to a jury.

On Thursday, Newegg's top lawyer Lee Cheng took the stand. He was followed by
a non-infringement expert and three well-known computer scientists who
emphasized the importance of Newegg's "prior art."

Ron Rivest testified, via videotaped deposition, about how he invented the
RC4 cipher while at RSA Security in 1987, two years before the TQP patent
application was filed. Former Microsoft CTO Ray Ozzie described demonstrating
Lotus Notes to Bill Gates in 1988. Alan Eldridge, who worked on the Notes
product, flew down to Marshall in person to describe how he put RC4 in the
software.

Eldridge wasn't paid, as expert witnesses were—he came down to testify
against the Jones patent out of a feeling of "civic responsibility," he said.
He didn't know who the defendants in this case were until he was told. "I
hadn't even heard of New Age until Saturday," said Eldridge at one point, as
laughs were stifled in the courtroom.

On Friday Newegg's star witness, cryptographer Whitfield Diffie, took the
stand. Diffie's goal is to knock out the Jones patent with "clear and
convincing" evidence (which is the standard for invalidating a patent).

Diffie looked the part of the eccentric genius, resplendent with his long
white hair and beard. He spoke with a booming voice but carefully articulated
manner; he was professorial but not overbearing. He could have been the
amiable professor you wish you'd had in college.

TQP's patent, invented alongside Michael Jones' failed modem business, wasn't
much of an invention at all according to Diffie's telling. It was a
pre-Internet patent, describing an old method of encoding data. Internet
security needed "public key" cryptography.

"We've heard a good bit in this courtroom about public key encryption," said
Albright. "Are you familiar with that?

"Yes, I am," said Diffie, in what surely qualified as the biggest
understatement of the trial.

"And how is it that you're familiar with public key encryption?"

"I invented it."

A brief history of public-key crypto

In 1973, Diffie left his work at Stanford's Artificial Intelligence Lab to
travel the country and learn more about cryptography.

"It was kind of a secret field at the time, and the literature was hard to
find," said Diffie. "I was traveling around academic libraries digging up
whatever I could."

The following year, he returned to Stanford and started his work with a
professor there, Martin Hellman.

"I want you to put it in perspective for the court and for the jury," said
Albright. ""What is the problem that you two gentlemen saw, that you were so
worried about?"

The problem was vast, Diffie explained—nothing less than how to keep things
private in a networked world. He recalled a conversation with his wife in
1973, sitting on a New Jersey park bench. "I told her that we were headed
into a world where people would have important, intimate, long-term
relationships with people they had never met face to face," he said. "I was
worried about privacy in that world, and that's why I was working on
cryptography."

At that time, the only encryption happened within "closed systems." IBM could
encrypt information within its own company's networks, and Texas Instruments
could encrypt on theirs. But some kind of courier would have to carry
encryption "keys" to both companies before they could do so.

That was the "key distribution" problem Diffie strove to solve. "It's
arranging to provide keys to two people who have never met before, who
suddenly find themselves with a need to communicate," he explained. "This is
much the way we visit websites these days."

There was one other big need: proving authenticity.

"The receiver of the document can come into court with the signed document
and prove to a judge that the document is legitimate," he said. "That person
can recognize the signature but could not have created the signature."

In spring of 1975, Diffie was "playing house husband" near Stanford, while
his wife worked in San Francisco for British Petroleum. It was then, spending
his afternoons unbothered working on cryptography, when he hit on a solution
that could solve both the key distribution and authenticity puzzles.
Public-key crypto could kill two birds with one stone.

"What I suddenly understood was that you could break the key into two pieces,
and only one piece would have to be secret," said Diffie, speaking excitedly.
"There would be a secret piece and a public piece."

In 1976, he published "New Directions in Cryptography" with Martin Hellman.
The paper's cover sheet was displayed on the screen in court.

"Is it fair to say that the jury is looking at a little bit of history, in
terms of cryptography?" asked Albright.

"You embarrass me," said Diffie. "But yes, I think it's fair."

The world of cryptography was utterly changed. Whereas there were "not more
than a dozen or two" people working on cryptography outside government, "now
there are thousands," Diffie explained.

Jones and Erich Spangenberg, the patent-licensing kingpin who owns TQP, have
claimed that the Jones patent is fundamental to Internet commerce. They've
sued hundreds of companies for infringing it.

Albright made sure the jury got one point clearly: it was Diffie's invention
that ushered in the world of online commerce. "Would it be fair to say we
wouldn't have Internet commerce without this?" asked Albright.

"I think where there's commerce, it will find a way," said Diffie. "But this
has certainly smoothed that way a good deal."

Prior Art: Some software and a good old-fashioned textbook

After describing his history, it was time to take a shot at Jones' patent.
There were two key pieces of prior art. First up was a 1982 textbook called
Cryptography and Data Security by Dorothy Denning.


Denning Albright showed the jury a diagram of a symmetric, "closed"
cryptographic system from that book. "That diagram represents all
cryptographic practice up to a few years earlier [than 1982]," explained
Diffie. It also describes everything in Jones' patent. The "key generator" in
Denning's book corresponded to the "pseudo-random number generator" talked
about in the Jones patent; and every message block is encrypted and decrypted
in the same manner.  Then he moved to the most-discussed piece of prior art:
RC4, combined with Lotus Notes, an early e-mail and social networking
product. TQP actually admits that the combination of RC4 and Lotus Notes
anticipates its patent, but the organization argues that it was kept as a
trade secret until after the "critical date" of October 6, 1988, one year
before the patent filing.

Diffie ran through the timeline: Rivest invented RC4 in 1987. By January
1988, Lotus had paid for the Notes product, a total of $200,000. In April
1988, Rivest wrote to the National Security Agency asking for an "export
license" for RC4—a step he wouldn't have taken unless the product was ready
to go, said Diffie. That same month, Ray Ozzie showed Notes and RC4 to Bill
Gates. In May of that year, the product was shown at Lotus Week, a huge
computer show.

That meant Lotus Notes had been "offered for sale" even though Lotus Notes
wasn't actually shipped to the public until December 1989. Paying for
something before you get it isn't unusual, he reminded jurors.

"This happens in commerce all the time," he said. "You can go to a car
dealer, and you look around the lot... but you don't like any exact one
that's there. You give the salesman a list of the features you want, and you
pay for the car. They send word off to Detroit, and Dearborn builds it for
you, and a few weeks later, your car shows up, and you drive it away. "

Diffie's testimony went on some time, but he seemed to have the jury in the
palm of his hand. A few jurors laughed at his jokes and smiled, and the more
serious ones were certainly focused on his testimony. After about two hours,
Albright passed the witness.

A stunning attack

One might imagine an opposing attorney would handle a famous witness, who had
just connected with the jury, carefully. TQP lawyer Marc Fenster could have
acknowledged Diffie's accomplishments while arguing that his client—an
admittedly little guy—still should get his rights, his little piece of
"intellectual property."

That's not what Fenster did. He went on the attack.

"You never completed a master's degree, correct?" he asked Diffie.

"That's correct," said Diffie.

"Other than the honorary degree, you don't have an earned doctorate or Ph.D.
correct?"

"That is correct," said Diffie.

And even though he taught a few courses, "you never had a real professorship,
correct?" asked Fenster.

"I never had a full-time academic job, no."

Fenster noted that while Diffie was testifying in court for the first time,
he had other expert witness work lined up. His rate varies from $500 to $600
per hour, and it's $700 for testifying in court.

"Your agent helps you to get expert witness jobs, is that right?"

"Actually, no," said Diffie. "My agent handles the arrangements with my
clients. All of the jobs have come in directly through me."

Then Fenster mounted an even more surprising strategy: he pursued a line of
questioning suggesting that it was Diffie who was being misleading about his
own invention.

"Dr. Diffie, you agree that you can still be an inventor on a patent even
though others may have invented the same thing earlier but kept their
invention secret, correct?" asked Fenster.

"Under some circumstances, yes," answered Diffie.

"In fact, Dr. Diffie, you have some personal experience with this particular
aspect of the patent law, don't you?"

"You'll have to remind me," answered Diffie.

Then Fenster dropped this bombshell: "Dr. Diffie, you were not the first to
invent public key cryptography, were you?"

"I believe that I may have been," said Diffie, speaking cautiously. "But
perhaps you could be more specific?"

"In fact, a gentleman named James Ellis in England invented it before you,
right?"

Diffie sighed. He seemed, suddenly, almost tired. He had heard this one
before. "I spent a lot of time talking to James Ellis, and I can't figure it
out," he said. "James Ellis did very fine work."

Fenster pulled up the history website for the Institute of Electrical and
Electronics Engineers, a page that displayed "milestones" in engineering
dating back to 1800. The page showed James Ellis, not Diffie, as the inventor
of public-key cryptography. Ellis made the breakthrough at the British GCHQ
intelligence agency but kept it secret. With these discoveries, the essential
principles were known but "were kept secret until 1997," stated the IEEE
page.

"It describes this invention as being accomplished by James Ellis in
Britain's government, correct?" asked Fenster

"It does."

"And it does not list you as the inventor or credit you with the invention of
public key cryptography, correct?"

"Correct."

The article described Ellis as inventing public key cryptography in 1969 but
keeping it confidential until 1997.

"Let's read together," said Fenster. Reading the website, he intoned: "All of
the essentials of public key cryptography had been discovered by Ellis and
two others by 1975."

"That's what it says," said Diffie.

"And by that time, the public recognition of the invention of public key
cryptography had been allocated to the researchers at Stanford and
MIT—correct?"

"That's what it says."

"So, in fact, according to the IEEE, someone else invented public key
cryptography before you, correct?"

"I disagree," said Diffie. "Ellis's paper is in no sense enabling. [His
partner] Malcolm Williamson's paper enables Diffie-Hellman, and it was an
internal secret note written two months after I presented that at the largest
computer conference in the world."

Diffie said he sought out those three inventors himself and talked to them
"extensively" about their work. He started those discussions in 1982 and they
continue to the present.

"Dr. Diffie, you were entitled to your patent because the alleged prior
inventor kept it secret, right?"

"The alleged prior inventors not only kept it secret but did very little with
it," said Diffie. "In James Ellis's words to me: 'You did a lot more with it
than we did.'"

If Fenster wanted to talk about other claims to the public-key crypto
breakthrough, Diffie seemed suddenly happy to help him out. He started
bringing out his own examples.

"When the director of NSA spoke to Congress, in about 1977, he rather
perversely made the claim that NSA had invented these things a decade
earlier," said Diffie. "Both the time and the credit seem a little bit off.
But there was a steady sort of attempt to claim credit for this, without
releasing documents, until 1997."

After Fenster finished, Albright went back to the podium and gave Diffie a
chance to regroup and explain. In the US National Inventors' Hall of Fame,
Albright pointed out, it was Diffie who was credited with the invention.

"Would you explain to the jury why it is that you represented to them here in
open court under oath that you were the inventor?"

"I've studied this with some care," said Diffie. He continued:

The short answer would be that James Ellis' work in 1969 and 1970 certainly
does not teach the methods. Personally, I find that paper incomprehensible.
I'm not clear how anybody became convinced of anything from it.

Williamson wrote a paper—and internal, secret paper at GCHQ that is dated the
eighth of August, 1976, or close to that—two months after I presented the
Diffie-Hellman key exchange at the National Computer Conference in New York.

My view is that they did very fine work. I think my conception of public key
was clearer than James Ellis'. But every time we have been given awards on
this, I have cited those people and praised them for the work they did.  By
the time Diffie finished testifying, it was near the end of the day. Then
came another stunner: Newegg rested its case. It did so without putting on
its expert witness to rebut TQP's $5.1 million damage claim—even though
documents in the court docket clearly indicate the company had such a
witness.

Defendants put on damage experts as a matter of course in patent cases, so
not doing so here is a huge bet. It suggests Newegg is hoping strongly enough
for a straight win that it believes more focus on damages would be
counterproductive.

TQP's final witness, Dr. Tom Rhyne, is an expert to rebut Diffie. His
testimony will continue to Monday, and will be followed by closing arguments.
After that, the fate of Newegg and the Jones patent will be in the hands of
the jury. A verdict could come by Monday evening.


More information about the cryptography mailing list