[cryptography] Dual EC backdoor was patented by Certicom?

ianG iang at iang.org
Sun Jun 15 09:13:04 EDT 2014

In what is now a long running saga, we have more news on the DUAL_EC
backdoor injected into the standards processes.  In a rather unusual
twist, it appears that Certicom's Dan Brown and Scott Vanstone attempted
to patent the backdoor in Dual EC in or around January of 2005.  From
Tanja Lange & DJB:

   ... It has therefore been identified by the applicant that this
method potentially possesses a trapdoor, whereby standardizers or
implementers of the algorithm may possess a piece of information with
which they can use a single output and an instantiation of the RNG to
determine all future states and output of the RNG, thereby completely
compromising its security.

The provisional patent application also describes ideas of how to make
random numbers available to "trusted law enforcement agents" or other
"escrow administrators".

This appears to be before ANSI/NIST finished standardising DUAL_EC as a
RNG, that is, during the process.  What is also curious is that Dan
Brown is highly active in the IETF working groups for crypto, adding
weight to the claim that the IETF security area is corrupted.

Obviously one question arises -- is this a conspiracy between Certicom,
NSA and NIST to push out a backdoor?  Or is this just the normal
incompetent-in-hindsight operations of the military-industrial-standards

It's an important if conspiratorial question because we want to document
the modus operandi of a spook intervention into a standards process.
We'll have to wait for more facts;  the participants will simply deny.
One curious fact, the NSA recommended *against* a secrecy order for the

What I'm more curious about today is Certicom's actions.  What is the
benefit to society and their customers in patenting a backdoor?  How can
they benefit in a way that aligns the interests of the Internet with the
interests of their customers?

Or is this impossible to reconcile?  If Certicom is patenting backdoors,
the only plausible way I can think of this is that it intends to wield
backdoors.  Which means spying and hacking.  Certicom is now engaged in
the business of spying on ... customers?  Foreign governments?

In contrast, I would have said that Certicom's responsibility as a
participant in Internet security is to declare and damn an exploit, not
bury it in a submarine patent.

If so, what idiot in Certicom's board put it on the path of becoming the
Crypto AG of the 21st century?

If so, Certicom is now on the international blacklist of shame.  Until
questions are answered, do no business with them.  Certicom have
breached the sacred trust of trade -- to operate in the interests of
their customers.


More information about the cryptography mailing list