[cryptography] Dual EC backdoor was patented by Certicom?

Tanja Lange tanja at hyperelliptic.org
Sun Jun 15 15:24:55 EDT 2014


On Sun, Jun 15, 2014 at 02:13:04PM +0100, ianG wrote:
> 
> Or is this impossible to reconcile?  If Certicom is patenting backdoors,
> the only plausible way I can think of this is that it intends to wield
> backdoors.  Which means spying and hacking.  Certicom is now engaged in
> the business of spying on ... customers?  Foreign governments?
>
Note that the majority of the claims (and the entirety of the granted
claims in the US and JP so far; they got all parts granted in Europe) 
is on escrow avoidance; i.e. on using the procedure for alternative 
points from the SP800-90 appendix. I.e. if a vendor gets sufficiently 
worried about the potential backdoor but doesn't want to do a completely 
new implementation he will opt for other points ---> royalties.
 
> In contrast, I would have said that Certicom's responsibility as a
> participant in Internet security is to declare and damn an exploit, not
> bury it in a submarine patent.
>
I had hoped so.

Tanja



More information about the cryptography mailing list