[cryptography] Dual EC backdoor was patented by Certicom?

Thierry Moreau thierry.moreau at connotech.com
Sun Jun 15 23:27:06 EDT 2014

On 2014-06-15 19:24, Tanja Lange wrote:
> On Sun, Jun 15, 2014 at 02:13:04PM +0100, ianG wrote:
>> Or is this impossible to reconcile?  If Certicom is patenting backdoors,
>> the only plausible way I can think of this is that it intends to wield
>> backdoors.  Which means spying and hacking.  Certicom is now engaged in
>> the business of spying on ... customers?  Foreign governments?
> Note that the majority of the claims (and the entirety of the granted
> claims in the US and JP so far; they got all parts granted in Europe)
> is on escrow avoidance; i.e. on using the procedure for alternative
> points from the SP800-90 appendix. I.e. if a vendor gets sufficiently
> worried about the potential backdoor but doesn't want to do a completely
> new implementation he will opt for other points ---> royalties.

I looked at the primary documents in the USPTO databases. The part that 
is missing from the US patent 8,369,213 (i.e. missing from the original 
filing and the European patent I suppose) is now in the pending patent 
application US-2013-0170642-a1.

Are these inventors claiming to have *invented* the backdoor in this 
PRNG method? At least an USPTO examiner hints at this: "[claims now in 
US-2013-0170642-A1] are drawn to establish escrow key with elliptical 
curve random number generator." The inventors *describe* the escrow 
technique but need not *claim* it.

Note also that the earliest (USA) filing date is 2005/01/21 as a 
provisional US patent application number 60/644982.

>> In contrast, I would have said that Certicom's responsibility as a
>> participant in Internet security is to declare and damn an exploit, not
>> bury it in a submarine patent.

Technically, this is not a submarine patent. The publication date is 
2007/08/16 (soon after the international-treaty-based 18 months delay 
after the filing date applicable to the non-USA patent jurisdictions) 
and anyone could have access to this information by then.

Sometimes I think a little more patent literacy might help. E.g. a 
self-defense behavior for some system designer relying on the ECC 
techniques would include a periodic look at patent applications freshly 
published in this area and/or by the known players.

Fascinating case study anyway!


- Thierry Moreau

More information about the cryptography mailing list