[cryptography] [Cryptography] Dual EC backdoor was patented by Certicom?

ianG iang at iang.org
Mon Jun 16 08:34:22 EDT 2014

On 16/06/2014 04:27 am, Thierry Moreau wrote:
> On 2014-06-15 19:24, Tanja Lange wrote:
>> On Sun, Jun 15, 2014 at 02:13:04PM +0100, ianG wrote:
>>> Or is this impossible to reconcile?  If Certicom is patenting backdoors,
>>> the only plausible way I can think of this is that it intends to wield
>>> backdoors.  Which means spying and hacking.  Certicom is now engaged in
>>> the business of spying on ... customers?  Foreign governments?
>> Note that the majority of the claims (and the entirety of the granted
>> claims in the US and JP so far; they got all parts granted in Europe)
>> is on escrow avoidance; i.e. on using the procedure for alternative
>> points from the SP800-90 appendix. I.e. if a vendor gets sufficiently
>> worried about the potential backdoor but doesn't want to do a completely
>> new implementation he will opt for other points ---> royalties.
> I looked at the primary documents in the USPTO databases. The part that
> is missing from the US patent 8,369,213 (i.e. missing from the original
> filing and the European patent I suppose) is now in the pending patent
> application US-2013-0170642-a1.
> Are these inventors claiming to have *invented* the backdoor in this
> PRNG method? At least an USPTO examiner hints at this: "[claims now in
> US-2013-0170642-A1] are drawn to establish escrow key with elliptical
> curve random number generator." The inventors *describe* the escrow
> technique but need not *claim* it.
> Note also that the earliest (USA) filing date is 2005/01/21 as a
> provisional US patent application number 60/644982.
>>> In contrast, I would have said that Certicom's responsibility as a
>>> participant in Internet security is to declare and damn an exploit, not
>>> bury it in a submarine patent.
> Technically, this is not a submarine patent. The publication date is
> 2007/08/16 (soon after the international-treaty-based 18 months delay
> after the filing date applicable to the non-USA patent jurisdictions)
> and anyone could have access to this information by then.
> Sometimes I think a little more patent literacy might help. E.g. a
> self-defense behavior for some system designer relying on the ECC
> techniques would include a periodic look at patent applications freshly
> published in this area and/or by the known players.

I guess this would be true if one is in the EC world choosing curves.
Patently, a view expressed in the act by DJB and Tanja.

But this is about international standards and an approved way of doing
RNGs.  A rather different kettle of fish.  We in the user community were
supposed to be able to implement a standard like DUAL_EC, perhaps get it
approved, and be done with such crapola.  Or buy an approved product,
and ditto.

One would have thought that NIST, ISO, etc had long since got tired of
the notion of all that good work being done for the public benefit, only
to be snaffled by greedy patent trolls for the price of a filing.

Although it is now historical as the DUAL_EC RNG is withdrawn as a
standard, I think it would be very interesting to hear NIST's views.  It
may not be submarine in some technical lingo, but it rather seems to be
asymmetrical to the standards horizon.

I wonder if NIST knew about the patent?

> Fascinating case study anyway!

Indeed.  I'm fascinated to understand Certicom's business thinking.
What is the business model behind patenting backdoors?


More information about the cryptography mailing list