[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Larger DH groups?
I had a look at the patent database and Certicom not the only ones to claim
a digital signature patent using Elliptic curves.
US6088798 is a digital signature algorithm (a collection thereof?), filed by
"Kabushiki Kaisha Toshiba, Kawasaki, Japan".
I'm not particularly familiar with the patent system but it seems fairly
obscure and I wouldn't want to be responsible for making decisions about
patents...
Chris
> -----Original Message-----
> From: Glawitsch, Gregor [mailto:Gregor_Glawitsch@nai.com]
> Sent: 06 October 2000 22:46
> To: ipsec
> Subject: RE: Larger DH groups?
>
>
> I think it is actually GOOD if Simon/Certicom tries
> to claim that their patents cover the whole EC area.
>
> As the old saying goes:
> Here lies a toppled god,
> his fall was not a small one,
> we did but build a pedestal,
> a narrow and a tall one.
>
> What I'm trying to say: If they try to claim too
> much coverage, someone will show the judge a
> late seventies/early eighties Cryptography
> textbook and the patent will be thrown out
> faster than any Certicom lawyer can say the
> S-word.
>
> Greg
>
> -----Original Message-----
> From: Scott G. Kelly [mailto:skelly@redcreek.com]
> Sent: Friday, October 06, 2000 1:07 PM
> To: Simon Blake-Wilson
> Cc: Dan Harkins; Ari Huttunen; ipsec
> Subject: Re: Larger DH groups?
>
>
> My understanding from earlier statements from certicom (minneapolis
> ietf?) was that certicom is attempting to patent certain ec
> acceleration
> techniques, but that ec's themselves are not patentable. Your
> statement
> seems to be that ec's in any form are either patented or
> patent-pending
> by certicom. Is this correct?
>
> Simon Blake-Wilson wrote:
> >
> > Hi Dan,
> >
> > Ahh ... the eternal patent question. Unfortunately the patent system
> doesn't
> > allow the kind of black and white answer you're looking
> for. However I
> think our
> > IPR statement is fairly clear that we believe we have
> patents and patent
> > applcations covering ECC. Our advice to anyone implementing
> ECC is to take
> a
> > license from Certicom :-).
> >
> > On the IANA issue. I believe all our numbers for ECC groups
> were assigned
> by
> > IANA as specified in RFC 2409. I believe the link to the
> numbers on the
> IANA
> > site is:
> > http://www.isi.edu/in-notes/iana/assignments/ipsec-registry.
> >
> > Best regards. Simon
> >
> > S. Blake-Wilson
> > Certicom Corp.
> >
> > Dan Harkins <dharkins@cips.nokia.com> on 10/05/2000 02:58:16 PM
> >
> > To: Simon Blake-Wilson/Certicom@Certicom
> > cc: Ari Huttunen <Ari.Huttunen@F-Secure.com>, ipsec
> <ipsec@lists.tislabs.com>
> > Subject: Re: Larger DH groups?
> >
> > While updating the "Additional ECC groups for IKE" draft can you
> unqualify
> > your IP statement? Do you or do you not have patents that
> cover this? It
> > would be nice if there was a one syllable response to the
> question "is a
> > license from Certicom essential to implement these curves?"
> >
> > Also, in the AES assigned numbers thread it became
> obvious that certain
> > vendors have been assigning numbers which are reserved to
> IANA to their
> > own use of algorithms. I'd like to note that you are
> repeating this error
> > in your draft and respectfully ask you to use numbers from
> the private use
> > range for all the groups in this draft. Section 11.4 of
> RFC2409 describes
> > the procedure necessary for you to follow to get IANA to
> assign number to
> > you.
> >
> > Dan.
> >
> > On Thu, 05 Oct 2000 12:08:23 EDT you wrote
> > >
> > > Diffie-Hellman is a cubic operation, so I believe
> 15000-bit DH should
> take
> > about
> > > 15^3 approx=3000 times as long as 1000-bit DH, and
> 512-bit ECDH should
> take
> > > about 25 times as long as 160-bit ECC. We don't have
> implementations of
> > > 15000-bit DH but we do have 512-bit ECDH and our
> performance roughly
> follows
> > the
> > > estimates. (In fact we're in the process of adding
> 512-bit curves to our
> > > "Additional ECC groups for IKE" draft so that it has complete AES
> support.)
> > >
> > > Best regards. Simon
> > >
> > > S. Blake-Wilson
> > > Certicom Corp.
> > >
> > >
> > >
> > >
> > >
> > > Ari Huttunen <Ari.Huttunen@F-Secure.com> on 10/05/2000 11:02:42 AM
> > >
> > > To: ipsec <ipsec@lists.tislabs.com>
> > > cc: (bcc: Simon Blake-Wilson/Certicom)
> > > Subject: Larger DH groups?
> > >
> > >
> > >
> > >
> > > Are there plans/interest in specifying larger standard DH
> groups, now
> that
> > > the AES has been chosen?
> > >
> > > If so, what sizes would be appropriate? Tero earlier
> posted groups of
> > > 2000-4000 bits, the draft for AES talks about 14000.
> Anybody know just
> > > how slow would 14000 bit modulus be? (I can guess it's
> something between
> > > extremely slow and ridiculously slow..) What about the
> speed of a 500
> bit
> > EC2N?
> > >
> > > Ari
> > >
> > > --
> > > Ari Huttunen phone: +358 9 859 900
> > > Senior Software Engineer fax : +358 9 8599 0452
> > >
> > > F-Secure Corporation http://www.F-Secure.com
> > >
> > > F-Secure products: Integrated Solutions for Enterprise Security
>