[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Larger DH groups?

To: "Glawitsch, Gregor" <Gregor_Glawitsch@nai.com>, ipsec <ipsec@lists.tislabs.com>
Subject: RE: Larger DH groups?
From: Chris Trobridge <CTrobridge@baltimore.com>
Date: Thu, 12 Oct 2000 14:12:24 +0100
Sender: owner-ipsec@lists.tislabs.com
I had a look at the patent database and Certicom not the only ones to claim
a digital signature patent using Elliptic curves.

US6088798 is a digital signature algorithm (a collection thereof?), filed by
"Kabushiki Kaisha Toshiba, Kawasaki, Japan".

I'm not particularly familiar with the patent system but it seems fairly
obscure and I wouldn't want to be responsible for making decisions about
patents...

Chris

> -----Original Message-----
> From: Glawitsch, Gregor [mailto:Gregor_Glawitsch@nai.com]
> Sent: 06 October 2000 22:46
> To: ipsec
> Subject: RE: Larger DH groups?
> 
> 
> I think it is actually GOOD if Simon/Certicom tries
> to claim that their patents cover the whole EC area.
> 
> As the old saying goes:
>    Here lies a toppled god,
>    his fall was not a small one,
>    we did but build a pedestal,
>    a narrow and a tall one.
> 
> What I'm trying to say: If they try to claim too
> much coverage, someone will show the judge a
> late seventies/early eighties Cryptography
> textbook and the patent will be thrown out
> faster than any Certicom lawyer can say the
> S-word.
> 
> Greg
> 
> -----Original Message-----
> From: Scott G. Kelly [mailto:skelly@redcreek.com]
> Sent: Friday, October 06, 2000 1:07 PM
> To: Simon Blake-Wilson
> Cc: Dan Harkins; Ari Huttunen; ipsec
> Subject: Re: Larger DH groups?
> 
> 
> My understanding from earlier statements from certicom (minneapolis
> ietf?) was that certicom is attempting to patent certain ec 
> acceleration
> techniques, but that ec's themselves are not patentable. Your 
> statement
> seems to be that ec's in any form are either patented or 
> patent-pending
> by certicom. Is this correct?
> 
> Simon Blake-Wilson wrote:
> > 
> > Hi Dan,
> > 
> > Ahh ... the eternal patent question. Unfortunately the patent system
> doesn't
> > allow the kind of black and white answer you're looking 
> for. However I
> think our
> > IPR statement is fairly clear that we believe we have 
> patents and patent
> > applcations covering ECC. Our advice to anyone implementing 
> ECC is to take
> a
> > license from Certicom :-).
> > 
> > On the IANA issue. I believe all our numbers for ECC groups 
> were assigned
> by
> > IANA as specified in RFC 2409. I believe the link to the 
> numbers on the
> IANA
> > site is:
> > http://www.isi.edu/in-notes/iana/assignments/ipsec-registry.
> > 
> > Best regards. Simon
> > 
> > S. Blake-Wilson
> > Certicom Corp.
> > 
> > Dan Harkins <dharkins@cips.nokia.com> on 10/05/2000 02:58:16 PM
> > 
> > To:   Simon Blake-Wilson/Certicom@Certicom
> > cc:   Ari Huttunen <Ari.Huttunen@F-Secure.com>, ipsec
> <ipsec@lists.tislabs.com>
> > Subject:  Re: Larger DH groups?
> > 
> >   While updating the "Additional ECC groups for IKE" draft can you
> unqualify
> > your IP statement? Do you or do you not have patents that 
> cover this? It
> > would be nice if there was a one syllable response to the 
> question "is a
> > license from Certicom essential to implement these curves?"
> > 
> >   Also, in the AES assigned numbers thread it became 
> obvious that certain
> > vendors have been assigning numbers which are reserved to 
> IANA to their
> > own use of algorithms. I'd like to note that you are 
> repeating this error
> > in your draft and respectfully ask you to use numbers from 
> the private use
> > range for all the groups in this draft. Section 11.4 of 
> RFC2409 describes
> > the procedure necessary for you to follow to get IANA to 
> assign number to
> > you.
> > 
> >   Dan.
> > 
> > On Thu, 05 Oct 2000 12:08:23 EDT you wrote
> > >
> > > Diffie-Hellman is a cubic operation, so I believe 
> 15000-bit DH should
> take
> > about
> > > 15^3 approx=3000 times as long as 1000-bit DH, and 
> 512-bit ECDH should
> take
> > > about 25 times as long as 160-bit ECC. We don't have 
> implementations of
> > > 15000-bit DH but we do have 512-bit ECDH and our 
> performance roughly
> follows
> > the
> > > estimates. (In fact we're in the process of adding 
> 512-bit curves to our
> > > "Additional ECC groups for IKE" draft so that it has complete AES
> support.)
> > >
> > > Best regards. Simon
> > >
> > > S. Blake-Wilson
> > > Certicom Corp.
> > >
> > >
> > >
> > >
> > >
> > > Ari Huttunen <Ari.Huttunen@F-Secure.com> on 10/05/2000 11:02:42 AM
> > >
> > > To:   ipsec <ipsec@lists.tislabs.com>
> > > cc:    (bcc: Simon Blake-Wilson/Certicom)
> > > Subject:  Larger DH groups?
> > >
> > >
> > >
> > >
> > > Are there plans/interest in specifying larger standard DH 
> groups, now
> that
> > > the AES has been chosen?
> > >
> > > If so, what sizes would be appropriate? Tero earlier 
> posted groups of
> > > 2000-4000 bits, the draft for AES talks about 14000. 
> Anybody know just
> > > how slow would 14000 bit modulus be? (I can guess it's 
> something between
> > > extremely slow and ridiculously slow..) What about the 
> speed of a 500
> bit
> > EC2N?
> > >
> > > Ari
> > >
> > > --
> > > Ari Huttunen                   phone: +358 9 859 900
> > > Senior Software Engineer       fax  : +358 9 8599 0452
> > >
> > > F-Secure Corporation       http://www.F-Secure.com
> > >
> > > F-Secure products: Integrated Solutions for Enterprise Security
>
Prev by Date: Re: Simplifying IKE
Next by Date: Re: Simplifying IKE
Prev by thread: RE: Larger DH groups?
Next by thread: Losing one private key
Index(es):
- Main
- Thread