[Cryptography] NSA and cryptanalysis

Jon Callas jon at callas.org
Tue Sep 3 12:28:29 EDT 2013

Hash: SHA1

> What is the state of prior art for the P-384? When was it first published?
> Given that RIM is trying to sell itself right now and the patents are the only asset worth having, I don't have good feelings on this. Well apart from the business opportunities for expert witnesses specializing in crypto.
> The problem is that to make the market move we need everyone to decide to go in the same direction. So even though my employer can afford a license, there is no commercial value to that license unless everyone else has access.
> Do we have an ECC curve that is (1) secure and (2) has a written description prior to 1 Sept 1993?
> Due to submarine patent potential, even that is not necessarily enough but it would be a start.

My understanding is that of the NIST curves, P-256 and P-384 are unencumbered and that P-521 was dropped from Suite B because of IP concerns along with MQV. I don't pretend to speak with authority on any of it. The niggling things often don't make sense. I'm just saying what my understanding is.


Version: PGP Universal 3.2.0 (Build 1672)
Charset: iso-8859-1


More information about the cryptography mailing list