[Cryptography] Dual EC backdoor was patented by Certicom?
Tanja Lange
tanja at hyperelliptic.org
Sun Jun 15 22:21:33 EDT 2014
> This is all certainly quite interesting, but it is hardly new. This
> fact has been known since Dec 2013:
> http://blog.cryptographyengineering.com/2013/12/a-few-more-notes-on-nsa-random-number.html
>
> Or am I missing something here? From what I can see, the project
> bullrun webpage just lists already known facts (however I think it was
> originally Tanja Lange who made this issue public, so credit goes to
> the right people - it's just not new).
>
At the risk of touting my own horn here:
That part of the projectbullrun page is up since Thursday and has much
more. In Dec we knew that there was a publication in 2007 and that there
were differences between the claims in that and the granted ones; there
was a priority date of 2005 on the 2007 publication.
By digging through the prosecution history I now have proof that
* Brown and Vanstone knew the full extend of the back door (how to use
it, how to avoid it) when they filed their provisional application Jan
2005.
* The application was handed to the NSA, hence from that point on they
knew of the back door (and knew that others knew) -- just in case they
had missed it before ...
* The reason that the escrow claim is missing in the granted patend is
purely administrative -- Certicom had to split the patent, at this
point they have one derivative application running and can file for
more.
Other news:
* The full patent got granted in the EU, i.e. both escrow use and escrow
avoidance.
* The European patent is being maintained, meaning they keep paying.
Finally, the first pubication of this whole application was in 2006!
just a few weeks after SP800-90 came out and before any company had
their implementation certifed.
Details and links on
https://projectbullrun.org/dual-ec/patent.html
Tanja
More information about the cryptography
mailing list