[Cryptography] Dual EC backdoor was patented by Certicom?

Tanja Lange tanja at hyperelliptic.org
Sun Jun 15 22:21:33 EDT 2014


> This is all certainly quite interesting, but it is hardly new. This
> fact has been known since Dec 2013:
> http://blog.cryptographyengineering.com/2013/12/a-few-more-notes-on-nsa-random-number.html
> 
> Or am I missing something here? From what I can see, the project
> bullrun webpage just lists already known facts (however I think it was
> originally Tanja Lange who made this issue public, so credit goes to
> the right people - it's just not new).
>
At the risk of touting my own horn here: 
That part of the projectbullrun page is up since Thursday and has much 
more. In Dec we knew that there was a publication in 2007 and that there
were differences between the claims in that and the granted ones; there
was a priority date of 2005 on the 2007 publication.

By digging through the prosecution history I now have proof that
* Brown and Vanstone knew the full extend of the back door (how to use
  it, how to avoid it) when they filed their provisional application Jan
  2005.
* The application was handed to the NSA, hence from that point on they
  knew of the back door (and knew that others knew) -- just in case they
  had missed it before ...
* The reason that the escrow claim is missing in the granted patend is
  purely administrative -- Certicom had to split the patent, at this
  point they have one derivative application running and can file for
  more.

Other news:
* The full patent got granted in the EU, i.e. both escrow use and escrow
  avoidance.
* The European patent is being maintained, meaning they keep paying.

Finally, the first pubication of this whole application was in 2006!
just a few weeks after SP800-90 came out and before any company had
their implementation certifed.

Details and links on 
	https://projectbullrun.org/dual-ec/patent.html


Tanja


More information about the cryptography mailing list