ECC patents

Last updated September 05, 2023

Patent-related uncertainty around elliptic curve cryptography (ECC), or ECC patents, is one of the main factors limiting its wide acceptance. For example, the OpenSSL team accepted an ECC patch only in 2005 (in OpenSSL version 0.9.8), despite the fact that it was submitted in 2002.

According to Bruce Schneier as of May 31, 2007, "Certicom certainly can claim ownership of ECC. The algorithm was developed and patented by the company's founders, and the patents are well written and strong. I don't like it, but they can claim ownership."^[1] Additionally, NSA has licensed MQV and other ECC patents from Certicom in a US$25 million deal for NSA Suite B algorithms.^[2] (ECMQV is no longer part of Suite B.)

However, according to RSA Laboratories, "in all of these cases, it is the implementation technique that is patented, not the prime or representation, and there are alternative, compatible implementation techniques that are not covered by the patents."^[3] Additionally, Daniel J. Bernstein has stated that he is "not aware of" patents that cover the Curve25519 elliptic curve Diffie–Hellman algorithm or its implementation.^[4] RFC 6090, published in February 2011, documents ECC techniques, some of which were published so long ago that even if they were patented any such patents for these previously published techniques would now be expired.

Known patents

Certicom holds a patent on efficient GF(2ⁿ) multiplication in normal basis representation; U.S. Patent 5,787,028 expired in 2016.
Certicom holds multiple patents which cover the MQV (Menezes, Qu, and Vanstone) key agreement technique:
- U.S. Patent 5,761,305 expired in 2015
- U.S. Patent 5,889,865 expired in 2015
- U.S. Patent 5,896,455 expired in 2015
- U.S. Patent 6,122,736 expired in 2015
- U.S. Patent 6,785,813 expired in 2017
- EP 0739105 /EP0739105B1 expired in 2016
Certicom holds U.S. Patent 6,563,928 on the technique of validating the key exchange messages using ECC to prevent a man-in-the-middle attack, which expired in 2016. Related U.S. Patent 5,933,504 , U.S. Patent 8,953,787 , U.S. Patent 8,229,113 also expired in 2016 and U.S. Patent 7,567,669 expired in 2018.
Certicom holds U.S. Patent 6,704,870 and U.S. Patent 5,999,626 regarding digital signatures on a smartcard; these expired in 2017 and 2016 respectively.
Certicom holds U.S. Patent 6,782,100 on calculating the x-coordinate of the double of a point in binary curves via a Montgomery ladder in projective coordinates. The priority date is Jan 29, 1997, and the filing date is Oct 2, 2000. Claims disclosed in the original patent application have expired but some claims kept going enforceable until 2020^{[ citation needed ]}.
US National Security Agency holds U.S. Patent 4,567,600 , U.S. Patent 4,587,627 , U.S. Patent 6,212,279 , U.S. Patent 6,243,467 on efficient GF(2ⁿ) calculations on a normal basis (all of these patents expired or lapsed (as Google shows) due to failure to pay fees)
RSA Data Security holds U.S. Patent 5,854,759 on efficient basis conversion. It expired in 2017.
Hewlett-Packard holds U.S. Patent 6,252,960 on compression and decompression of data points on elliptic curves. It expired in 2018.

According to the NSA, Certicom holds over 130 patents relating to elliptic curves and public key cryptography in general.^[5]

It is difficult to create a complete list of patents that are related to ECC, but a good starting point is the Standards for Efficient Cryptography Group (SECG) – a group devoted exclusively to developing standards based on ECC, however, https://www.secg.org/ the group's official website has an indicator that states "shut down for repairs" since 2014, and it states that "The site is being restored" since then. There is controversy over the validity of some of the patent claims.^[4]

Certicom's lawsuit against Sony

On May 30, 2007, Certicom filed a lawsuit against Sony in United States District Court for the Eastern District of Texas Marshall office, claiming that Sony's use of ECC in Advanced Access Content System and Digital Transmission Content Protection violates Certicom's patents for that cryptographic method. In particular, Certicom alleged violation of U.S. Patent 6,563,928 and U.S. Patent 6,704,870 . The lawsuit was dismissed on May 27, 2009.^[6] The stipulation states, "Whereas Certicom and Sony have entered into a settlement agreement pursuant to which they have agreed to a dismissal without prejudice, these parties therefore jointly move to dismiss all claims and counterclaims asserted in this suit, without prejudice to the right to pursue any such claims and counterclaims in the future."^[7]

As for the prior art, Sony claimed:^[8]

For '870 patent: Alfred J. Menezes, Minghua Qu and Scott A. Vanstone, IEEE P1363 Standard, Standard for RSA, Diffie–Hellman and Related Public-Key Cryptography, Part 6: Elliptic Curve Systems (Draft 2) (October 30, 1994)
For '928 patent: Scott A. Vanstone, G. B. Agnew and R. C. Mullin, An implementation of elliptic curve cryptosystems over F₂155, IEEE Journal on Selected Areas in Communications, Volume 11, Issue 5, Jun 1993 p. 804 - 813

Related Research Articles

In cryptography, key size, key length, or key space refer to the number of bits in a key used by a cryptographic algorithm.

Elliptic-curve cryptography (ECC) is an approach to public-key cryptography based on the algebraic structure of elliptic curves over finite fields. ECC allows smaller keys compared to non-EC cryptography to provide equivalent security.

<span class="mw-page-title-main">Public-key cryptography</span> Cryptographic system with public and private keys

Public-key cryptography, or asymmetric cryptography, is the field of cryptographic systems that use pairs of related keys. Each key pair consists of a public key and a corresponding private key. Key pairs are generated with cryptographic algorithms based on mathematical problems termed one-way functions. Security of public-key cryptography depends on keeping the private key secret; the public key can be openly distributed without compromising security.

Articles related to cryptography include:

RSA Security LLC, formerly RSA Security, Inc. and doing business as RSA, is an American computer and network security company with a focus on encryption and encryption standards. RSA was named after the initials of its co-founders, Ron Rivest, Adi Shamir and Leonard Adleman, after whom the RSA public key cryptography algorithm was also named. Among its products is the SecurID authentication token. The BSAFE cryptography libraries were also initially owned by RSA. RSA is known for incorporating backdoors developed by the NSA in its products. It also organizes the annual RSA Conference, an information security conference.

In cryptography, the Elliptic Curve Digital Signature Algorithm (ECDSA) offers a variant of the Digital Signature Algorithm (DSA) which uses elliptic-curve cryptography.

NTRU is an open-source public-key cryptosystem that uses lattice-based cryptography to encrypt and decrypt data. It consists of two algorithms: NTRUEncrypt, which is used for encryption, and NTRUSign, which is used for digital signatures. Unlike other popular public-key cryptosystems, it is resistant to attacks using Shor's algorithm. NTRUEncrypt was patented, but it was placed in the public domain in 2017. NTRUSign is patented, but it can be used by software under the GPL.

Hyperelliptic curve cryptography is similar to elliptic curve cryptography (ECC) insofar as the Jacobian of a hyperelliptic curve is an abelian group in which to do arithmetic, just as we use the group of points on an elliptic curve in ECC.

Scott A. Vanstone was a mathematician and cryptographer in the University of Waterloo Faculty of Mathematics. He was a member of the school's Centre for Applied Cryptographic Research, and was also a founder of the cybersecurity company Certicom. He received his PhD in 1974 at the University of Waterloo, and for about a decade worked principally in combinatorial design theory, finite geometry, and finite fields. In the 1980s he started working in cryptography. An early result of Vanstone was an improved algorithm for computing discrete logarithms in binary fields, which inspired Don Coppersmith to develop his famous exp(n^{1/3+ε}) algorithm.

The Centre for Applied Cryptographic Research (CACR) is a group of industrial representatives, professors, and students at the University of Waterloo in Waterloo, Ontario, Canada who work and do research in the field of cryptography.

Gerhard Frey is a German mathematician, known for his work in number theory. Following an original idea of Hellegouarch, he developed the notion of Frey–Hellegouarch curves, a construction of an elliptic curve from a purported solution to the Fermat equation, that is central to Wiles's proof of Fermat's Last Theorem.

In cryptography, the Standards for Efficient Cryptography Group (SECG) is an international consortium founded by Certicom in 1998. The group exists to develop commercial standards for efficient and interoperable cryptography based on elliptic curve cryptography (ECC).

NSA Suite B Cryptography was a set of cryptographic algorithms promulgated by the National Security Agency as part of its Cryptographic Modernization Program. It was to serve as an interoperable cryptographic base for both unclassified information and most classified information.

IEEE P1363 is an Institute of Electrical and Electronics Engineers (IEEE) standardization project for public-key cryptography. It includes specifications for:

Alfred Menezes is co-author of several books on cryptography, including the Handbook of Applied Cryptography, and is a professor of mathematics at the University of Waterloo in Canada.

In cryptography, implicit certificates are a variant of public key certificate. A subject's public key is reconstructed from the data in an implicit certificate, and is then said to be "implicitly" verified. Tampering with the certificate will result in the reconstructed public key being invalid, in the sense that it is infeasible to find the matching private key value, as would be required to make use of the tampered certificate.

Dual_EC_DRBG is an algorithm that was presented as a cryptographically secure pseudorandom number generator (CSPRNG) using methods in elliptic curve cryptography. Despite wide public criticism, including the public identification of the possibility that the National Security Agency put a backdoor into a recommended implementation, it was for seven years one of four CSPRNGs standardized in NIST SP 800-90A as originally published circa June 2006, until it was withdrawn in 2014.

The following outline is provided as an overview of and topical guide to cryptography:

The Commercial National Security Algorithm Suite (CNSA) is a set of cryptographic algorithms promulgated by the National Security Agency as a replacement for NSA Suite B Cryptography algorithms. It serves as the cryptographic base to protect US National Security Systems information up to the top secret level, while the NSA plans for a transition to quantum-resistant cryptography.

References

↑ Fulton, III, Scott M. (2007-05-30). "Certicom Patent Suit Against Sony Threatens to Unravel AACS". betanews.com. Retrieved 2013-08-12.
↑ "Certicom Sells Licensing Rights to NSA". Certicom. 2003-10-24. Retrieved 2013-08-12.
↑ "Are elliptic curve cryptosystems patented?". RSA Security. Archived from the original on 2013-05-24. Retrieved 2013-08-12.
1 2 Bernstein, Daniel J. (2006-05-23). "Irrelevant patents on elliptic-curve cryptography" . Retrieved 2013-08-12.
↑ "The Case for Elliptic Curve Cryptography". NSA. 2009-01-15. Archived from the original on 2009-01-17. Retrieved 2013-08-12.
↑ "Certicom Corporation et al v. Sony Corporation et al Featured Case Has Decisions". justia.com. 2009-05-27. Retrieved 2013-08-12.
↑ "Certicom Corporation et al v. Sony Corporation et al, Filing: 112". justia.com. 2009-05-27. Retrieved 2023-03-20.
↑ "Certicom Corporation et al v. Sony Corporation et al, Filing: 52". justia.com. 2008-07-14. Retrieved 2023-03-20.

External links

"Crypto FAQ: 6.3.4 Are elliptic curve cryptosystems patented?". RSA Security. Archived from the original on 2013-05-24. Retrieved 2013-08-12.
"The Case for Elliptic Curve Cryptography". National Security Agency. 2009-01-15. Archived from the original on 2009-01-17. Retrieved 2013-08-12.
Shankland, Stephen (2002-09-19). "Open-source group gets Sun security gift". CNET . Retrieved 2013-08-12.
Klimov, Alexander (2005-10-15). "ECC patents?". cryptography at metzdowd.com. Archived from the original on 2016-04-09. Retrieved 2013-08-12.
Moeller, Bodo (2005-10-17). "ECC patents?". cryptography@metzdowd.com. Archived from the original on 2016-04-09. Retrieved 2013-08-12.
"SECG Patent Policy of April 26, 1999: Patents held by Certicom" (PDF). SECG. 1999-05-27. Retrieved 2013-08-12.
"SECG Patent Policy as of February 10, 2005: Patents held by Certicom" (PDF). SECG. 2005-02-10. Retrieved 2013-08-12.
Harper, Menezes and Vanstone, Public-Key Cryptosystems with Very Small Key Lengths, EUROCRYPT '92 (LNCS 658)
"Certicom v Sony complaint, 2:07-cv-216" (PDF). 2007-05-31. Retrieved 2013-08-12.
Denis, Tom St. (2006). "Elliptic Curve Cryptography Redux" (PDF). Toorcon 0x08: 24–28. Archived from the original (PDF) on 2012-02-01. Retrieved 2013-04-11.

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] Fulton, III, Scott M. (2007-05-30). "Certicom Patent Suit Against Sony Threatens to Unravel AACS". betanews.com. Retrieved 2013-08-12.

[2] "Certicom Sells Licensing Rights to NSA". Certicom. 2003-10-24. Retrieved 2013-08-12.

[3] "Are elliptic curve cryptosystems patented?". RSA Security. Archived from the original on 2013-05-24. Retrieved 2013-08-12.

[:0-4] 1 2 Bernstein, Daniel J. (2006-05-23). "Irrelevant patents on elliptic-curve cryptography" . Retrieved 2013-08-12.

[5] "The Case for Elliptic Curve Cryptography". NSA. 2009-01-15. Archived from the original on 2009-01-17. Retrieved 2013-08-12.

[6] "Certicom Corporation et al v. Sony Corporation et al Featured Case Has Decisions". justia.com. 2009-05-27. Retrieved 2013-08-12.

[7] "Certicom Corporation et al v. Sony Corporation et al, Filing: 112". justia.com. 2009-05-27. Retrieved 2023-03-20.

[8] "Certicom Corporation et al v. Sony Corporation et al, Filing: 52". justia.com. 2008-07-14. Retrieved 2023-03-20.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]