[Cryptography Team] ECC and/or NSA Suite B?

Matthew S. Hamrick mhamrick at cryptonomicon.net
Fri Nov 24 20:07:24 UTC 2006 

There are three primary branches of ECC: even-normal, odd-normal and  
ortho-normal. IP covers (I think) ortho- and even-. Sun released (I  
thought) an implementation of the one that's not covered.

Also... Certicom's primary patent is, IMHO, their point-compression  
patent. Without it, it's hard to make a system that guarantees  
certain performance requirements.

On Nov 24, 2006, at 11:25 AM, Ron Teitelbaum wrote:

> I'm not sure I understand this since SUN released ECC to the public  
> domain.
> I'll get an opinion on it:
>
>> -----Original Message-----
>> From: cryptography-bounces at lists.squeakfoundation.org
>> [mailto:cryptography-bounces at lists.squeakfoundation.org] On Behalf Of
>> Matthew S. Hamrick
>> Sent: Friday, November 24, 2006 2:07 PM
>> To: Cryptography Team Development List
>> Subject: Re: [Cryptography Team] ECC and/or NSA Suite B?
>>
>> Keep in mind, however, that products violate patent restrictions, not
>> implementations. Otherwise OpenSSL would not be able to include IDEA,
>> MDC2 or RC5.
>>
>> With all the discussion of FIPS 140, I had assumed that most everyone
>> on the list is working on government contracts. Otherwise, why bother
>> with it?
>>
>> The NSA negotiated a blanket US Federal Government deal for
>> Certicom's patent portfolio for use in ECDSA, ECDH and ECMQV. So...
>> if you're a federal government agency, you get to use these
>> algorithms without having to pay Certicom anything extra. So... if
>> part of what you're hoping to do is to create an ECC implementation
>> that can be used by a federal agency, then you can do so without fear
>> of the Certicom lawyers. Now... the moment the implementation gets
>> used in a commercial product, then you've got issues.
>>
>> On Nov 23, 2006, at 10:24 PM, Cerebus wrote:
>>
>>> Is anyone working on Suite B stuff?
>>>
>>> Rijndael is there, but it probably should be subclassed as AES  
>>> proper
>>> if only to lock down the blocksize to 128 bits and the keysize to  
>>> the
>>> allowed 128 & 256 bits.
>>>
>>> SHA256 is there, but it doesn't extent to cover the rest of the SHA2
>>> family (SHA384 and SHA512).  SHA384 is part of Suite B.
>>>
>>> Is anyone working on ECDSA, ECDH & ECMQV?  (Well, given that  
>>> ECMQV is
>>> more heavily patent-encumbered in the US, I can understand if it's
>>> left by the wayside).
>>>
>>> If not I might take a crack at a couple of pieces.
>>>
>>> -- Tim
>>> _______________________________________________
>>> Cryptography mailing list
>>> Cryptography at lists.squeakfoundation.org
>>> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/
>>> cryptography
>>
>> _______________________________________________
>> Cryptography mailing list
>> Cryptography at lists.squeakfoundation.org
>> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/ 
>> cryptography
>
>
> _______________________________________________
> Cryptography mailing list
> Cryptography at lists.squeakfoundation.org
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/ 
> cryptography

More information about the Cryptography mailing list