[Cryptography Team] ECC and/or NSA Suite B?

Matthew S. Hamrick mhamrick at cryptonomicon.net
Fri Nov 24 20:24:55 UTC 2006 

On Nov 24, 2006, at 11:43 AM, Ron Teitelbaum wrote:

> What has Sun contributed to OpenSSL?  I guess my question is this:  
> If there
> are version of ECC that are developed and patented by Sun that have  
> been
> given to the OS communities, either directly or through the OpenSSL  
> license
> then can we use their implementation?
>

Yes.

> I wouldn't want to post any code that is not open source in our  
> library
> which would includes IDEA, MDC2 and RC5.
>

Some people use SSL with RC5 and many banking applications rely on MDC2.

> If we find that ECC is only available to government users then I  
> suggest we
> do not include it in our repository, the risk would be too great.
>

Why?

> What we need to understand is what ECC technology is currently Open  
> Source
> and can we do our own implementation and distribute it.
>

ECC is not "Open Source." Open Source generally refers to copyrights,  
not patents. ECC and it's related technologies may be patented, but  
in general not copyrighted. An implementation of an ECC cryptosystem  
may be copyrighted, even if it is not patented. By using an open  
source license, the copyright holder of the implementation may  
describe rights under which third parties may copy the implementation.

So...

Even if someone has a copyrighted implementation, you may still be  
able to use it as part of OpenSSL, if that implementation has been  
licensed under the appropriate open source license. (look at Borzoi,  
for instance.) But... if even an open source implementation is put in  
a product and sold, this is a clear violation of patent. Things get a  
little murkier when you're including encumbered technology outside of  
a commercial product. However... if the patent holder issues a  
royalty-free, non-commercial license (as is the case for IDEA) then I  
would guess it's okay to produce and distribute an implementation, as  
long as you don't violate the terms of the non-commercial license.  
Since the Squeak community is not a commercial entity, I think  
there's a justification here...

In short... many patent-holders have explicitly granted third parties  
the right to a royalty-free non-commercial license. In these cases it  
might be useful to include this technology in the repository, but  
possibly make a default Squeak image without it. (As it's entirely  
possible that someone may include Squeak in a commercial product.)  
But the reason you would not want to include encumbered technology in  
a default squeak image is not because the Squeak community could get  
in trouble, but because it would require people who want to use  
Squeak commercially to understand (and possibly remove) code that  
implements the encumbered technology.

> Ron
>
>> -----Original Message-----
>> From: Cerebus [mailto:cerebus2 at gmail.com]
>> Sent: Friday, November 24, 2006 2:36 PM
>> To: Ron at usmedrec.com; Cryptography Team Development List
>> Subject: Re: RE: [Cryptography Team] ECC and/or NSA Suite B?
>>
>> Certicom also holds patents on a number of ECC things (like almost  
>> all
>> of ECMQV and things like point compression).  NSA has licensed
>> Certicom's ECC patents en masse for anything done on US Gov't
>> contract.
>>
>> There's a patent letter on the SECG website:
>>
>> http://www.secg.org/
>>
>> Part of the problem right now is that ECC work is a bit divided,  
>> which
>> has made standardization a bit of a pain.
>>
>> -- Tim
>>
>> On 11/24/06, Ron Teitelbaum <Ron at usmedrec.com> wrote:
>>> Forgot the link:
>>> http://www.sun.com/emrkt/innercircle/newsletter/0304cto.html
>>>
>>> Ron
>>>
>>>> -----Original Message-----
>>>> From: Ron Teitelbaum [mailto:Ron at USMedRec.com]
>>>> Sent: Friday, November 24, 2006 2:25 PM
>>>> To: 'Cryptography Team Development List'
>>>> Subject: RE: [Cryptography Team] ECC and/or NSA Suite B?
>>>>
>>>> I'm not sure I understand this since SUN released ECC to the public
>>>> domain.  I'll get an opinion on it:
>>>>
>>>>> -----Original Message-----
>>>>> From: cryptography-bounces at lists.squeakfoundation.org
>>>>> [mailto:cryptography-bounces at lists.squeakfoundation.org] On Behalf
>> Of
>>>>> Matthew S. Hamrick
>>>>> Sent: Friday, November 24, 2006 2:07 PM
>>>>> To: Cryptography Team Development List
>>>>> Subject: Re: [Cryptography Team] ECC and/or NSA Suite B?
>>>>>
>>>>> Keep in mind, however, that products violate patent restrictions,
>> not
>>>>> implementations. Otherwise OpenSSL would not be able to include
>> IDEA,
>>>>> MDC2 or RC5.
>>>>>
>>>>> With all the discussion of FIPS 140, I had assumed that most
>> everyone
>>>>> on the list is working on government contracts. Otherwise, why
>> bother
>>>>> with it?
>>>>>
>>>>> The NSA negotiated a blanket US Federal Government deal for
>>>>> Certicom's patent portfolio for use in ECDSA, ECDH and ECMQV.  
>>>>> So...
>>>>> if you're a federal government agency, you get to use these
>>>>> algorithms without having to pay Certicom anything extra. So... if
>>>>> part of what you're hoping to do is to create an ECC  
>>>>> implementation
>>>>> that can be used by a federal agency, then you can do so without
>> fear
>>>>> of the Certicom lawyers. Now... the moment the implementation gets
>>>>> used in a commercial product, then you've got issues.
>>>>>
>>>>> On Nov 23, 2006, at 10:24 PM, Cerebus wrote:
>>>>>
>>>>>> Is anyone working on Suite B stuff?
>>>>>>
>>>>>> Rijndael is there, but it probably should be subclassed as AES
>> proper
>>>>>> if only to lock down the blocksize to 128 bits and the keysize to
>> the
>>>>>> allowed 128 & 256 bits.
>>>>>>
>>>>>> SHA256 is there, but it doesn't extent to cover the rest of the
>> SHA2
>>>>>> family (SHA384 and SHA512).  SHA384 is part of Suite B.
>>>>>>
>>>>>> Is anyone working on ECDSA, ECDH & ECMQV?  (Well, given that  
>>>>>> ECMQV
>> is
>>>>>> more heavily patent-encumbered in the US, I can understand if  
>>>>>> it's
>>>>>> left by the wayside).
>>>>>>
>>>>>> If not I might take a crack at a couple of pieces.
>>>>>>
>>>>>> -- Tim
>>>>>> _______________________________________________
>>>>>> Cryptography mailing list
>>>>>> Cryptography at lists.squeakfoundation.org
>>>>>> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/
>>>>>> cryptography
>>>>>
>>>>> _______________________________________________
>>>>> Cryptography mailing list
>>>>> Cryptography at lists.squeakfoundation.org
>>>>> http://lists.squeakfoundation.org/cgi-
>> bin/mailman/listinfo/cryptography
>>>
>>>
>>> _______________________________________________
>>> Cryptography mailing list
>>> Cryptography at lists.squeakfoundation.org
>>> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/ 
>>> cryptography
>>>
>
> _______________________________________________
> Cryptography mailing list
> Cryptography at lists.squeakfoundation.org
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/ 
> cryptography

More information about the Cryptography mailing list