ECC patents

Patent-related uncertainty around elliptic curve cryptography (ECC), or ECC patents, is one of the main factors limiting its wide acceptance. For example, the OpenSSL team accepted an ECC patch only in 2005 (in OpenSSL version 0.9.8), despite the fact that it was submitted in 2002.

According to Bruce Schneier as of May 31, 2007, "Certicom certainly can claim ownership of ECC. The algorithm was developed and patented by the company's founders, and the patents are well written and strong. I don't like it, but they can claim ownership."^[1] Additionally, NSA has licensed MQV and other ECC patents from Certicom in a US$25 million deal for NSA Suite B algorithms.^[2] (ECMQV is no longer part of Suite B.)

However, according to RSA Laboratories, "in all of these cases, it is the implementation technique that is patented, not the prime or representation, and there are alternative, compatible implementation techniques that are not covered by the patents."^[3] Additionally, Daniel Bernstein has stated that he is "not aware of" patents that cover the Curve25519 elliptic curve Diffie–Hellman algorithm or its implementation.^[4] RFC 6090, published in February of 2011, documents ECC techniques which were published so long ago that even if they were patented, any such patents would now be expired.

Known patents

• Certicom holds a patent on efficient GF(2ⁿ) multiplication in normal basis representation.
• Certicom holds multiple patents which cover the MQV (Menezes, Qu, and Vanstone) key agreement technique.
• Certicom holds U.S. Patent 6,563,928 on technique of validating the key exchange messages using ECC to prevent a man-in-the middle attack
• Certicom holds U.S. Patent 6,141,420 on techniques for compressing elliptic curve point representations.
• Certicom holds U.S. Patent 6,782,100 on calculating the x-coordinate of the double of a point in binary curves via a Montgomery ladder in projective coordinates.
• US National Security Agency holds U.S. Patent 4,567,600, U.S. Patent 4,587,627, U.S. Patent 6,212,279, U.S. Patent 6,243,467 on efficient GF(2ⁿ) calculations in normal basis (terms of some patents have expired)
• RSA Data Security holds U.S. Patent 5,854,759 on efficient basis conversion
• Hewlett-Packard holds U.S. Patent 6,252,960 on compression and decompression of data points on elliptic curves

According to the NSA, Certicom holds over 130 patents relating to elliptic curves and public key cryptography in general[3].

It is difficult to create a complete list of patents which are related to ECC, but a good starting point is Standards for Efficient Cryptography Group (SECG) – a group devoted exclusively to developing standards based on ECC. There is controversy over the validity of some of the patent claims.^{[citation needed]}

Certicom's lawsuit against Sony

On May 30, 2007, Certicom filed a lawsuit against Sony in United States District Court for the Eastern District of Texas Marshall office, claiming that Sony's use of ECC in Advanced Access Content System and Digital Transmission Content Protection violates Certicom's patents for that cryptographic method. In particular, Certicom alleged violation of U.S. Patent 6,563,928 and U.S. Patent 6,704,870. The lawsuit was dismissed on May 27, 2009.^[5]

As the prior art Sony claimed ^[6]:

• For '870 patent: Alfred J. Menezes, Minghua Qu and Scott A. Vanstone, IEEE P1363 Standard, Standard for RSA, Diffie–Hellman and Related Public-Key Cryptography, Part 6: Elliptic Curve Systems (Draft 2) (October 30, 1994)
• For '928 patent: Scott A. Vanstone, G. B. Agnew and R. C. Mullin, An implementation of elliptic curve cryptosystems over F₂155, IEEE Journal on Selected Areas in Communications, Volume 11, Issue 5, Jun 1993 p. 804 - 813

See also

• Elliptic curve cryptography

References

• RSA Laboratories, Crypto FAQ: 6.3.4 Are elliptic curve cryptosystems patented?
• The Case for Elliptic Curve Cryptography, National Security Agency discusses patent situation
• "Open-source group gets Sun security gift". CNET News.com. http://www.news.com/Open-source-group-gets-Sun-security-gift/2100-1001_3-958679.html. Retrieved 2008-02-10. 
• Alexander Klimov, Re: ECC patents?, Cryptography at metzdowd.com, October 15, 2005
• Bodo Moeller, Re: ECC patents?, Cryptography at metzdowd.com, October 17, 2005
• SECG: Patents held by Certicom as of May 26, 1999 and as of February 10, 2005
• Harper, Menezes and Vanstone, Public-Key Cryptosystems with Very Small Key Lengths, EUROCRYPT '92 (LNCS 658)
• Certicom v Sony complaint, [4]

1. ^ Link to Quote
2. ^ http://www.certicom.com/index.php/2003-press-releases/37-2003-press-releases/314-certicom-sells-licensing-rights-to-nsa
3. ^ RSA Laboratories, Crypto FAQ: 6.3.4 Are elliptic curve cryptosystems patented?
4. ^ D.J. Bernstein, Irrelevant patents on elliptic-curve cryptography
5. ^ Order dismissing case pursuant to the Stipulated motion to dismiss without prejudice [1]
6. ^ Defendants' Second Amended ANSWER to Complaint [2]