[18459] in cryptography@c2.net mail archive
Re: ECC patents?
daemon@ATHENA.MIT.EDU (Paul Hoffman)
Wed Sep 14 12:57:22 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <TheMailAgent.7208cf621cc4626@17c246a2cc66401e53ffa>
Date: Wed, 14 Sep 2005 08:56:38 -0700
To: Alexander Klimov <alserkli@inbox.ru>, cryptography@metzdowd.com
From: Paul Hoffman <paul.hoffman@vpnc.org>
At 12:18 PM +0300 9/14/05, Alexander Klimov wrote:
>This hints that indeed only some particular curves are patented.
It's not just curves. Certicom has patents for some optimizations and
methods for validating the strength of some uses of ECC.
>Grepping -list_curves of the new openssl (0.9.8) which has a list of
>curves from SECG, WTLS, NIST, and X9.62 gives not that much:
>
> secp256k1 : SECG curve over a 256 bit prime field
> secp384r1 : NIST/SECG curve over a 384 bit prime field
> secp521r1 : NIST/SECG curve over a 521 bit prime field
> prime256v1: X9.62/SECG curve over a 256 bit prime field
>
>Alternatively, this coverage can be interpreted that NSA is not
>interested in curves which provide less security than 128-bit AES.
>
>Any idea, which alternative is true?
Both are probably true. Why would anybody be interested in curves
that do not support their minimum strength ciphers?
--Paul Hoffman, Director
--VPN Consortium
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
