2

I saw an article this morning, discussing the fact that RSA and DH may be significantly less secure in the upcoming five years. Although the chance that this will materialize is small, I immediately turned to thinking about reasons why ECC isn't mainstream. The biggest obstacle I have been able to come up with is the fact that BlackBerry (Certicom), and some other companies own a ton of ECC patents, and mostly "own" the technology.

What would be the optimal solution for this issue? I am aware that there are numerous public licenses for open source (FOSS, FLOSS, etc.), but, having never used them before, I am not familiar with their applicability (if at all) in this situation, nor am I familiar with the way that these patents could become open to the public aside from time and purchase.

Who would have the finances and motivations to actually purchase these patents? Are there corporations or organizations that do this in order to bring technology into the open source community, or are there just some rich individuals who do this ad-hoc? Is there another, more optimal solution which could occur, such as white house intervention?

JZeolla
  • 2,936
  • 1
  • 18
  • 25
  • Related: [Can ECC be used without infringing on patents?](http://security.stackexchange.com/questions/3519/can-ecc-be-used-without-infringing-on-patents) – CodesInChaos Aug 07 '13 at 14:03
  • The issues that threaten RSA/DH may also threaten ECC. Also, DH can operate over ECC as well. – tylerl Aug 07 '13 at 22:11
  • @tylerl Interesting, what makes you say that? The article specifically states "Stamos called on the security industry to think about how to move away from Diffie-Hellman and RSA, and specifically to use an alternative known as elliptic curve cryptography (ECC), which is significantly younger but relies on more intractable mathematical challenges to secure encrypted data." – JZeolla Aug 08 '13 at 19:52

1 Answers1

4

ECC patents are more about implementation techniques than the actual mathematical objects. Using elliptic curves for cryptography has been theorized and published in 1985, and patents live for only 20 years, so using elliptic curves is, per se, patent-free since 2005 (whether such patents would have held in court is unclear, but now these do not apply anymore).

It has been said that the implementation of ECC in OpenSSL has been contributed by Sun Microsystems who took great care, in that time, not to use any implementation technique covered by any patent. In that sense, using OpenSSL will keep you free of the shark-infested patent waters. Note that nobody (and certainly not me) is guaranteeing that there won't be any patent-related legal trouble if you use OpenSSL (there are people who sue other people for a living, whether their case is valid or not), but this seems improbable. About half the Web today is powered by Apache+OpenSSL, and ECDHE support (hence elliptic curves) is enabled by default. If there was profit to make by suing people who use OpenSSL, the environment is so target-rich that the trial-feast would have already begun for good -- and that is not happening.

ECC patents which might still be applicable are mostly about some optimizations of implementation of computations over curves in binary fields, in particular Koblitz curves and normal bases. See this previous answer. You will not use that without knowing it, though.

Stating that Certicom and other companies "own" the technology is, at best, debatable. These companies occasionally claim ownership. However, whether mathematical objects can be "owned" at all is unclear. And the 20-year patent clock ticks for everybody; anything which was published in 1993 or before is now, by construction, patent-free.

Community
  • 1
Tom Leek
  • 168,808
  • 28
  • 337
  • 475
  • I would like to add that as of 2013, it's very much up-in-the-air as to whether "on a computer" is enough to patent something. But maybe I'm a just a crazy optimist :p – Indolering Sep 05 '13 at 17:43