Re: Elliptic-Curve Diffie-Hellman Key Exchange draft

[Douglas Stebila <douglas.stebila%sun.com@localhost>]

> > Sun has contributed an ECC implementation to the OpenSSL project, and 
> > has filed some patent applications related to elliptic curve 
> > cryptography, but has explicitly indicated in the ECC code it 
> > contributed to the OpenSSL project that "Sun does not intend to 
> > assert its patent rights associated with the code that was delivered 
> > to the OpenSSL project."
>
> I'm always uneasy about such promises. Ok, Sun may have the best 
> intentions now. But even if Sun's intentions don't change over time, 
> the patents could be sold off to other companies with different plans.

In my previous email I should have included the actual legal covenant 
Sun made in contributing its code to the OpenSSL project:

 * The Elliptic Curve Public-Key Crypto Library (ECC Code) included
 * herein is developed by SUN MICROSYSTEMS, INC., and is contributed
 * to the OpenSSL project.
 *
 * The ECC Code is licensed pursuant to the OpenSSL open source
 * license provided below.
 *
 * In addition, Sun covenants to all licensees who provide a reciprocal
 * covenant with respect to their own patents if any, not to sue under
 * current and future patent claims necessarily infringed by the making,
 * using, practicing, selling, offering for sale and/or otherwise
 * disposing of the ECC Code as delivered hereunder (or portions 
thereof),
 * provided that such covenant shall not apply:
 *  1) for code that a licensee deletes from the ECC Code;
 *  2) separates from the ECC Code; or
 *  3) for infringements caused by:
 *       i) the modification of the ECC Code or
 *      ii) the combination of the ECC Code with other software or
 *          devices where such combination causes the infringement.

This license only appears in one file in OpenSSL, crypto/bn/bn_gf2m.c, 
which is the only file Sun contributed that contains technology covered 
under Sun patents (patent 6721771 as listed below).  Moreover, this 
code is #ifdef'ed out by default and replaced by a text-book 
implementation.  So it is certainly possible to have no Sun-patented 
technology in an ECC implementation (and default configurations of 
OpenSSL would have that status).  Other open-source ECC 
implementations, like that in NSS, have no Sun-patented technology in 
them.

> What patents do Sun have in this area? Searching for "Sun" and 
> "Elliptic" I find US patent 6721771,
> : Method for efficient modular polynomial division in finite fields 
> f(2 m)
[...]
> and four published applications,
> : 20030212729 Modular multiplier
> : 20030208518 Generic implementations of ellipitic [sic] curve
> :             cryptography using partial reduction
> : 20030206629 Hardware accelerator for elliptic curve cryptography
> : 20030206628 Generic modular multiplier using partial reduction
>
> Are these the relevant patents, or am I missing something? (There are 
> 3811 patents assigned to "Sun Microsystems" in the uspto database, and 
> 795 published patent applications, so I really can't make an 
> exhaustive search).

To my knowledge, those are the relevant patents and applications, 
although there may be others filed in the future.  Note that Sun's 
covenant as listed above covers all "current and future patent claims" 
concerning the contributed code.

Douglas