ECC patents

Patent-related uncertainty around elliptic curve cryptography (ECC), or ECC patents, is one of the main factors limiting its wide acceptance. For example, the OpenSSL team accepted an ECC patch only in 2005 (in OpenSSL version 0.9.8), despite the fact that it was submitted in 2002.

According to Bruce Schneier as of May 31, 2007, "Certicom certainly can claim ownership of ECC. The algorithm was developed and patented by the company's founders, and the patents are well written and strong. I don't like it, but they can claim ownership."^[1] Additionally, NSA has licensed MQV and other ECC patents from Certicom in a US25ドル million deal for NSA Suite B algorithms.^[2] (ECMQV is no longer part of Suite B.)

However, according to RSA Laboratories, "in all of these cases, it is the implementation technique that is patented, not the prime or representation, and there are alternative, compatible implementation techniques that are not covered by the patents."^[3] Additionally, Daniel J. Bernstein has stated that he is "not aware of" patents that cover the Curve25519 elliptic curve Diffie–Hellman algorithm or its implementation.^[4] RFC 6090, published in February 2011, documents ECC techniques, some of which were published so long ago that even if they were patented, any such patents for these previously published techniques would now be expired.

• Certicom holds a patent on efficient GF(2ⁿ) multiplication in normal basis representation; U.S. patent 5,787,028 expired in 2016.
• Certicom holds multiple patents which cover the MQV (Menezes, Qu, and Vanstone) key agreement technique:
  • U.S. patent 5,761,305 expired in 2015
  • U.S. patent 5,889,865 expired in 2015
  • U.S. patent 5,896,455 expired in 2015
  • U.S. patent 6,122,736 expired in 2015
  • U.S. patent 6,785,813 expired in 2017
  • EP 0739105  /EP0739105B1 expired in 2016
• Certicom holds U.S. patent 6,563,928 on validating the key exchange messages using ECC to prevent a man-in-the-middle attack, which expired in 2016. Related U.S. patent 5,933,504 , U.S. patent 8,953,787 , U.S. patent 8,229,113 also expired in 2016 and U.S. patent 7,567,669 expired in 2018.
• Certicom holds U.S. patent 6,704,870 and U.S. patent 5,999,626 regarding digital signatures on a smartcard; these expired in 2017 and 2016 respectively.
• Certicom holds U.S. patent 6,782,100 on calculating the x-coordinate of the double of a point in binary curves via a Montgomery ladder in projective coordinates. The priority date is Jan 29, 1997, and the filing date is Oct 2, 2000. Claims disclosed in the original patent application have expired, but some claims kept going enforceable until 2020^{[citation needed ]}.
• US National Security Agency holds U.S. patent 4,567,600 , U.S. patent 4,587,627 , U.S. patent 6,212,279 , U.S. patent 6,243,467 on efficient GF(2ⁿ) calculations on a normal basis (all of these patents expired or lapsed (as Google shows) due to failure to pay fees)
• RSA Data Security holds U.S. patent 5,854,759 on efficient basis conversion. It expired in 2017.
• Hewlett-Packard holds U.S. patent 6,252,960 on compression and decompression of data points on elliptic curves. It expired in 2018.

According to the NSA, Certicom holds over 130 patents relating to elliptic curves and public key cryptography in general.^[5]

It is difficult to create a complete list of patents that are related to ECC. Still, a good starting point is the Standards for Efficient Cryptography Group (SECG) – a group devoted exclusively to developing standards based on ECC, however, https://www.secg.org/ the group's official website has an indicator that states "shut down for repairs" since 2014. It states that "The site is being restored" since then. There is controversy over the validity of some of the patent claims.^[4]

On May 30, 2007, Certicom filed a lawsuit against Sony in United States District Court for the Eastern District of Texas Marshall office, claiming that Sony's use of ECC in Advanced Access Content System and Digital Transmission Content Protection violates Certicom's patents for that cryptographic method. In particular, Certicom alleged violation of U.S. patent 6,563,928 and U.S. patent 6,704,870 . The lawsuit was dismissed on May 27, 2009.^[6] The stipulation states, "Whereas Certicom and Sony have entered into a settlement agreement according to which they have agreed to a dismissal without prejudice, these parties, therefore jointly move to dismiss all claims and counterclaims asserted in this suit, without prejudice to the right to pursue any such claims and counterclaims in the future."^[7]

As for the prior art, Sony claimed:^[8]

• For '870 patent: Alfred J. Menezes, Minghua Qu, and Scott A. Vanstone, IEEE P1363 Standard, Standard for RSA, Diffie–Hellman and Related Public-Key Cryptography, Part 6: Elliptic Curve Systems (Draft 2) (October 30, 1994)
• For '928 patent: Scott A. Vanstone, G. B. Agnew, and R. C. Mullin, An implementation of elliptic curve cryptosystems over F₂155, IEEE Journal on Selected Areas in Communications, Volume 11, Issue 5, Jun 1993 p. 804 - 813

According to Daniel J. Bernstein, the Curve25519 and efficient implementations thereof can be free from patent encumbrance.^[9]

• Elliptic curve cryptography

• "Crypto FAQ: 6.3.4 Are elliptic curve cryptosystems patented?". RSA Security. Archived from the original on 2013年05月24日. Retrieved 2013年08月12日.
• "The Case for Elliptic Curve Cryptography". National Security Agency. 2009年01月15日. Archived from the original on 2009年01月17日. Retrieved 2013年08月12日.
• Shankland, Stephen (2002年09月19日). "Open-source group gets Sun security gift". CNET . Retrieved 2013年08月12日.
• Klimov, Alexander (2005年10月15日). "ECC patents?". cryptography at metzdowd.com. Archived from the original on 2016年04月09日. Retrieved 2013年08月12日.
• Moeller, Bodo (2005年10月17日). "ECC patents?". cryptography@metzdowd.com. Archived from the original on 2016年04月09日. Retrieved 2013年08月12日.
• "SECG Patent Policy of April 26, 1999: Patents held by Certicom" (PDF). SECG. 1999年05月27日. Retrieved 2013年08月12日.
• "SECG Patent Policy as of February 10, 2005: Patents held by Certicom" (PDF). SECG. 2005年02月10日. Retrieved 2013年08月12日.
• Harper, Menezes and Vanstone, Public-Key Cryptosystems with Very Small Key Lengths, EUROCRYPT '92 (LNCS 658)
• "Certicom v Sony complaint, 2:07-cv-216" (PDF). 2007年05月31日. Retrieved 2013年08月12日.
• Denis, Tom St. (2006). "Elliptic Curve Cryptography Redux" (PDF). Toorcon 0x08: 24–28. Archived from the original (PDF) on 2012年02月01日. Retrieved 2013年04月11日.

• Elliptic curve cryptography
• Cryptography law
• Software patent law

• Articles with short description
• Short description matches Wikidata
• Wikipedia articles in need of updating from August 2018
• All Wikipedia articles in need of updating
• All articles with unsourced statements
• Articles with unsourced statements from August 2019