Post by Neil - Salem, MA USAPost by UnruhI am talking about PGP (pgp the company) having patents on some of...
No they do not. RSA used to have a patent (which Phil Zimmermann violated
when he released PGP and it caused him much grief for a while as RSA labs
tried to get after him) but it has long expired. AES is by design public.
RC4 used to be trade secret, but that secret was revealed.
their encryption techniques. I believe they contribute their older
releases to open source, but there are some things PGP corporation
will not release to open source and is proprietary to their commercial
products
What is proprietary is their "look and feel". The algorithms are all public
algorithms. In fact if anyone uses a proprietary algorithm in any
encryption product run as fast as you can away from it.
I would guess that something similar will happen with elliptic curve
cryptography as happened with RSA. It is described on
"Elliptic curve cryptography was invented by Neil Koblitz in 1987 and by
Victor Miller in 1986. The principles of elliptic curve cryptography can be
used to adapt many cryptographic algorithms, such as Diffie-Hellman or
ElGamal. Although no general patent on elliptic curve cryptography appears
to exist, there are several patents that may be relevant depending on the
implementation (US 5,159,632, US 5,271,061, US 5,463,690 and US 6,141,420).
No patent exists on elliptic curves. They are warning you you that the
patent holders of those patents which use elliptic curves for specific
implimentations of crypt might or might not consider that their
patents apply to your application depending on exactly what you did with
your application. Ie, read those patents and decide if your particular
implimentation of elliptic curves falls under that patent. Or do like
Zimmermann and use your particular application and wait for the patent
holders to object, or not. Note that PGP does not use elliptic curves.
By the way, see http://cr.yp.to/patents/us/5159632.html,
http://cr.yp.to/patents/us/5271061.html,
http://cr.yp.to/patents/us/5463690.html,
http://cr.yp.to/patents/us/6141420.html
who argues that all of these patents are in fact invalid due to prior art.
Post by Neil - Salem, MA USA"The main advantage of elliptic curve cryptography is that the keys can be
much smaller. Recommended key sizes are in the order of 160 bits rather
than 1024 bits for RSA."
Agreed. But PGP does not use them.