logo slogan

Elliptic curve cryptography - now comes the paranoia

By Gareth Greenwood

January 2016


After last month’s missive in these pages, your author wondered whether his article might have been a little complacent. Probably it wasn’t, but some other developments have put things in an alternative light. Last month I aired a view on news that NSA could break elliptic curve cryptography (ECC) using precomputed data for the limited number of curves that most ECC users choose. Since then a curious piece of patent news has caused a re-think. Take a look at the following website:




CryptoPeak Solutions LLC in Texas appears to have obtained assignment of rights in several US patents. These patents were originally granted in 2001 and 2002. Big deal. Now it seems that CryptoPeak is suing big-name US corporations alleging infringement of these patents. Arstechnica reports that a set of cases lodged on 25th November 2015 names, among others, AT&T, Costco, Expedia, GoPro, Groupon, Netflix, Pinterest, Shutterfly, Starwood Hotels, Target, and Yahoo, as defendants in alleged patent infringement cases. It is said that all of the alleged infringements are described in “virtually identical language”. The reported wording is claimed to include, "Defendant has committed direct infringement by its actions that comprise using one or more websites that utilize Elliptic Curve Cryptography (“ECC”) Cipher Suites for the Transport Layer Security (“TLS”) protocol (the “Accused Instrumentalities”)," according to the lawsuits.


The usual way in these things is for some out-of-court settlement to be made and there are claims that some defendants are doing just that. But not all are lying back and thinking of America. Arstechnica says that Charles Schwab and Netflix are contesting the actions apparently regarding the claims as vexatious and/or unenforceable. As we all know, obtaining assignment of patents and then filing multiple lawsuits is a standard modus operandi of patent trolls. And did you hear that the Eastern Texas District in which the actions have been filed is said to be “patent-troll friendly?”


Sic transit gloria americana! Or is there more to it?


Put yourself in NSA’s shoes. Thanks to Edward Snowden, we now know that NSA can break widely used instances of ECC. Wouldn’t it be just dandy if someone made it difficult for major web sites to use the instances that they cannot yet crack? Far-fetched? Not perhaps, when you consider that the patents in question include one that also refers to uses of RSA cryptography (US Patent 6389136). RSA, ECC and related discrete logarithm cryptosystems account for a huge proportion of internet security applications. Who, one asks, might have a vested interest in what CryptoPeak may be up to?


A hint comes from the titles and abstracts of the patents, which all refer to escrow of keys. What self-respecting signals intelligence outfit gives a flying hump about escrow? One way or another they have to have means of access to such keys. It will be interesting to see how many of Cryptopeak’s cases are settled in and out of court, and the extent of any gagging orders about details of settlements. Look out for opaqueness. Is it only a cynic that expects settlements to make defendants use an escrow facility that is covertly open to some particularly inquisitive federal employees?


We’ll probably never know if NSA has put CryptoPeak up to its current antics. NSA probably relies on most web site controllers knowing rather little about cryptography. Competent cryptographers can still design crpyto that gives intelligence agencies headaches. Indeed your author was once told he did just that in his (now distant, misspent) youth. Snowden suggested that both NSA and GCHQ still need software to tunnel behind firewalls, which probably means that they find this easier than direct cryptanalysis. The time to worry is when the spooks start funding the development of quantum cryptographic key exchange for routine government use. Did I study the wrong thing, I wonder?