IPR Details
Riad S. Wahby's Statement about IPR related to draft-irtf-cfrg-hash-to-curve belonging to Idemia Identity and Security France SAS

Update this IPR disclosure
Submitted: October 28, 2019 under the rules in RFC 8179.

Note: Updates to IPR disclosures must only be made by authorized representatives of the original submitters. Updates will automatically be forwarded to the current Patent Holder's Contact and to the Submitter of the original IPR disclosure.

Updates

Updates

I. Possible Patent Holder/Applicant ("Patent Holder")

Previous (#3817) This (#3834)
Idemia Identity and Security France SAS Holder legal name Idemia Identity and Security France SAS

II. Contact Information for the IETF Participant Whose Personal Belief Triggered this Disclosure

Previous (#3817) This (#3834)
Riad S. Wahby Name Riad S. Wahby
rsw@jfet.org Email rsw@jfet.org
Other info

III. IETF Document or Other Contribution to Which this IPR Disclosure Relates

Previous (#3817) This (#3834)
Internet-Draft:
draft-irtf-cfrg-hash-to-curve ("Hashing to Elliptic Curves")
Revisions:
00-04
Sections:
6.5.2 and 6.9.2 (in -04, different section numbers in earlier documents)
Internet-Draft:
draft-irtf-cfrg-hash-to-curve ("Hashing to Elliptic Curves")
Revisions:
00-04
Sections:
6.5.2 and 6.9.2 (in -04, different section numbers in earlier documents)

IV. Disclosure of Patent Information
i.e., patents or patent applications required to be disclosed by RFC 8179

A. For granted patents or published pending patent applications, please provide the following information:

Previous (#3817) This (#3834)

Date: 2014-05-06
Notes: Claim #13 appears to cover an algorithm similar (but not identical) to the one described in the hash-to-curve I-D.
Title: Cryptography on an elliptical curve
Number: US8718276
Inventor: Thomas Icart and Jean-Sebastien Coron

 Patent, Serial, Publication, Registration, or Application/File number(s)

Date: 2014-05-06
Notes: Claim #13 covers an algorithm that is related (but not identical) to the one described in the draft-irtf-cfrg-hash-to-curve-04.
Title: Cryptography on an elliptical curve
Number: US8718276
Inventor: Thomas Icart and Jean-Sebastien Coron

B. Does this disclosure relate to an unpublished pending patent application?:

Previous (#3817) This (#3834)
Has patent pending No

V. Contact Information of Submitter of this Form

Previous (#3817) This (#3834)
Riad S. Wahby Submitter name Riad S. Wahby
rsw@jfet.org Submitter email rsw@jfet.org

VI. Other Notes

Previous (#3817) This (#3834)
Additional notes

Remediation: In draft-irtf-cfrg-hash-to-curve-05 and thereafter, the "Simplified SWU" method will be further differentiated from the algorithm described in Claim 13. A detailed discussion is available here: https://mailarchive.ietf.org/arch/msg/cfrg/jV4Wr4fbMKkd4vzsbEhKbous16Y

To briefly summarize: Claim 13 is based on Skalba's equation,

f(X1(t)) * f(X2(t)) * f(X3(t)) = U(t)^2

for polynomials X1, X2, X3, and U defined over a finite field F. In the method of Claim 13, the polynomial X3(t) is selected such that f(X3(t)) is non-square in F for all elements t in F. This method further describes an algorithm for evaluating the map that results from this choice of polynomials.

In draft -05 and after, the hash-to-curve standard lists criteria for selection of a constant Z for which there does not exist any polynomial X3 such that f(X3(t)) == Z for any t in F, and replaces Skalba's equation with the following simplified equation:

f(X1(t)) * f(X2(t)) * Z = U(t)^2

To reiterate, it is impossible to arrive at the above equation by following the method described in Claim 13: that method entails selecting a polynomial X3, whereas by construction such a polynomial does not exist in the method described in draft-irtf-cfrg-hash-to-curve-05 and later drafts.

Only those sections of the relevant entry form where the submitter provided information are displayed above.