FYI: Discussion on patent-news about Intellectual property and how AES
free-use is probably not guarantee-able.
-------------------------------------------
From: Gregory Aharonian [[EMAIL PROTECTED]]
To: [EMAIL PROTECTED]
Subject: PATNEWS: NIST threatens antitrust against potential crypto patent
moochers
!20000713 NIST threatens antitrust against potential crypto patent moochers
But first, I have decided to file an opposition to the trademark application
for the phrase "patent busters". I just mailed off a request for an
extension in time to file a formal opposition request. Once I get back a
copy of my extension request, I will send it out over PATNEWS, plus a rough
draft of my opposition request that a trademark lawyer prepared for me.
Stay tuned.
====================
The National Institute of Standards and Technology is overseeing an effort
to develop a new encryption standard. With some wise forethought, NIST
is making sure as few patent games as possible are played with the new
standard, even going to the extent to threaten antitrust against anyone
who tries asserting their patent against users of the new AES standard,
if the patent assignee didn't inform NIST during the development of the
standard.
While I can applaud NIST for being proactive, can they actually carry out
their threat, especially against someone not participating in the
development of the standard? I can imagine someone with some encryption
patent application pending, watching what is going on and drafting some
revised claims (or do a continuation) to cover the final candidates for
the standard. Submarining maybe obnoxious to some, but it is not illegal
in the IP world which has always had some builtin insurance against claims
of antitrust.
Anyways, what follows is a discussion from an open source discussion list,
followed by information from the NIST Web page on AES.
Greg Aharonian
Internet Patent News Service
====================
> > Mentioning Dan Bernstein, does anyone know the license that twofish
> > will be under? I think Bernstein was one of the orginal authors.
>
> Note also that licensing of an algorithm (generally addressed by patent)
> is distinct from licensing of an implementation of the algorithm as a
> computer program (copyright). Different implementations could be
> licensed under different licenses -- in fact, the same implementation
> could be licensed by the original author under different licenses.
"Twofish is unpatented, and the source code is uncopyrighted and
license-free; it is free for all uses."
http://www.counterpane.com/twofish.html
Twofish is a (the?) leading contestant for the Advanced Encryption
Standard (AES) to be chosen by NIST. Their web site is interesting
reading, especially this:
SPECIAL NOTE - Intellectual Property NIST reminds all interested
parties that the adoption of AES is being conducted as an open
standards-setting activity. Specifically, NIST has requested that
all interested parties identify to NIST any patents or inventions
that may be required for the use of AES. NIST hereby gives public
notice that it may seek redress under the antitrust laws of the
United States against any party in the future who might seek to
exercise patent rights against any user of AES that have not been
disclosed to NIST in response to this request for information.
That's bureaucrat speak-for "if you try that submarine patent shit on us
you will be eating powdered mashed potatoes in Marion, Illinois for the
rest of your natural-born life."
====================
-= Advanced Encryption Standard (AES) Development Effort =-
Advanced Encryption Standard (AES)
Development Effort
This page can now be reached via http://www.nist.gov/aes/
Recent Announcements
May 15, 2000 - NSA's final report on hardware evaluations of the five
finalists is now available.
May 11, 2000 - An electronic version of the AES3 Proceedings is now
available.
April 28, 2000 - The AES3 feedback form summary has been updated to
include all of the comments provided on the forms.
SPECIAL NOTE - Intellectual Property
NIST reminds all interested parties that the adoption of AES is
being conducted as an open standards-setting activity. Specifically,
NIST has requested that all interested parties identify to NIST
any patents or inventions that may be required for the use of AES.
NIST hereby gives public notice that it may seek redress under the
antitrust laws of the United States against any party in the future
who might seek to exercise patent rights against any user of AES
that have not been disclosed to NIST in response to this request
for information.
Overview of the AES Development Effort
August, 1999
The National Institute of Standards and Technology (NIST) has been working
with industry and the cryptographic community to develop an Advanced
Encryption Standard (AES). The overall goal is to develop a Federal
Information Processing Standard (FIPS) that specifies an encryption
algorithm(s) capable of protecting sensitive government information well
into the next century. The algorithm(s) is expected to be used by the U.S.
Government and, on a voluntary basis, by the private sector.
On January 2, 1997, NIST announced the initiation of the AES development
effort and made a formal call for algorithms on September 12, 1997. The
call stipulated that the AES would specify an unclassified publicly
disclosed encryption algorithm(s), available royalty-free, worldwide. In
addition, the algorithm(s) must implement symmetric key cryptography as a
block cipher and (at a minimum) support block sizes of 128-bits and key
sizes of 128-, 192-, and 256-bits.
On August 20, 1998, NIST announced a group of fifteen AES candidate
algorithms at the First AES Candidate Conference (AES1). These algorithms
had been submitted by members of the cryptographic community from around
the world. At that conference and in a simultaneously published Federal
Register notice, NIST solicited public comments on the candidates.
A Second AES Candidate Conference (AES2) was held in March 1999 to
discuss the results of the analysis conducted by the global cryptographic
community on the candidate algorithms. The public comment period on the
initial review of the algorithms closed on April 15, 1999. Using the
analyses and comments received, NIST selected five algorithms from the
fifteen.
The AES finalist candidate algorithms are MARS, RC6, Rijndael, Serpent,
and Twofish. NIST has developed a Round 1 Report describing the selection
of the finalists.
These finalist algorithms will receive further analysis during a second,
more in-depth review period prior to the selection of the final algorithm(s)
for the AES FIPS. NIST solicits comments on the remaining algorithms through
May 15, 2000. Comments and analysis are actively sought by NIST on any
aspect of the candidate algorithms, including, - but not limited to, -
the following topics: cryptanalysis, intellectual property, crosscutting
analyses of all of the AES finalists, overall recommendations and
implementation issues. An informal [http://aes.nist.gov/aes/default.htm]
AES discussion forum is also provided by NIST for interested parties to
discuss the AES finalists and relevant AES issues.
Near the end of Round 2, NIST Third AES Candidate Conference (AES3) -
an open, public forum for discussion of the analyses of the AES finalists.
AES3 was held April 13-14, 2000 in New York, NY, USA Submitters of the
AES finalists were invited to attend and engage in discussions regarding
comments on their algorithms. NIST is providing a final agenda which
includes links to the papers that were accepted for AES3, their
presentations (if available), the submitter statements, and the submitter
presentations. All papers proposed for this conference are considered
as official Round 2 public comments.
Following the close of the Round 2 public analysis period on May 15 2000,
NIST intends to study all available information and make a selection for
the AES, from among the finalists. Currently, NIST anticipates that it
will announce the AES selection by late summer or early fall of 2000.
No firm date has been set for this announcement which will be made using
a Federal Register notice, press release, and information on this AES home
page, at a minimum. Concurrent with the announcement, NIST will publish a
"Round 2 Report" that will summarize information from Round 2 and explain
NIST's selection.
Either at the time of the announcement or shortly thereafter a draft
Federal Information Processing Standard (FIPS) for the AES will be
published for public review and comment. Following the comment period,
the standard will be revised by NIST, as appropriate in response to
those comments. A review, approval, and promulgation process will then
follow. If all steps of the AES development process proceed as planned,
it is anticipated that the standard will be completed by the summer of 2001.
At the time that NIST publishes the AES standard, it is intended that
validation testing (i.e., conformance testing) for AES implementations
will begin.
