From sci.crypt:
Newsgroups: sci.crypt
From: victor(_at_)watson(_dot_)ibm(_dot_)com (Victor Miller)
Subject: Re: Field Elliptical Encryption
In-Reply-To: riordanmr(_at_)clvax1(_dot_)cl(_dot_)msu(_dot_)edu's message of 29
Jan 92 00:38:19 GMT
Date: Fri, 31 Jan 1992 23:56:59 GMT
Reply-To: victor(_at_)watson(_dot_)ibm(_dot_)com
Disclaimer: This posting represents the poster's views, not necessarily those
of IBM
Nntp-Posting-Host: irt.watson.ibm.com
Organization: IBM, T.J. Watson Research Center
On 29 Jan 92 00:38:19 GMT,
riordanmr(_at_)clvax1(_dot_)cl(_dot_)msu(_dot_)edu (Mark Riordan) said:
Mark> Newsreader: MS Windows WinVN
Mark> I just got back from NeXTWORLD Expo, where Steve Jobs announced
Mark> NeXTStep 3.0, the new OS (due in June 92) for NeXT computers.
Mark> One feature that made it into Jobs' keynote address was a new public
Mark> key encryption algorithm, an implementation of which will be bundled
Mark> with NeXTStep 3.0. Steve called it "Field Elliptical Encryption".
Mark> He said "one of our scientists invented a public key cipher". Certainly
BAH! Maybe they invented a particular means of implementing it, but
(see below), I have priority of 7 years!
Mark> I've never heard of FEE before, but maybe some of you can recognize
Mark> the algorithm from its name. Steve said they "shared their work with
Mark> the US Government" and that "the government" is evaluating it for use
Mark> (if I got this right) as some kind of standard. I don't know if "the
government"
Mark> is NIST, or what.
Mark> The program bundled with the NeXT can encrypt files or mail messages.
Mark> Jobs demoed decrypting a mail message--a large icon of a lock appeared
Mark> on the screen; when the message was decrypted after a few seconds, the
Mark> lock opened with a satisfying "click". Presumably Jobs considered
Mark> this new public key cipher as significant, as many other interesting
Mark> aspects of the new OS version weren't even mentioned in the keynote
Mark> address, let alone demoed. But very little mention was made of it
Mark> elsewhere in the sessions at the Expo.
Mark> In a later, informal talk, a someone related that NeXT approached
Mark> RSA Data Security to license RSA. However, RSADSI's fees were too high,
Mark> so NeXT went off and invented their own. (More easily said than done,
eh?)
Mark> My questions are:
Mark> 1. What is Field Elliptical Encryption?
It is an analogy to the Diffie-Hellman (or El-Gamal cipher) using the
group of an elliptic curve. As Andrew Odlyzko remarked to me years
ago, "It's rather obvious that you can use other groups than the
multiplicative group, but why would you want to?"
Mark> 2. Was it really invented by NeXT?
Mark> How come no one else seems to be talking about this?
NO! I (Victor Miller) was the first to suggest it: see my paper "Use
of Elliptic Curves in Cryptography" in the proceedings of Crypto '85).
In this paper, I outline how to use it. In fact that statement in the
NeXT press release about 127 bits being as safe as 512 bits of
Diffie-Hellman is taken right from my abstract! Neal Koblitz of
University of Washington independently thought of the idea. In my
paper I gave arguments as to why methods that had been successful (and
subsequently have become even better) in attacking "discrte-logs"
didn't have a prayer against elliptic curves.
Mark> 3. Will this lead to a showdown with RSA Data Security/Public Key
Partners?
Only time will tell.
Mark> There have been statements in this forum to the effect that RSADSI
believes
Mark> they have patents on the very concept of public key encryption.
Mark> Mark Riordan riordanmr(_at_)clvax1(_dot_)cl(_dot_)msu(_dot_)edu
--
Victor S. Miller
Vnet and Bitnet: VICTOR at WATSON
Internet: victor(_at_)watson(_dot_)ibm(_dot_)com
IBM, TJ Watson Research Center