It's not just those curves. Virtually all elliptic-curve cryptography is patent-free, as you would expect for a family of cryptosystems studied since 1986 based on centuries-old math. There are a few current patents, but they cover techniques almost nobody uses.
Your comment implies they're only paying for an implementation. To be sure, do you have a link to a resource analyzing the patents on ECC and showing they don't apply to anything they (or we) use for ECC? That it's a moot issue in its entirety or mostly except for known cases? Otherwise, I'm going to guess that you're guessing like everyone else.
I'm not sure why you are responding to me here, but don't put words in my mouth. Your question was, "If it's patent free, why are people paying for it as I linked to?" - there are other reasons to purchase a technology than just the patent.
Let me spin it another way, and put the ball back in your court. Not that this proves anything, but has anyone (recently) purchased a license for ECC patented technology, that wasn't a license for a certicom specific implementation?
Seriously, someone who is an expert in this field (if not the expert), has already made a pretty clear statement here on patent problems wth Ed25519: http://ed25519.cr.yp.to/software.html.
As of 2015.06.11 "The authors have not been notified of any claims of patent problems wth Ed25519."
People only get hit with patent suits for commercial use that I'm aware of. They wouldn't be as it's all free and they don't monetize it. A commercial product using it is where the risk is. I'm assessing that risk.
Anyway, thanks for the link as he covers a lot of key patents and some prior art to use.
If it's patent free, why are people paying for it as I linked to? NSA paid for it and are specific that it applies to FIPS 140-2 solutions. Companies were paying Certicom for it. As far as a few years ago, an article gripes about how much Blackberry charges for it. Just weird that it doesn't apply to anything yet companies and governments were all paying for it.
If something has changed, I'd like the definitive answer to come from legal experts (esp aforementioned companies' lawyers) who say the 100+ patents no longer apply to anything we use and they all stopped paying for ECC. Haven't seen it. I'll continue to warn people until (a) I see that contrary reports acknowledge the existence of 100+ patents that companies are actually paying for rather than falsely claim no patents exist and (b) show why all of them never applied or no longer apply to existing ECC schemes. Got a link to that?
People are paying for it because they get value out of what they are paying for. TCP/IP isn't patented, but companies will pay several million dollars for a TCP/IP stack for their embedded firmware.
Don't conflate people's willingness to pay for a particular implementation (accompanying documentation, support, tools), with a legal requirement that they need to do so for the underlying technology.
I didn't. I thought that, after much publicity and a lawsuit, they paid for patent licenses out of coercion rather than willingness. The usual reason. Maybe the patents don't apply to anything, NSA was just being generous by buying patent licenses for nothing, and everyone else was buying software licenses. As I asked above, I just want a solid reference showing this and that the 100+ patents don't apply to anything we use.
So far, everyone wants me to take their word for it despite my references showing government and companies buying patent licenses. Weird. I'm thinking I should send a letter to Blackberry asking if ECC is covered by their patents or if everyone just wanted to pay for an implementation for various reasons. Might simplify this debate.
FIPS 140-2 is not a cryptosystem standard; it covers the design of hardware security modules using a wide range of algorithms, the majority of which don't use ECC at all. The fact that you mention it at all (rather than, say, FIPS 186-2 Appendix 6) suggests that you have no idea what it is.
Certicom (now part of BlackBerry) offers not just patent licenses but also software licenses.
Several of the previously potentially relevant patents (mentioned in the link upthread) have expired within the last five years.
I recommend you stop giving people advice on subjects where not only do you know nothing, but the things you think you know are false.
Far as patents, there's a quite a variety of them with some filed within the current 20 year window. I repeat for a third time, do you have a resource with a list of patents relevant to ECC and showing that none of them apply to any current implementations (esp BSD licensed)? It might surprise you but your word doesn't mean jack in a patent case: it's the patents, lawyers, and judges that settle it. So, I'm only going to back down on ECC patent risk if we get a definitive statement across these patent portfolios that there's zero risk on one or more implementations. What you all have given me so far is (a) there's no patents on ECC whatsoever, a lie or idiocy; (b) some non-lawyer said certain ones don't apply so magically they all don't in a real court; (c) you personally believe nothing applies so they won't in a court; (d) there's software licenses going on so patents don't apply in a real court despite NSA et al licensing patents. It all sounds really weak. People have lost suits and their profits for less.
I'm still awaiting your reference with evidence that each of the ECC patents don't apply to OSS or commercial implementations. Additionally, since it was added, I'd like your side to cite evidence that everyone is licensing software implementations instead of patents that don't apply to anything. That contradicts what I linked to so burden of proof is on you to show there's no patent-related licensing but software instead.
The references I linked cover 8 patents out of 130. For the fourth time, please link to evidence that they and the other 122 don't apply to anything we might build in ECC. And also that NSA and companies wasted millions on patent licenses for nothing.
Otherwise, it's obvious that you are spreading advice without the slightest idea of what's true here. Otherwise, you'll probably have a link to all those patents and analysis of how they don't apply that you can post within next few minutes. A link to analysis you and your side have already done rather than crap you're making up on the spot. You're faking it though, so you won't have anything to post.
Like everyone else in the ECC debate. Nothing but your word, which at one point thought patents didn't exist (neither the NSA nor anybody else has a patent on ECC). Given you're knee deep in this stuff and supposedly a security professional you must have been lying. There's no way you couldn't have known as a crypto/security geek that there were patents on ECC given all the debates. But you assured everyone here that nobody else has a patent on ECC. Such lies could've cost commercial groups that trusted you quite a lot.
I understand if you're more focused on dismissing the competition than proving 100+ patents don't apply to your claims. It's way less work that way. You'd have to dig them up, read them, evaluate them from a legal perspective, and write up reasons they don't apply. Complex, boring stuff compared to coding. I'll understand if you never take the effort to back your claims about 100+ patents and expect the rest of us to do the same.
It is still true that neither the NSA nor anybody else has a patent on ECC, any more than anybody has a patent on computers at this point. I'm sure you can find 100+ patents with titles like "Parallel Digital Computer" with very little effort, though. That doesn't mean that anybody who wants to use a computer for something needs to worry they're infringing patents.
I am not a "security professional", nor have I ever been, nor have I ever claimed to be.
There is no "competition" involved here.
There is no "ECC debate".
You already linked to a Wikipedia article that explains the patent status of different ECC systems. It's not my problem if you don't understand it.
