From: Eric Cordian <emc@wire.insync.net>
To: cypherpunks@cyberpass.net
Message Hash: 903eee27741416e2522dd3acd61502a4204c8de131b1b7e962c351050de232a5
Message ID: <199812010235.UAA19311@wire.insync.net>
Reply To: N/A
UTC Datetime: 1998-12-01 03:45:59 UTC
Raw Date: Tue, 1 Dec 1998 11:45:59 +0800
From: Eric Cordian <emc@wire.insync.net>
Date: Tue, 1 Dec 1998 11:45:59 +0800
To: cypherpunks@cyberpass.net
Subject: SternFUD on RSA
Message-ID: <199812010235.UAA19311@wire.insync.net>
MIME-Version: 1.0
Content-Type: text/plain
:)
David Sternlight <david@sternlight.com> opines:
> I am not on the Cypherpunks list. Given the tone of some posters I
> don't' see that as a useful list.
I wonder who won the pool on how long you would last before departing
in a tiff. :)
But I digress.
> You already made this argument. It could have been (and perhaps was)
> made in court. Despite that the patent was upheld. That is "I am
> right and the court is wrong."
I think that regulations which permit applied math to be patented are
counterproductive, as do many other countries. Given that such
regulations are in place in the United States, one would expect them
to be upheld by the courts. Whether any of this is "wrong" in some
abstract sense is a religious debate, in which I am uninterested.
Let us examine the two statements:
I. Certainly, given what was known at the time widespread
data communications created a commercial demand for
secure communication over insecure lines, a person
setting out to create a software solution to the
problem, knowing what was then known about
cryptography, trapdoor functions, and other techniques,
would almost certainly have employed modular
exponentiation or discrete logs to solve the problem.
If RSA hadn't been patented at the time it was, it most
certainly would have been independently discovered by
multiple individuals and widely employed, without the
present licensing restrictions. Prior published works
on cryptographic trapdoor functions involving the
factoring of composites and possibly even encryption by
modular exponentiation existed long before the RSA
patent.
II. Obvious prior art sufficient [in the current regulatory
environment surrounding patents in the US] to
invalidate the RSA patent in court has never been
published.
Now, given that these two statements are not opposites of each other,
one is not going to refute the first by stating the second, no matter
how big a bullhorn one employs.
>> There is a huge difference between "prior art" and "invalidating prior
>> art" under patent law. Indeed, to invalidate the patent, it would
>> have been necessary not only to find a description of the mathematical
>> methods used in the construction of the RSA algorithm, but also a
>> claim for the specific use for secure communication over insecure data
>> links.
> It seems to me you are agreeing with my comment here.
I have only argued that obvious prior art exists. I have also stated
that I would favor a regulatory climate in which such obvious prior
art would preclude a patent being granted. I have never stated that
we currently live in such a regulatory climate. In fact, we do not.
> Pretty far-fetched response. They tried to overturn the patent on
> grounds of prior art. They failed. End of story.
Many words, like "prior art," have specific legal meanings which
differ from their common English usage. Kind of like economists
arguing that there is no "demand" for food by poor people, because
they have no money with which to purchase it. I use the term "obvious
prior art" to mean prior publication of the essential methods and
techniques with which a technically skilled person, given the same
problem to solve, would arrive at the same or a similar solution.
Put two graduate students at opposite ends of a wire, with the world's
prior-to-1977 writings on cryptography, trapdoor functions, the
intractablity of factoring the product of primes, and the modular
exponentiation problem. I suspect the RSA Public Key Cryptosystem
would not be long in emerging, even if one employed particularly dense
graduate students.
That is what I mean when I use the term "obvious prior art."
> Again, it seems you've conceded my point here. What part of "nobody"
> don't you understand?
I was proceeding upon the assumption that the enumerated "points" you
claimed I was making were ones with which you disagreed. If that is
not the case, I am prepared to declare early victory.
"Nobody could afford to litigate [against RSADSI]" is misleading, as
even the wealthy don't employ the expensive option, when a cheap one
is available. Besides, I have never contested that the current
regulatory climate supports the patenting of things like RSA even in
the presence of prior publication of the essential mathematical
elements.
>>> 6. Anyone can patent anything and nobody could afford to oppose them
>>> (N.B. Presumably not IBM, not DEC, not DuPont, ..oh well, you get the
>>> idea)
>> Yes, David. Practically anything can be patented. The power of
>> patents is in defending them, not in applying for them, or in
>> receiving them.
> Again you concede my point by ignoring the operative clause. What
> part of "nobody" don't you understand?
There were plenty of companies who had the financial power to squash
RSADSI like a grape, and probably change the regulatory climate as
well. There was no incentive for them to do so, and they probably
have applied mathematical patents of their own which they are fond of.
Had RSADSI sat on the patent, and refused to license it to others,
both they and their patent would probably have had a very short life
span.
>>> 7. Rich, smart companies with big legal departments license bogus
>>> patents rather than litigating.
>> Well, that depends on how you define bogus. I consider patenting
>> applied math to be bogus. Your mileage may vary.
> RSA didn't patent applied math. They patented processes which may
> use, or be described in part with applied math.
Yes, the "method and apparatus" transformation.
> The facts are that rich, smart companies litigate patents all the
> time so your contention is false on its face.
They rarely litigate patents where the cost to litigate is enormous,
the technology may be cheaply licensed, and the chances of success, or
of even trying to explain the topic to the average layman, are
minimal.
>> Someone who responds to a one line comment about the mathematical
>> underpinnings of RSA being previously known, with several multipage
>> essays whose central thesis is that such a claim cannot possible be
>> true, because the patent would have been invalidated by the courts, is
>> a troll who either understands nothing about how patents work, or is
>> blowing a foghorn on behalf of the patent holder.
> Another guilty plea.
Well, I suppose Vin could just be a bored essayist in need of
something to practice on. (Snicker)
>>> 9. If someone takes the time to oppose me, someone must be funding him.
>> Vin has already outed himself as someone who has done work for
>> RSADSI. He has vociferously defended various key recovery schemes
>> implemented in their products against critics. This, combined with
>> his rabid insistance that the RSA patent is something novel and
>> unique, does equate to what some of us might describe as a "vested
>> interest" in the matter, directly funded or not.
> Another failed refutation. Your words were unequivocal.
I think you are having some difficulty separating out the sarcasm
here. Besides, the suggestion that Vin has a vested interest in
defending the RSA patent hardly translates into an assertion that
everyone who disagrees with me on some subject is someone's paid
agent.
Abstraction from the specific to the general is not an accepted tool
of inference.
You, for instance, are probably quibbling for entirely different
reasons.
> I think the problem with most of your post is that you have taken the
> odd exception or the odd passing issue and tried to make them out to
> be the general case; in short your post was highly overblown as well
> as redolent of personal attack. Had you discussed the issue more
> temperately in terms of your factual claims it might have been more
> useful.
That sometimes happens when one party "summarizes" a flame war, and
posts it elsewhere. Deal.
>>> 10. The patent office never refuses patents on "method and apparatus"
>>> except in the case of perpetual motion machines.
>> Patent examiners generally rely only upon the material presented with
>> the patent application when reviewing it, and expect people to do
>> their own searches, and correctly cite related patents. Litigation is
>> generally the means by which patents are challenged, not by the patent
>> office refusing them, except in extrordinary circumstances, perpetual
>> motion machines being one well-known example.
> See above. You were unequivocal.
"Practically anything" is not unequivocal, and is a correct
description of the current patent review climate.
> There may be cases of the sort you refer to, but it is not a general
> argument which can then be applied to the case of the RSA patent. You
> have repeatedly make the logical error of claiming that a specific
> proved a general, and then applying the claimed general to a different
> specific.
Vin alleged that RSA being granted a patent proffered compelling
evidence of the unique worth of the thing being patented. It is
correct to apply general comments about the patent-granting climate to
this specific case. For a better example of confusing generals and
specifics, you may re-read your own comments on "if someone opposes
me, someone must be funding them" above, incorrectly abstracting my
comments about Vin to the general population. :)
>>> 11. Security Dynamics is paying for those who oppose me.
>> I merely asked if Vin intended to bill them for the time he spent
>> writing his rants. A rhetorical question.
> GIven the rest of your post, the inference was direct. If you did not
> intend to imply that, you should not have used that languaging.
Bzzzzzzzz. Wrong Answer.
And we will have to deduct additional points for abstracting again
from Vin to the general population vis a vis "Security Dynamics is
paying for those who opppose me."
The best you can get on this mid-term is now a C. :)
>>> 12. Such opposition is "a tirade".
>> Suggesting that I would have to retire my nym after criticizing the
>> RSA patent and taking several pages to say a paragraph of material
>> certainly qualifies as a tirade in my book, especially when combined
>> with a lot of irrelevent innuendo unrelated to the topic being
>> discussed.
> Since most of his post was factual, it was not a tirade.
Most of the factual material refuted nothing I was claiming, and
refuted things I wasn't claiming, such as Jevon's book containing a
complete description of PKC, as opposed to being the earliest known
work which contained something related to the topic.
Again, an attempt to impress people with the volume of the evidence,
rather than with its quality, which when combined with the occasional
snide remark, meets my definition of "tirade."
> You are trying to discredit the bulk of his post with a
> characterization of a small portion that doesn't apply to the whole,
> and may not even apply to the portion.
His post is discredited because it fails to address any of my points
about the RSA patent, and instead argues forcibly for a collection of
self-evident surrogate issues, carefully selected for their ability to
be easily confused with the real ones.
>>> 13. No corporations are buying products with GAK, key recovery, etc.
>>> (N.B. in That is what "no corporate demand" means).
>> To an economist, perhaps. It would be more accurate to say that
>> demand as a function of whether such features are included is a
>> pretty flat function.
> You didn't say that. You said "no corporate demand". I understand the
> word "no" because English is my mother tongue.
"Demand" in common English usage means that something is being
clamored for. In Economic terms, it means half of the phrase "supply
and demand" which is something entirely different, said economic
demand existing for anything which is purchased.
> that the demand curve has a particular (flat) shape, did you make that
> up or did you rely on empirical evidence?
I believe that surveys by privacy groups long ago showed that GAK/Key
Escrow/Key Recovery was not being clamored for by corporate America,
although attempts were being made to incentivize it by the
intelligence and law enforcement communities.
> Your statement that "demand as a function of" X is a pretty flat
> function is also nonsense economics. Perhaps you meant to say that the
> _quantity demanded_ is invariant over whether these features are
> included or not.
I was using "demand" in its ordinary English usage. You were using it
as an economic term, in an attempt to call the mere fact that GAK/Key
Escrow/Key Recovery-enabled software was purchased at all "demand" for
it. Which, to use one of Clinton's favorite phrases, was "technically
accurate, although misleading." :)
> Or perhaps you meant to say that the demand curve as a function of X
> was 'one-to-one onto' itself.
Uh, no. That was definitely not what I was saying. I don't think it
is what you are trying to say either, but thanks for using "1-1" and
"onto" in a sentence about functions.
> To test your hypothesis, you'd have to show that if two versions were
> offered simultaneously, one with and one without X, no corporate buyer
> would prefer the version with X.
That would kind of depend on how "X" was priced, would it not? If you
give things away for free, people will probably take one in case they
need it someday, as it costs them nothing.
This does not equate to "demand," or "clamoring."
> I leave the reason that would the the dispositive experiment as an
> exercise. Hint: It's utility economics.
Hint: It's not quite English.
>>> 14. Someone who opposes stronger escrow/GAK/key recovery than RSA is
>>> offering must be suspect.
>> Your point here eludes me.
> You said that he opposed escrow/GAK/key recovery except up to the
> point offered by RSA. That translates as he opposes such things if
> they were stronger than those offered by RSA. Nothing suspect about
> that--he simply agrees with the decision point RSA chose as to how
> strong to make such things.
That's one possible explanation. To test your hypothesis, we should
see how well Vin's agreement tracks RSA's inclusion of additional
encrow/GAK/recovery features in the future. He may have to change the
name of "The Privacy Guild" to something less impressive.
>>> I could go on ...
>> And you usually do, and on, and on, and on...
> And now you're diverging from the facts and logic of the matter to
> personal attack. It reveals the same flaw that invalidated your
> original post.
I'm sure you've been attacked before, by people a lot less nice than
myself. :)
>> I simply believe that patents on applied math are inappropriate.
>> Given that they are allowed, it seems silly to cite the fact that the
>> courts uphold them as evidence for anything, particularly claims that
>> they are new, novel, and non-obvious.
> Had you said that we could have had a rational discussion. Points in
> the discussion would have included:
> 1. Even patent law agrees with you; the RSA patent is a process
> patent and not a patent on applied math.
Hmmm. Well, patents on pure math are not allowed, ergo, math must
be suitably transformed in order to be patented.
> 2. Patents purely on applied math, are, as far as anyone here knows
> not allowed. You may exponentiate to your heart's content as long as
> you don't practice the RSA algorithm as part of a crypto system.
There is a fundamental difference between telling me I cannot practice
modular exponentiation to communicate with people without licensing
it, and telling me I cannot make RDRAMs without licensing that.
I am unlikely to replicate the RDRAM design by accident. I am quite
likely to derive a given bit of mathematics given the application for
it.
If RSA can be patented, why not something like Householder transforms,
or cluster analysis, or the quadratic formula? Sounds like the
slippery slope to me.
> 3. The court didn't uphold a patent on applied math; it upheld a
> process patent on a crypto system that, among other things, uses
> applied math. So does almost any engineering design.
There is a fundamental difference between a physical machine whose
design required the use of mathematics, and an abstract mathematical
transformation, which may exist only in an instance of some computer
program performing a certain task.
> 4. The particular process patent was found to be new, novel, and
> non-obvious. There was ample opportunity for Cylink to try to refute
> that. They failed. End of story.
Again, returning to the top of our discussion, the existence of
"obvious prior art" for RSA in the common English sense meaning of
"obvious prior art" has little to do with whether patents are upheld
in the current regulatory climate in the United States.
It would be simple to test your hypothesis, by simply giving trapdoor
functions replete with useful identities to two people, and telling
they have to construct a common secret unknown to a third party
monitoring their communication. I cannot imagine a technically
skilled person taking very long to make the transition from some
"one-way" functions, to a practical implementation of D-H, RSA, or
whatever.
That would be my definition of "obvious."
> Now we've discussed all the above substance before, and my purpose in
> reciting the four points isn't to re-open the topic, but to show that
> your definition of what the topic is is simply incorrect.
My posts. My topic. Your posts. Your topic. Works for me. :)
> Given that, I don't propose to discuss the above four points yet
> again. They aren't there to reopen the discussion, but to show that
> your statement of the issue is inaccurate.
My statement is point "I" at the beginning of this message. Please
re-read it and tell me whether or not you agree with it.
--
Sponsor the DES Analytic Crack Project
http://www.cyberspace.org/~enoch/crakfaq.html
Return to December 1998
Return to “Mok-Kong Shen <mok-kong.shen@stud.uni-muenchen.de>”