Alec Muffett Profile picture
everybody deserves good security. see also: @alecmuffett@mastodon.social

Jan 4, 2020, 15 tweets

I need help : from someone with a better legalese attention span than me, and with broad cryptography understanding, to explain to me how US Patent 10412063B1 is somehow NOT an attempt to patent the @signalapp #Signal Encryption Algorithm: patents.google.com/patent/US10412…

@signalapp @matthew_d_green @SteveBellovin @tqbf @FiloSottile I am literally halfway down my first coffee, and it smells to me a bit like someone has taken #Signal, said "if we throw away the prekey mechanism then we have something novel", and then patented it; but then I am still skimming the document:

@signalapp @matthew_d_green @SteveBellovin @tqbf @FiloSottile I am not interested in armchair patent lawyers saying:

"Ho ho ho yes but they cannot enforce this patent in the bastion of privacy that is Germany!"

…because if your remit is that "everyone deserves good security", that includes America.

@signalapp @matthew_d_green @SteveBellovin @tqbf @FiloSottile But my 30 year career has been peppered with people attempting to either regulate or patent, chunks of cryptographic art, thereby retarding adoption.

With this, if I am right and if it is not thrown out, we risk innovation around Signal coming to a FUD-laden stop for 19 years.

@signalapp @matthew_d_green @SteveBellovin @tqbf @FiloSottile Perhaps @zaumka himself would like to chime in and tell us how this patent application:

1/ differs from @signalapp
2/ will not chill innovation in and around #e2ee

cs.nyu.edu/~dodis/

@signalapp @matthew_d_green @SteveBellovin @tqbf @FiloSottile @zaumka Again, I cannot shake the impression of "handwave away the Signal prekey mechanism, and then bolt-the-entirety-of-signal-protocol-to-that-and-patent-the-result".

What am I missing, @zaumka ?

@signalapp @matthew_d_green @SteveBellovin @tqbf @FiloSottile @zaumka Oh, oh, oh, it's not a daisychained series of hash functions which generate message keys, NOOOooo... it's a "random number generator with a seed"

@signalapp @matthew_d_green @SteveBellovin @tqbf @FiloSottile @zaumka NARRATOR: "that's basically the same thing"

@signalapp @matthew_d_green @SteveBellovin @tqbf @FiloSottile @zaumka Okay Axel, thank you for that, let's do that:

@signalapp @matthew_d_green @SteveBellovin @tqbf @FiloSottile @zaumka The Claims: this is where we go back to "need someone with a better attention span than myself"

@signalapp @matthew_d_green @SteveBellovin @tqbf @FiloSottile @zaumka To me, this reads a lot like the Double-Ratchet algorithm (eg: as described in Wikipedia) with maybe freedom to redefine the hash ratchet as some form of PKE?

If my fear is that this chills development of (say) group chat based on Signal, I don't yet feel that I'm wrong.

Hacker News is Hacker News:
news.ycombinator.com/item?id=219540…

Share this Scrolly Tale with your friends.

A Scrolly Tale is a new way to read Twitter threads with a more visually immersive experience.
Discover more beautiful Scrolly Tales like this.

Keep scrolling