Image for post
Image for post

IT’S ALL GREEK TO ME: The Six Patents That Laid The Foundations of Cybersecurity

Prof Bill Buchanan OBE
Oct 25 · 7 min read

We have had three highly successful Cybersecurity spin-out companies, and now setting up our fourth with MemCrypt. In each of these, we have made sure that we protect our core IP, as this is so important in making sure you can protect yourself from large companies who will aim to dominate in their field. A core part of creating a spin-out company is defining what it is you have that is special — the magic widget. And the patent gives you the opportunity to write it down in a formal way.

It would be amazing to have a global blockchain infrastructure for inventions, and where you could log your IP and timestamp it, but it will take a major shift in the patent infrastructure to move towards this. For just now, it’s a matter of writing the patent out, sending it off, defending it, and that long timeline of getting a patented accepted.

So let’s look at a few seismic changes, and that helped lay down the foundation of the cybersecurity industry. For encryption, the first major patent was by Ehrsam et al for the DES block cipher [here]:

Image for post
Image for post

The work was based on John Lynn Smith and Horst Feistel’s work [1][here]. Within Fesitel’s work the cipher — essentially — used the same encryption and decryption process, and where the key application is just reversed [here]:

Image for post
Image for post

The DES patent was filed in Feb 1975 — a whole four years after the Feistel patent filing— and came with 10 new claims. It basically built on the Feistel patent but included new details on the s-boxes and how the keys were actually used in the encryption and decryption process. It was a classic example of holding something back from a first patent and submitting a new one. For IBM, it was a crowning glory that their research was leading to such a dominance in the field, especially as banks were started to move towards encryption for the protection of their transactions.

But a patent submitted in 1977 would build the start of the cybersecurity industry. It was submitted by the wonder team of Martin Hellman, Whitfield Diffie and Ralph Merkle, and outlined a key exchange method that allowed Bob and Alice to communicate openly, and discover a secret that no-one else could reveal. While the patent included Merkle, it is often referred to as the Diffie-Hellman patent, and was assigned to Stanford University [here]:

Image for post
Image for post

The work had first been published in the classic Diffie-Hellman paper published in Nov 1976, and it was Claim 8 that really stood out. In this, the patent outlined a way for each party to generate their own random value, and then for these to be exchanged in a public way, and for each party to end up with the same shared secret:

Image for post
Image for post

Few people — apart from Ralph Merkle — saw this patent coming, but the door was open to the concept of a trap-door function, and soon after the Diffie-Hellman patent came the Hellman-Merkle patent [here]:

Image for post
Image for post

It covered the trapdoor method of using knapsacks and showed a way of creating a public key and a private key. And where one could be used, and only the other one would reverse the first. Shamir eventually created a method to break these, but the patent was the first application of public-key encryption. It was a wide randing patent with 17 claims, and where the first six defined the core of public-key encryption, including the usage of key pairs and where it could be used for authentication (where a private key can sign for something, and the public key proving the signature):

Image for post
Image for post

And it was Merkle again who caused the next great change with a tree authentication method. In five short pages, after submitted on Sept 1979, he laid out the method that has become what we would know as blockchain [here]:

Image for post
Image for post

Again the patent was assigned to Stanford, and where it outlined a way to validate data through a tree of hashes, and where the top-level hash could be used to validate all the data within a block:

Image for post
Image for post

In this, data element Y1 and Y2 were hashed, and then a hash created from this, and eventually we reached the top of the tree, and where a proof of the validity of all the data could be proven from the top-level hash, and any changes quickly traced within the tree. It is such a beautiful patent, and just say what it is, and finishes. It has four basic claims, but, basically, it just built around a core figure for the tree. Beautiful maths at its most wonderful form.

And so after the Knapsack public key, the hunt was on for the most perfect form of public-key possible. This time it wasn’t Stanford, but MIT that produced the solution. The Rivest-Shamir-Adleman patent was filed in 1977 (and issued in Sept 1983) and outlined both public-key encryption and a digital signature method:

Image for post
Image for post

With 40 claims, it was a sledgehammer of a patent. Within it, Rivest et al defined a way of taking two prime numbers (p and q) and creating a public modulus (n) of the multiplication of these. We then create an encryption key (e) value that is relatively prime to (p-1).(q-1), and can then derive the private key (d):

Image for post
Image for post

It runs into 20 pages, and is an excellent example of a strong patent with a worked-out example:

Image for post
Image for post

And that was it … a new world had been formed. I will try and update this page soon and include the other great patents, including for the Fiat-Shamir identification method (created by Shamir and Fiat), the DSA signature (created by Kravitz), Schnorr signatures (created by Schnorr) and GQ identification (created by Guillou and Quisquater).

I wipe a tear away when I think of a few patents we’ve done and that started our spin-outs along their path. The ever wonderful Dr Jamie Graves [here], and the patent that set Zonefox on an amazing journey:

Image for post
Image for post

And information sharing, that sent off Symphonic to the international leader that they are now [here]:

Image for post
Image for post

And the core patent that sent off Cyan Forensics to also become an international leader [here]:

Image for post
Image for post

With our spin-out, we are busy writing at least two patents, and where we aim to protect ourselves against others. If you’re IBM, you have money to spend on patents, for us, it’s not so easy, but we know how important it is.

Here is an outline of Ralph Merkle:

The Knapsack method:

RSA:

[1] Feistel Cryptography and computer privacy. Scientific American, Vol 228, no 5, May 1973.

ASecuritySite: When Bob Met Alice

This publication brings together interesting articles…

Prof Bill Buchanan OBE

Written by

Professor of Cryptography. Serial innovator. Believer in fairness, justice & freedom. EU Citizen. Auld Reekie native. Old World Breaker. New World Creator.

ASecuritySite: When Bob Met Alice

This publication brings together interesting articles related to cyber security.

Prof Bill Buchanan OBE

Written by

Professor of Cryptography. Serial innovator. Believer in fairness, justice & freedom. EU Citizen. Auld Reekie native. Old World Breaker. New World Creator.

ASecuritySite: When Bob Met Alice

This publication brings together interesting articles related to cyber security.

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store