IT’S ALL GREEK TO ME: The Six Patents That Laid The Foundations of Cybersecurity
We have had three highly successful Cybersecurity spin-out companies, and now setting up our fourth with MemCrypt. In each of these, we have made sure that we protect our core IP, as this is so important in making sure you can protect yourself from large companies who will aim to dominate in their field. A core part of creating a spin-out company is defining what it is you have that is special — the magic widget. And the patent gives you the opportunity to write it down in a formal way.
It would be amazing to have a global blockchain infrastructure for inventions, and where you could log your IP and timestamp it, but it will take a major shift in the patent infrastructure to move towards this. For just now, it’s a matter of writing the patent out, sending it off, defending it, and that long timeline of getting a patented accepted.
So let’s look at a few seismic changes, and that helped lay down the foundation of the cybersecurity industry. For encryption, the first major patent was by Ehrsam et al for the DES block cipher [here]:
The work was based on John Lynn Smith and Horst Feistel’s work [here]. Within Fesitel’s work the cipher — essentially — used the same encryption and decryption process, and where the key application is just reversed [here]:
The DES patent was filed in Feb 1975 — a whole four years after the Feistel patent filing— and came with 10 new claims. It basically built on the Feistel patent but included new details on the s-boxes and how the keys were actually used in the encryption and decryption process. It was a classic example of holding something back from a first patent and submitting a new one. For IBM, it was a crowning glory that their research was leading to such a dominance in the field, especially as banks were started to move towards encryption for the protection of their transactions.
But a patent submitted in 1977 would build the start of the cybersecurity industry. It was submitted by the wonder team of Martin Hellman, Whitfield Diffie and Ralph Merkle, and outlined a key exchange method that allowed Bob and Alice to communicate openly, and discover a secret that no-one else could reveal. While the patent included Merkle, it is often referred to as the Diffie-Hellman patent, and was assigned to Stanford University [here]:
The work had first been published in the classic Diffie-Hellman paper published in Nov 1976, and it was Claim 8 that really stood out. In this, the patent outlined a way for each party to generate their own random value, and then for these to be exchanged in a public way, and for each party to end up with the same shared secret:
Few people — apart from Ralph Merkle — saw this patent coming, but the door was open to the concept of a trap-door function, and soon after the Diffie-Hellman patent came the Hellman-Merkle patent [here]:
It covered the trapdoor method of using knapsacks and showed a way of creating a public key and a private key. And where one could be used, and only the other one would reverse the first. Shamir eventually created a method to break these, but the patent was the first application of public-key encryption. It was a wide randing patent with 17 claims, and where the first six defined the core of public-key encryption, including the usage of key pairs and where it could be used for authentication (where a private key can sign for something, and the public key proving the signature):
And it was Merkle again who caused the next great change with a tree authentication method. In five short pages, after submitted on Sept 1979, he laid out the method that has become what we would know as blockchain [here]:
Again the patent was assigned to Stanford, and where it outlined a way to validate data through a tree of hashes, and where the top-level hash could be used to validate all the data within a block:
In this, data element Y1 and Y2 were hashed, and then a hash created from this, and eventually we reached the top of the tree, and where a proof of the validity of all the data could be proven from the top-level hash, and any changes quickly traced within the tree. It is such a beautiful patent, and just say what it is, and finishes. It has four basic claims, but, basically, it just built around a core figure for the tree. Beautiful maths at its most wonderful form.
And so after the Knapsack public key, the hunt was on for the most perfect form of public-key possible. This time it wasn’t Stanford, but MIT that produced the solution. The Rivest-Shamir-Adleman patent was filed in 1977 (and issued in Sept 1983) and outlined both public-key encryption and a digital signature method:
With 40 claims, it was a sledgehammer of a patent. Within it, Rivest et al defined a way of taking two prime numbers (p and q) and creating a public modulus (n) of the multiplication of these. We then create an encryption key (e) value that is relatively prime to (p-1).(q-1), and can then derive the private key (d):
It runs into 20 pages, and is an excellent example of a strong patent with a worked-out example:
And that was it … a new world had been formed. I will try and update this page soon and include the other great patents, including for the Fiat-Shamir identification method (created by Shamir and Fiat), the DSA signature (created by Kravitz), Schnorr signatures (created by Schnorr) and GQ identification (created by Guillou and Quisquater).
I wipe a tear away when I think of a few patents we’ve done and that started our spin-outs along their path. The ever wonderful Dr Jamie Graves [here], and the patent that set Zonefox on an amazing journey:
And information sharing, that sent off Symphonic to the international leader that they are now [here]:
And the core patent that sent off Cyan Forensics to also become an international leader [here]:
With our spin-out, we are busy writing at least two patents, and where we aim to protect ourselves against others. If you’re IBM, you have money to spend on patents, for us, it’s not so easy, but we know how important it is.
Here is an outline of Ralph Merkle:
The Knapsack method:
Pack Your Knapsack For Some Secret Messages — Difficult to Pack/Easy to Unpack
RSA is just one way of doing public key encryption. Knapsack is a good alternative where we can create a public key and…
RSA Gradually Leaves The Stage After More Than 40 Years As A Leader — And It’s Its Friend (TLS)…
 Feistel Cryptography and computer privacy. Scientific American, Vol 228, no 5, May 1973.