Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

HDK Feedback: Encourage cryptographic algorithms that avoid patent risks #286

Open
sander opened this issue Jul 19, 2024 · 2 comments
Open

HDK Feedback: Encourage cryptographic algorithms that avoid patent risks #286

sander opened this issue Jul 19, 2024 · 2 comments

Comments

@sander
Copy link

sander commented Jul 19, 2024

Context: #282

This feedback is related to the work on Hierarchical Deterministic Keys (HDK), but not part of the working group’s deliverable.

To address the risk of correlating users across presentations to Relying Parties, an EU Digital Identity Wallet needs to be able to present documents bound to many unique one-time-use public keys. This potentially creates an insurmountable key management challenge, especially when implemented centrally in a WSCA.

Solutions such as HDK could help address this challenge, distributing key management across the WSCA and the Wallet Instance, while leveraging existing certified WSCD solutions (#283).

Distributed key management involving existing certified WSCD solutions is possible with ECDSA, EC-SDSA (EC-Schnorr) and ECDH-MAC. These are likely candidates for proof-of-possession algorithms in the short term. However, while researching the options for HDK as reported in ETSI TR 119476, several granted and pending patent claims of organisations within and outside of the EU were found potentially applicable to distributed ECDSA. Such claims could create implementation risk.

To avoid this risk in the ecosystem, consider encouraging the use of EC-SDSA or ECDH-MAC for WSCD-binding in the ARF. Methods implementing these algorithms in a distributed way have been widely applied in open source communities for a long time, which makes patent claims significantly less likely.

Such ARF encouragement should be complementary to the essential patent disclosure process of standards organisations. These should be started as well, but may not provide sufficient clarity in time for implementation of the EU Digital Identity as described in the ARF.

Details: ETSI TR 119476 version 1.2.1 § 4.4.4.2 on Hierarchical Deterministic Keys and blinded key proof of possession, HDK v0.1.0 section on Generic HDK instantiations.

ARF version: 1.4.0
@sander
Copy link
Author

sander commented Jul 20, 2024

Some examples were identified on Cryptography Stack Exchange during the work on ETSI TR 119476: in the context of batch issuance and proof of association, WO 2024/123181 claims distributed ECDSA, more broadly than the Split-ECDSA patent WO 2022/050833. It seems to apply a similar technique as US 10530585 and US20030059041.

@sander sander mentioned this issue Aug 26, 2024
Open
@ottomorac
Copy link

This is an important concern, priority should be given to algorithms that are available under creative commons and public good friendly licenses. As a key example the ISO20008 states that there may be patent issues. (Apparently from NEC and ETRI), for various "anonymous signatures" algorithms included in that standard.

Any approved cryptography should be free of intellectual property issues in order to facilitate adoption of the EUDI wallet spec.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sander @ottomorac