28 May 1998


Date: Thu, 28 May 1998 03:17:16 -0400
To: John Young <jya@pipeline.com>
From: Vin McLellan <vin@shore.net>
Subject: Public Key Royalties

Hi John:

	You recently posted a note from a 5/7/98 GAO report on federal
(Bayh-Dole Act) funding for US research universities in which documented
MIT's 1996 revenues from the commercialization of public key crypto. In an
accompanying note, you raised a few questions about the historical
background of PKC that I thought a deserved response.

	The politics of crypto in the US is burdened with enough shadowy
plots that it behooves those of us who try to track the history of the
industry to keep a grip on simple historical fact whenever we can.

	I personally think the key figures involved in the discovery of PKC
-- certainly Whit Diffie, Martin Hellman, Ron Rivest and Len Adleman --
have for years been exemplary role-models of personal and intellectual
discipline, professional openness, and forthright political engagment (in
the best sense of the word). I wouldn't like to see the public's
understanding of their contributions lost beneath another layer of
Byzantine conspiracy theories.

	You wrote:

>In a recent GAO report on governmental funding of university research
>there is this note:
>
>   In fiscal year 1996, the commercialization of the public key encryption
>   method, which was developed under grants from the Navy and NSF,
>   resulted in $271,875 in royalties to MIT.
>
>Does this refer to RSA or PGP? Did the Navy underwrite RSA's PK work?
>If so does the USG have a secret stake in PGP, Network Associates
>and RSA?
>
>More: did the Navy guide PK researchers based on the secret UK PK work
>before Diffie-Hellman?

	Quick answers to your first questions:

	(1) RSA. RSA Data Security Inc.(RSADSI), a company started by the
three inventors of the RSA cryptosystem was given a contract by MIT to
commercialize the RSA cryptosystem. Under the terms of that contract,
RSADSI pays royalties to MIT, which still owns the RSA patent.

	(2) Nope. The Office of Naval Research (ONI) did staff the
"contracting office" responsible for administering DARPA funding for the
MIT labs where Rivest, Shamir, and Adleman did their initial work -- but
neither the Navy, nor DARPA, nor the NSA, nor the CIA, nor the Feebees
supported the subsequent development of public key cryptography at RSADSI
(the company started by the three inventors which was subsequently given an
exclusive contract by MIT to commercialize the RSA algorithm.)

	(3) No secret stake in RSADSI -- so say the sworn documents filed
with the SEC before the 1996 merger of RSADSI and SDTI. PGP was not
developed at MIT. PGP has never paid royalties to MIT. I don't actually
know if there is, or ever was, any relationship or federal "stake" in PGP
Inc. or Network Associates Inc., but I doubt it. (I also think your
suggestion, without evidence, is a fairly gratuitous slander against all
these firms -- given the historic interest of US government agencies in
weakening non-government crypto and/or forcing independent cryptographic
vendors to corrupt their designs with backdoors to allow surreptitous
government access to encrypted messages and files.)

	As you may recall, I do a lot of consulting for Security Dynamics
(SDTI), which purchased RSADSI in 1996.  I sent your questions over to Ron

Rivest, and he asked me to pass along his response:

>The work on RSA at MIT was supported by NSF grant MCS76-14294 and ONR
>(Office of Naval Research) grant N00014-67-A-0204-0063. (See the
>footnote on the original RSA paper.)  I note that the ONR is the
>contracting office for a DARPA grant here; the "Navy" as such was not
>involved.
>
>(The grants listed above did not even specify cryptography in their
>proposals, and it was more of a courtesy than anything else to
>acknowledge their support on the RSA paper, since they were supporting
>other research in algorithms and such.)
>
>As a consequence of this support, the U.S. government does not have to
>pay royalties on the "RSA patent" (U.S. patent 4,405,829.)  This is a
>standard arrangement for government-supported research; the government
>doesn't want to have to pay twice for the work.
>
>There is no "secret stake" by the government in RSA.  The royalty-free
>license of the patent is their only involvement.
>
>There was no contact, influence, or involvement from any government
>source regarding our development of RSA.  Assuming (correctly, I
>believe) that the Diffe-Hellman paper (New Directions in Cryptography)
>was developed independently of any similar developments in the U.K.,
>then the academic development of the concept of public-key, and our
>consequent development of RSA, were totally independent of whatever
>developments happened earlier in the U.K.
>
>Indeed, given the reaction from the government that we've seen ever
>since, trying to control and/or suppress public-key technology, it is
>extremely bizarre to conjecture that the government in any way
>encouraged it early on or gave technical advice based on work in the U.K.

	I suggest anyone interested in the work on "dual key" cryptography
by British government cryptographers in the early 1970s will want to read
Jame Ellis' fascinating paper, published last December by the British
government, at: http://www.cesg.gov.uk/ellisint.htm  There was also a brief
but helpful NYT article by Peter Wayner, available at:

http://www.nytimes.com/library/cyber/week/122497encrypt.html

	There have doubtless been numerous breakthroughs and great
inventions in the shadowy world of government cryptography. Unfortunately,
the hostility of this (and most governments) have shown toward allowing
such privacy-enabling technologies to fall into the hands of mere citizens
will probably mean that we will have to wait for those inventions to be
rediscovered and thus made available to the free world by others.

	I think we were all lucky that public key crypto -- the necessary
foundation for on-line electronic commerce, which in turn is seen by many
as potentially the economic engine for 21st Century -- was discovered, or
rediscovered, by mere citizens who looked first to its personal and
commercial implications.

	I don't think there was a chance in hell that GCHQ, or the NSA
(which also claims to have separately discovered PKC ten years before
Hellman and Diffie conceived of it) could have recognized its personal or
commercial potential... or would have allowed it to come into the
widespread use we see today if, perchance, they _had_ foreseen that

potential.

	Please feel free to post this. Thanks again for all your work
collecting the treasure trove of documents you have at jya.com.  It's an
invaluable resource.

	Surete,

		_Vin

-----
"Cryptography is like literacy in the Dark Ages. Infinitely potent, for
good and ill... yet basically an intellectual construct, an idea, which by
its nature will resist efforts to restrict it to bureaucrats and others who
deem only themselves worthy of such Privilege."
_ A thinking man's Creed for Crypto/ vbm.

*     Vin McLellan + The Privacy Guild + <vin@shore.net>    *
  53 Nichols St., Chelsea, MA 02150 USA <617> 884-5548


Date: Thu, 14 May 1998 12:08:25 -0400 To: cypherpunks@toad.com From: John Young <jya@pipeline.com> Subject: Public Key Royalties In a recent GAO report on governmental funding of university research there is this note:    In fiscal year 1996, the commercialization of the public key encryption    method, which was developed under grants from the Navy and NSF,    resulted in $271,875 in royalties to MIT. Does this refer to RSA or PGP? Did the Navy underwrite RSA's PK work? If so does the USG have a secret stake in PGP, Network Associates and RSA? More: did the Navy guide PK researchers based on the secret UK PK work before Diffie-Hellman? The full report:    http://jya.com/rced-98-126.txt  (184K)
Date: Thu, 14 May 98 22:49 +0200 From: Bodo_Moeller@public.uni-hamburg.de (Bodo Moeller) To: cypherpunks@sirius.infonex.com Subject: Re: Public Key Royalties John Young <jya@pipeline.com>: >  http://jya.com/rced-98-126.txt  (184K) >    In fiscal year 1996, the commercialization of the public key encryption >    method, which was developed under grants from the Navy and NSF, >    resulted in $271,875 in royalties to MIT. > Does this refer to RSA or PGP? I suppose that's the money paid by RSADSI (and maybe Public Key Partners) to the MIT.  Of course part of that amount comes from ViaCrypt and PGP, Inc.  The details of the sublicensing agreement between RSADSI and the MIT are probably confidential, and thus we cannot know how much of the patent royalties collected by RSADSI/PKP goes to the MIT. Some lawyer's letter to RSADSI (or to RSADSI's lawyers) which is or was archived at your web site gives exact figures for PGP's royalty payments (however not for all of 1996, I think): RSADSI tried to terminate PGP, Inc.'s patent license, claiming (amongst other things) that PGP had failed to pay royalties.  Said letter listed the checks from PGP, some of which had never been cashed (apparently because of the PKP split-up chaos). > Did the Navy underwrite RSA's PK work? R. L. Rivest, A. Shamir, L. Adleman, On Digital Signatures and Public-Key Cryptosystems, MIT/LCS/TM-82 (April 1977):     "This research was supported by grant National Science Foundation     MCS76-14294, and the Office of Naval Research grant number     N00014-67-A-0204-0063"
From: Bodo_Moeller@public.uni-hamburg.de (Bodo Moeller) Subject: Re: Public Key Royalties To: Bodo_Moeller@public.uni-hamburg.de (Bodo Moeller) Date: Fri, 15 May 1998 21:19:21 +0200 (+0200) Cc: cypherpunks@sirius.infonex.com I wrote: > John Young <jya@pipeline.com>: >>  http://jya.com/rced-98-126.txt  (184K) >>    In fiscal year 1996, the commercialization of the public key encryption >>    method, which was developed under grants from the Navy and NSF, >>    resulted in $271,875 in royalties to MIT. >> Does this refer to RSA or PGP? [...] > Some lawyer's letter to RSADSI (or to RSADSI's lawyers) which is or > was archived at your web site gives exact figures for PGP's royalty > payments (however not for all of 1996, I think): [...] I found it at <URL:http://jya.com/rsavpgp2.htm>: >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> [...]       I am writing because I am concerned that there may have been a misunderstanding regarding royalty payments. The letter we received states that PKP's records show that no royalty payments have been made under the license agreement since the third quarter of 1996. Our records show that, over the relevant time period, we have delivered to PKP the following checks, with corresponding royalty reports, all in accordance with the license agreement: [...]       44430        5/15/96      $7,621.07          Q1'96       44783        8/14/96      25,213.05          Q2'96       45402        11/13/96     17,031.43          Q3'96       45671        12/18/96     10,000.00          Advance       46206        2/12/96      18,186.82          Q4'96        I am enclosing copies of checks numbered 44430, 44783, and 45402, all of which indicate that they were cashed by PKP. Checks beginning with the one dated November 13, 1996, including no. 45402 for the third quarter of 1996, bear our new corporate name, Pretty Good Privacy, Inc. After looking into this, we have discovered that the checks issued in December and February have yet to be cashed. We have no information as to why. [...] <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< So Lemcom/ViaCrypt/PGP paid $78,052.37 for 1996 to PKP/RSADSI, whereas the MIT collected a total of $271,875 in royalties.