Strange, I didn't expect Rambus to be involved in cryptography, nor that they would give away the spec and implementation. I guess it was designed to be a smaller die-area solution for some of their silicon IP products, and opening it up just makes it more convenient for their customers to use. (And, hopefully, nobody is stupid enough to use some vendor's secret proprietary crypto in their chips).
I'd be interested to read a history of Rambus. They're a strange and somewhat controversial company. I lived through the controversy but I'm not certain I remember it correctly. From what I remember they patented some things related to DDR SDRAM, I'm not sure how much credit they deserve for developing those things or if they were just first to file. For part of the Pentium 4's lifecycle they convinced Intel to use Rambus' proprietary DRAM (RDRAM) which supposedly had some benefits but I just remember being overpriced. They shook down DDR manufacturers for patent licensing fees. Apparently the EU opened an antitrust investigation into them for getting their patents into the standard and then not licensing them freely enough. I'm not sure it's fair to call them a patent troll but I guess they're something similar to Fraunhofer or Synopsis.
This comment is cringe enough that it is making the rounds on multiple Slacks. It's fine that you've never heard of Curve448. That just means you're not a cryptography engineer. Most people aren't! But if you're not one of those, be a little careful about connecting the dots to things like "Crypto AG". Saying "I've never heard of Curve448, it sounds sketchy" is a little like a systems programmer saying "I've never heard of Paxos before, it sounds sketchy". Most systems programmers are never going to do anything with Paxos. But all the competent ones can look it up in about 20 seconds and confirm that it isn't a conspiracy.
No, Curve448 is as good as can be per the public knowledge, see https://safecurves.cr.yp.to/. What one could expect given Rambus history is undisclosed patents, possibly the most efficient hardware implementation. They have been known to get their tech standardized (not disclosing IP claims) and come back at adopters with patent violation suits.
Cryptography Research patented quite a few DPA/SPA countermeasures, if there is a non obvious patent on Curve448 it will likely be one of those making it hard to make a non infringing, fast yet not vulnerable HW implementation... Given their business in licencing those countermeasure (https://www.rambus.com/security/dpa-countermeasures/licensed...), one can see their eagerness to get some curves in widely used standards as suspicious in that light.
I'm not really concerned but I also understand why one wouldn't implement anything Rambus related given their history of patent trolling...
> Rambus was accused of shredding key documents prior to court hearings, the judge agreed and dismissed Rambus' case against Infineon. T
> On January 9, 2009, a Delaware federal judge ruled that Rambus could not enforce patents against Micron Technology Inc., stating that Rambus had a "clear and convincing" show of bad faith, and ruled that Rambus' destruction of key related documents (spoliation of evidence) nullified its right to enforce its patents against Micron.[28]
> Rambus engaged in intentional deceptive conduct in the context of the standard-setting process for example by not disclosing the existence of the patents which it later claimed were relevant to the adopted standard. This type of behavior is known as a "patent ambush".
> Ronald Black, Rambus's CEO, said, "Somehow we got thrown into the patent troll bunch...This is just not the case."[43]
See, they are the good guys after all. It came right from their CEO. /s
If someone is acting like this then shows up with a "here is a cool curve you can use", not surprising people will be suspicious. It's like that neighbor who has been suing everyone in the neighborhood, and calling the cops on kids playing outside, all of the sudden shows with a plate of cookies. People will think twice before trying a cookie.
Same for me. I don't think Rambus was a pure troll because they actually did invent some things, but at the time I thought they saw what SCO did and wanted in on that action.
Rambus is an interesting company. I can't vouch for their crypto offerings, but they have been around since the 90's and at one point pioneered high-speed DRAM interfaces. Lots of what we see in DDR today is based on ideas and concepts they pushed forward in their proprietary interface. Early on, they definitely did innovative work.
IIRC, their interfaces were used in some Sony play-stations and also some Intel systems.
My fellow comments aren't actually getting to the point: The original release of the Pentium 4 used Rambus RAM, instead of the JEDEC standard of the time.
This Pentium 4 was released in the year 2000.
So, yes, Rambus, the company, is a known quantity. Just weird they're into crypto now, because trying to wiggle into this already crowded patent landmine is certainty an... interesting choice.
They bought Paul Kocher's Cryptography Research in 2021. Cryptography Research designed the Blu-Ray BD+ licensing system and owned a huge IP portfolio on differential power analysis, a technique Kocher, one of the godfathers of side channel cryptanalysis, invented. They also ran (run?) one of the industry's best cryptographic consultancies. If you're a major hardware vendor going to market with a new cryptographic coprocessor, you're very likely going to engage Rambus.
I'd be interested to read a history of Rambus. They're a strange and somewhat controversial company. I lived through the controversy but I'm not certain I remember it correctly. From what I remember they patented some things related to DDR SDRAM, I'm not sure how much credit they deserve for developing those things or if they were just first to file. For part of the Pentium 4's lifecycle they convinced Intel to use Rambus' proprietary DRAM (RDRAM) which supposedly had some benefits but I just remember being overpriced. They shook down DDR manufacturers for patent licensing fees. Apparently the EU opened an antitrust investigation into them for getting their patents into the standard and then not licensing them freely enough. I'm not sure it's fair to call them a patent troll but I guess they're something similar to Fraunhofer or Synopsis.