Forgot your password?
typodupeerror
Patents

What Would You Do With a New Form of Encryption? 868

Posted by Cliff
from the share-or-sell dept.
Kip Knight asks: "I've been sitting on an invention for six months now. I'm debating whether to 'give it to the world' or patent it. I would obviously like to feed my family on the fruits of my endeavour but don't see much hope in the open source route. My invention improves upon the 80 year old One-Time Pad encryption turning it into a 'Many-Time Pad'. Since I haven't got my export license to speak about the details yet, I won't describe further. The advantages are proof (i.e. unbreakable) against brute force attacks and known-plaintext attacks (unlike the OTP). The disadvantage is carrying around a very large digital key (which could easily fit on one of those USB memory key fobs). My question is this: Could I sell enough $10 shareware GPG extensions to compensate for not locking in 20 years of patent protection (and the $20,000 to patent it)?" While the claims made by the submittor have yet to withstand the crucial test of time (and prying eyes), if you had developed a new form of encryption, what would you do?
This discussion has been archived. No new comments can be posted.

What Would You Do With a New Form of Encryption?

Comments Filter:
  • Easy. (Score:5, Insightful)

    by superdan2k (135614) on Wednesday October 09, 2002 @01:50PM (#4417817) Homepage Journal
    1. Patent it. Period.
    2. Allow it to be used freely by open source programs. License it to commercial companies that stand to make money.
    3. ...
    4. Profit.
  • by hpa (7948) on Wednesday October 09, 2002 @01:51PM (#4417824) Homepage
    ... patent it, *then* you can figure out what business model you want to use.

    Note, however, that the claims made by the submittor is basically a laundry list of the kinds of claims that makes seasoned cryptographers go "oh no, not again."
  • by i_want_you_to_throw_ (559379) on Wednesday October 09, 2002 @01:52PM (#4417833) Homepage Journal
    Replace the one that NSA has broke already...
  • Feed the Family (Score:5, Insightful)

    by syrupMatt (248267) on Wednesday October 09, 2002 @01:53PM (#4417840) Homepage Journal
    Fact is, if i need money, then liscense it to a company who will do the dirty work for me and live off the proceeds. If it is, in fact, a brilliant discovery, you should fight for provisions which will ensure some amount of open review.

    Not everyone who comes up with such a proven idea is a software developer, and they may not be able to live off of creating cutting edge software or maintaining said software for a living. The bazaar method doesn't apply to theory.
  • Hehehehe (Score:5, Insightful)

    by tomstdenis (446163) <tomstdenis@SLACK ... com minus distro> on Wednesday October 09, 2002 @01:53PM (#4417846) Homepage
    Ten bucks says five mins after he publishes it it will get broken.

    "many-time" otp are quite nonsense. See the problem is people think that good ciphers can have security approaching the OTP. The OTP is an absolutely different type of security.

    For instance, *no* ammount of time is sufficient to break an OTP without the key. Whereas a block cipher can be broken at least in theory.

    I'd suggest to the original poster that he try to get his design published. When it gets horribly broken it will serve as a learning experience as how "not" to approach science.

    Tom
  • by Anonymous Coward on Wednesday October 09, 2002 @01:53PM (#4417848)
    I would patent it and sell it because if you present this to the public free of charge then other companies will take advantage of this. Think of your family first and be a capitalist.
  • by Faggot (614416) <choads&gay,com> on Wednesday October 09, 2002 @01:53PM (#4417855) Homepage
    It's heartwarming that you've invented a new form of crypto. However, before anyone takes it seriously, you're going to have to reveal it to the cryptographic community. "Many eyes make bugs shallow" as they say, and in few places is this more important than in crypto. An algorithm you've looked at 10000 times may have a logical error you've never caught, that would be glaring to a knowledgable pair of fresh eyes.

    Plus no self-respecting paranoid freak is ever going to use a new cipher that hasn't had any time in the spotlight. Release it to the field and ask for comments.
  • 99.9 percent sure (Score:5, Insightful)

    by PD (9577) <slashdotlinux@pdrap.org> on Wednesday October 09, 2002 @01:54PM (#4417857) Homepage Journal
    That this invention is a bunch of crap. Most likely scenario: inventor releases a press release that gets widely reported and the most secure thing ever invented. Claims like "unbreakable" and "proven secure" and "many time pad" will be thrown around freely.

    And then someone with a decoder ring will crack that puppy wide open.

    Yawn. Snake oil.
  • by pitc (557530) on Wednesday October 09, 2002 @01:54PM (#4417863)
    so you want us to decide what's more important to you? I'd say give it to the world, but that's my own opinion. that's what this whole thing is going to be... opinion. what's more important? money or ideals? it gets trickier (as mentioned) when you've got to put food on the table. Trickier still when you consider the investment (time and money) needed to see your invention pay off. as with any big life decision you just need to look at all the courses of action and their consequences, and chose the one that suits your life goals best.
  • What you do is,,,, (Score:2, Insightful)

    by TerryAtWork (598364) <research@aceretail.com> on Wednesday October 09, 2002 @01:55PM (#4417878)
    release it at a crypto convention and get a reality check as it is broken by one of the people at the con before you go home.....
  • Porbably nothing (Score:2, Insightful)

    by LordKronos (470910) on Wednesday October 09, 2002 @01:55PM (#4417886) Homepage
    I probably wouldn't do anything with it. This topic comes up time and time again, and everyone always thinks they have something new and unique that nobody has ever done before (just like in the data compression field). Chances are VERY good that what you have come up with has been done many times, or else it doesn't work as good as you think.

    In this case: a many time pad? That hardly makes sense. The only real strength of a one time pad is that it NEVER repeats. No matter how large you make your pad, if it repeats it is highly susceptable to attack. The more it is used, the more susceptable. Call me a Doubting Thomas if you will, but I'm definitely doubting it.
  • by unicron (20286) <unicron@thcneCURIEt.net minus physicist> on Wednesday October 09, 2002 @01:56PM (#4417891) Homepage
    Don't let the 15 year old's working at Taco Bell try to tell you shit about selling out. Especially because you have a family due whatever is necessary to secure your financial future. I would weigh my options, and find out the best scheme involving reward vs. control of project lost. Find a nice happy medium between the two. But please, look at your family, think about all the things a higher standar of living could provide them before listening to anyone with advice like "Make it completely free and open source". You don't have to feed those people, you do have to feed your children.
  • Re:Do Nothing (Score:5, Insightful)

    by Anonymous Coward on Wednesday October 09, 2002 @01:58PM (#4417905)
    Security Through Obscurity Does Not Work. Period.
  • by TheSync (5291) on Wednesday October 09, 2002 @01:58PM (#4417908) Journal
    Patenting something (properly) will cost thousands of dollars and will require a patent lawyer.

    The US is a first-to-invent not a first-to-patent country, so make sure you have a hardcopy of your invention description dated and notarized.

    Then let some Net crypto people beat on your idea, make sure you say "Patent Pending."

    If it holds up, you should easily be able to raise the money to get it patented properly. (Actually, if so, email me, I may know a few investors)

    Judging from your description, I'd say your invention has a high probability of not truly doing what you think it does. Developing novel and useful cryptographic technology is a rare occurance, generally done by people who have a ton of experience in the area. No point in wasting money if it won't stand up to 30 minutes in sci.crypt
  • by Lord Greyhawk (11722) on Wednesday October 09, 2002 @01:59PM (#4417918)
    My invention improves upon the 80 year old One-Time Pad encryption turning it into a 'Many-Time Pad'.

    Information theory proves that the One-Time Pad (OTP) is optimal - it cannot be improved.

    The advantages are proof (i.e. unbreakable) against brute force attacks and known-plaintext attacks (unlike the OTP).

    The OTP has no known-plaintext vulnerability. By submitting even a chosen plaintext to be encrypted, and studying the encrypted message, you only learn the piece of the One-Time pad used on your own content. It does not help you break any other part of any other message.

    The only way to break a OTP is to get a copy the pad or by breaking the random number generator used to create the pad.

    This post's claim is the usual nonsense. So patent it if you wish - release it if you wish - I doubt anyone will find it usable.
  • Here's a quote... (Score:5, Insightful)

    by Bald Wookie (18771) on Wednesday October 09, 2002 @02:00PM (#4417920)
    It is impossible to make money selling a cryptographic algorithm. It's difficult, but not impossible, to make money selling a cryptographic protocol.

    Who said it? Bruce Schneier, one of the current gurus of crypto. Where did he say it? Here on Slashdot [slashdot.org]

    The whole article is worth a read.

    My perspective is that I seriously doubt your claims. Until there is strong peer review of your entire cryptosystem from top to bottom, I won't touch it. Unless it solves some problem with other cryptosystems already in use, the market won't touch it. If you can these two objections then you might have a shot at some money. Otherwise...
  • by Srin Tuar (147269) <zeroday26@yahoo.com> on Wednesday October 09, 2002 @02:00PM (#4417924)


    There are tons of symmetric encryption methods ranging from patented to totally free. They all have the property of being effectively unbreakable with decent keysizes. Unlike your proposed method, they dont require ridiculously large keysizes. I really dont see the commercial potential, or even the potential for significant non-commercial use.


    The method you describe would actually have significant *disadvantages*, such as being ill-suited for use with asymmetric cyphers.

    The advantages are proof (i.e. unbreakable) against brute force attacks and known-plaintext attacks (unlike the OTP).


    I dont see how a one time pad wouldnt have these properties. Note that the name is One Time Pad, so if you reuse the pad, its not one time anymore.

  • Re:Easy. (Score:5, Insightful)

    by Lokni (531043) <reali100NO@SPAMchapman.edu> on Wednesday October 09, 2002 @02:02PM (#4417936)
    I definitely agree with the above poster on 1, 2 ,4. As far as coming up with the $20,000, find a lawyer that will draw up a rock solid non disclosure agreement and then shop it around to rich businessmen and patent lawyers after you get a signed NDA.
  • by sssmashy (612587) on Wednesday October 09, 2002 @02:02PM (#4417939)
    1. Sign a non-disclosure agreement with a reputable encryption expert.

    2. Pay said expert a fee to examine your system and comment on its merit.

    3. If your system has potential but needs adjustment, repeat #1 and #2 as necessary, if possible with different experts (within the limits of your financial resources, of course).

    4. If you are still convinced that your system is worthy, hire a patent lawyer and patent it.

    5. Don't try to sell it on your own. Instead, try selling it to an encryption firm or software distributor, using the expert opinions from #1 and #2 to bolster your sales pitch.

    6. If you find a buyer, try to license your encryption system rather then sell it outright.

    7. ...

    8. Profit!
  • by markk (35828) on Wednesday October 09, 2002 @02:02PM (#4417945)
    I would reinforce this comment - the claims in the original submission are invalid on the face of it in the real world. There is no plaintext attack on a real 'otp' with enough randomness in the key since the key is used only once.
    To all of the people with new cryptosystems - with all due respect - we now have really good, well understood cyphering methods up to a level where the failure in security won't be from the method of encryption. Key exchange could be improved, but actual symmetric cypher methods aren't going to revolutionize things anymore. We can always use better, and people will continue to look for flaws (as in Rijndael) but none of this is big time.
  • by Erbo (384) <obreerbo@nOsPam.gmail.com> on Wednesday October 09, 2002 @02:03PM (#4417949) Homepage Journal
    I suggest you begin by reading this [counterpane.com], and maybe also this [counterpane.com], both by Bruce Schneier, one of the foremost experts in cryptography and computer security today. Then re-evaluate your expectations about the potential success of your new algorithm, because it's possible you're deluding yourself.

    I'm sorry to burst your bubble, but there have been a lot of great mathematicians and cryptographers that have tried to design good, secure algorithms over the past few decades. Very few have actually managed to create algorithms that'll stand up under analysis. You may think you've done so, but it's going to take a lot to convince everyone of that.

  • by RealAlaskan (576404) on Wednesday October 09, 2002 @02:04PM (#4417958) Homepage Journal
    First, ``patent it'' and ``give it to the world'' aren't mutually exclusive. You can patent, and then give all users a free, non-revocable license. This is probably a good idea, to avoid being abused by holders of other patents. Or, you could give such a license for use only in software issued under your favorite license(s) (GPL, maybe?).

    You say that it is ``... proof (i.e. unbreakable) against brute force attacks and known-plaintext attacks .... Can you prove that? Can you prove it well enough that a mathematician won't laugh at you? If you haven't gotten this reviewed by some competent cryptographers, the whole issue is probably moot anyway.

    As for your explicit question: `` Could I sell enough $10 shareware GPG extensions ...'' I suspect that the answer is ``probably not''. PGP doesn't seem to have sold very well, and cryptography doesn't seem to be a hot seller right now. Patent or not, this may not be a big money maker. A better way to have phrased your question might have been: ``Is this invention likely to make enough money that I could come out ahead by patenting it?''

    A better place to have asked your question might have been a forum where cryptographers hang out. I'm not sure that a lot of them will see this here on slashdot. If you have some sort of credentials as a cryptographer or mathematician, you might try sending emails to some patent-holding cryptographers, and ask about their opinions on your algorithm, and their experiences with patents.

  • by edward.virtually@pob (6854) on Wednesday October 09, 2002 @02:07PM (#4417988)
    If you patent the idea, you can then control how it is used -- including permitting its use in Open Source or other software. As some people are aware, Dennis Richie holds a patent on the 'set-uid' bit concept. In fact, patenting it yourself (and thus allowing you to set the terms of its use) is probably better for the Open Source and Free Software interests since that would ensure some other, less friendly, entity could not patent it later -- if you do not patent it, someone else will (even if they shouldn't be able to [the uspo being so imfamously incompetent]).
  • Unbreakable? (Score:2, Insightful)

    by Anonymous Coward on Wednesday October 09, 2002 @02:08PM (#4417994)
    Yea and the titanic was thought to be unsinkable... Unless its been out in circulation for attempts to be made, i would hold off on the claims.

    1st move...Patent it
  • Obscurity (Score:2, Insightful)

    by ACNeal (595975) on Wednesday October 09, 2002 @02:08PM (#4417997)
    I can't believe this hasn't had the crap flamed out of it, let alone get a +2.

    Obscurity isn't a great security model. I am not going to say that it has no place in security either.

    Just because I am the only one that knows that I XOr'd my message with the umteenth row in a pascal triangle, doesn't mean that someone won't be able to see the pattern, or use other attacks to figure it out.

    It does make a good, but vulnerable, security system a little better, but shouldn't be the main part of your security system, or even a major part.
  • by vlad_petric (94134) on Wednesday October 09, 2002 @02:10PM (#4418020) Homepage
    IMHO it is much better to become renowned and not make money out of it than waste your money on a patent and get zero return.

    The chances of making money out of a patent are slim. Moreover, the cryptography market is "canibalized" - even if your system is, as you claim, a lot better than the existing techniques, most people will still use something that stood the test of time (e.g. RSA, which has become free)

    Anyway, the US Patent system allows you to publish your idea one year before you file for a patent. Get some peer reviews (a proof is simply not a proof if kept secret) before embarking on a patent adventure.

  • by bellings (137948) on Wednesday October 09, 2002 @02:13PM (#4418040)
    Indeed. It sounds like an "XOR" encryption scheme : i.e. make a large, random digit file, and XOR it against things that you want to encrypt. It is incredibly week for obvious reasons...

    I'm reasonably decent at math. Actually, I'm modest. I'm really, really, really fucking good at math. I can't see any reason the encryption method you describe would be "weak". I certainly don't see any "obvious" reasons.

    Would you please elaborate on these obvious reasons?
  • by sittingbull (526322) on Wednesday October 09, 2002 @02:14PM (#4418056)
    ... some plain text and some cipher text. If any one can deduce the way your n-time(n >= 1) pad then forget the patent. One the other hand, if your n-time pad is unbreakable expect some time to pass before all of the best cryptoanalists have had a wack at breaking it. Then after that expect the NSA to come knocking at your door and telling you what your rights are for disseminating the n-time pad. This happend to IBM with their "Lucifer" encryption scheme known as DES - or Triple-DES now. Finally, does your code eat much processor time if it does then it will also be limited in use even after passing rigorus testing. Check out AES/Rijndael on google - uses 50k of memory VERY important for cell/PDA application.... That is all. SittingBull
  • Re:Easy. (Score:3, Insightful)

    by nelsonal (549144) on Wednesday October 09, 2002 @02:20PM (#4418109) Journal
    Patents in themselves are not bad, just as licenses are not bad (remeber that the same powers that protect Microsoft protect the GPL), in all cases they protect an author from another using his idea. In this case the poster could patent their idea, and license it royalty free to whomever. What the general consensus dislikes is patents that prevent them from using their idea for implimenting a project because the patent is very broad, or common sense enough to be invalid.
  • by dattaway (3088) on Wednesday October 09, 2002 @02:22PM (#4418130) Homepage Journal
    There's even a better method that has been discussed for years. Document everything. Mail it to yourself. The postmark is sufficient proof of the date.

    It doesn't matter if you intend to make a product or wait until someone else uses your best kept secret. If you plan to ramp up a production line to pump out your products and are sued by someone who finally does (and will) get a patent on your idea, just show them the evidence. Rather than having their patent nullified due to prior art, they will give you cash to shut up. Same if someone else makes it and they happened to patent it. Threaten to sell your prior art to others. Hush money will come your way (or someone will come over to fit you with a pair of concrete shoes.)

    You can be assured this will happen. The introduction of new technology makes new obvious things possible. Its a race with time. Better put the cards in your pocket and hide them until the dealer has a lot of cash on the table.
  • by Marx_Mrvelous (532372) on Wednesday October 09, 2002 @02:26PM (#4418166) Homepage
    Aright, so the one-time-pad is totally unbreakable, as long as the key is random, and no one decrypts it. The weakness lies in, if you use the same pad two times, you can XOR the two encrypted messages together, and get message A XOR message B. This is a critical weakness of the OTP.

    If I had to guess, this guy came up with something like, "Each time you use the OTP, start at the next bit" so that it's like having a bunch of OTP keys, but in one place. I'm guessing whatever scheme he came up with either has already been invented, or is also critically flawed.
  • by AnotherBlackHat (265897) on Wednesday October 09, 2002 @02:27PM (#4418174) Homepage
    My invention improves upon the 80 year old One-Time Pad encryption turning it into a 'Many-Time Pad'.


    Information theory proves that the One-Time Pad (OTP) is optimal - it cannot be improved.



    Sorry, I can't let that one pass -
    Information theory doesn't prove anything of the sort.
    OTP are provably unbreakable in one, limited sense.
    There's plenty of room for improvement in all the other senses however.


    The OTP has no known-plaintext vulnerability.

    Not true.
    The traditional XOR - OTP is vulnerable to a man-in-the-middle active change attack.
    Picture a bank deposit protected with an XOR OTP.
    The MitM XORs the account number of the victim with (victim's account number ^ MitM's account number)

    This post's claim is the usual nonsense.

    At least we agree on something.

    - this is not a .sig
  • by Roscol (568423) on Wednesday October 09, 2002 @02:30PM (#4418207)

    Preface: IANAL

    Mailing to yourself does not hold up in court as a substitute for a notary. You could always mail yourself an empty, unsealed envelope then fill it with documents at a later date.

    Document everything and get it notarized.

  • Re:Easy. (Score:5, Insightful)

    by pizza_milkshake (580452) on Wednesday October 09, 2002 @02:30PM (#4418208)
    It is interesting to me all of the highly-marked comments suggest the patent route whereas the general tenor of /. discussions concerning patents is that THEY ARE BAD

    i wouldn't say that the general thinking is that all patents are bad, but frivolous patents on things that aren't patent-worthy (like Amazon's "One-Click Shopping") are certainly bad.

    Patents are meant to protect individual inventors' inventions from being ripped off. Instead, many companies try to patent everything (even things that are common and that they didn't "invent", for instance if/when eBay tries to patent "online auctions" ) and then use their squads of lawyers to go out and try to slow down, fine or destroy any company that develops any products that bear any resemblance as a means of intimindation via multi-million dollar lawsuits.

    Patents should be used as a means of defense, not offense.

  • by aero6dof (415422) <aero6dof@yahoo.com> on Wednesday October 09, 2002 @02:33PM (#4418235) Homepage
    The corollary to this advice would be to hire a lawyer to write an NDA and hire an competent, independent cryptographer under that NDA to advise you about the novelty of your encryption approach. This will give you an idea of its worth pursuing the patent. I would think that you should explore not only the encryption algorithm, but the physical key-management apparatus that you're envisioning.
  • by autopr0n (534291) on Wednesday October 09, 2002 @02:34PM (#4418242) Homepage Journal
    I seriously doubt you've found anything substantial that some of the worlds greatest mathematical minds just sort of 'passed over'. I mean, seriously. It's been proven that the only secure encryption technique is OTP. You could no more have come up with something more secure then I could add 2 + 2 and end up with 64,000.

    Finally, you can actually both "give it to the world" and "make money". In fact, the whole point of the patent system is to get people to give out their secrets by granting them a limited monopoly.

    If you really have something worth while, you can simply license you're concepts for general use. Public Key crypto has been patented for 30 years (almost expired) but it's used everywhere and has been a great boon to secure communications. Why? Because the authors licensed it for reasonable rates and allowed it to be used for free.

    Patents only cost about $700, and once you get one it's yours for the next N years (or whatever, not sure about the exact number of years, it may be different in different fields). You can still let people use it for N-1 years and then try to get money out of it in year N (see the Unisys GIF patent). Patents aren't like trademarks where you have to keep policing them or you lose them, despite what morons on Slashdot (such as Hemos, even... btw whatever happened to him?) seem to believe.

    One other thing:

    The advantages are proof (i.e. unbreakable) against brute force attacks and known-plaintext attacks (unlike the OTP).

    If I'm reading this right, you seem to think OTP is susceptible to brute force attacks. If this is true, you basically know jack about encryption.
  • by Anonymous Coward on Wednesday October 09, 2002 @02:38PM (#4418284)
    OTP provides perfect secrecy. It doesn't provide any form of authentication, or even hint at a way to provide authentication. If someone knows the message, they can figure out the key, and they can send whatever message they like in its place.

    When I wanted to learn more about cryptography, I started from what I understood (OTP) and came up with some ideas for fixing its limitations. I wrote up a page describing the new method (One Time Deck [boswa.com]), and put up links to cryptography newsgroups for comment. Sure enough, they pointed out some superior methods (my method works, it's just stupidly expensive in key data). I added links to papers on the superior methods to my page, and moved on.

    All in all, time well spent in gaining a thorough understanding of theoretically perfect non-quantum cryptocgraphic methods. It may be taken for granted that all worthwhile OTP variants have been covered. In cryptography, theoretical perfection is as simple and boring as basic arithmetic, while practicality is as complex and rich as computer programming.

    The inventor would be well-advised to follow my approach, and at least learn something. Unless he intends to swindle other people who understand even less than he does... that has traditionally been the most profitable use for bad ideas in cryptography.
  • Re:Hehehehe (Score:5, Insightful)

    by X-rated Ouroboros (526150) on Wednesday October 09, 2002 @02:39PM (#4418289) Homepage

    Indeed.

    I seriously doubt the guy has looked at this from all angles or considered how it would be implemented digitally. Some ideas that seem really good on paper break down when you get to the nuts and bolts of how to do it with bits and bytes. Considering the guy's tendency to throw around OTP and, gag, "many-time pad," I don't see a lot of familarity with the way these terms are percieved by the lay crypto.

    Still, if he's got that much faith in it, patent it, or write it up and copyright the description (not really ironclad, but it could get a settlement if OmniCorp steals the idea). I think the only reason the guy is asking about rather than just doing it is because he fully expects it to be broken shortly after going public and all the costs of filing a patent going to waste.

    Considering he says it's invulnerable to known plaintext attack he could post some plaintext and ciphertext for people to whack at for a while. It might just be security through obscurity if no one breaks it, but it could also illustrate that while he's so busy looking at ways to break the algorithm he's too close to see he's taking the long route around a much more straightforward (and trivial) transform.

    Posting ciphertext and plaintext and inviting people to attack it should keep the encryption method safe if it's as secure as he thinks it is. If some reverse engineers the algorithm (or an equivalent) it will show it wasn't worth patenting in the first place (or that it's already been patented).

  • by autopr0n (534291) on Wednesday October 09, 2002 @02:42PM (#4418322) Homepage Journal
    (remember that the same powers that protect Microsoft protect the GPL)

    You might want to actually read the GPL some day, It says right in the preamble you don't have to accept the terms of the GPL if you want to run it, but if you don't you have no right to distribute the software.

    Microsoft seems to believe they can force stipulations that wouldn't normally even hold up in a cort of law on anyone who clicks 'next'
  • by Quarters (18322) on Wednesday October 09, 2002 @02:44PM (#4418337)
    Well, Kip's e-mail address is newtsprism@AOL.COM. That ought to tell you something.


    It does! It tells me that you are either:

    a) A techno-bigot
    b) A 13 year old who lacks in social skills
    c) An overweight 42 year old who lives in his mother's basement and spells "Microsoft" as "Micro$oft" (all credit to Gabe and Tycho)

    or

    d) A cynical idiot who doesn't really have anything constructive to add to the discussion.

    (note: D can be used in conjuction with any of the previous choices)
  • Re:Hehehehe (Score:2, Insightful)

    by amitola (557122) <mikeyNO@SPAMsingingtree.com> on Wednesday October 09, 2002 @02:44PM (#4418338) Homepage
    This is both the encryption and decryption step. If you know that I'm likely to be talking about the "World Trade Center", you can then plug that key phrase into the resulting cyphertext at every possible point and look at the result. If you get a message back that looks like: "T*e atta** **ll *e at ******* on t*e World Trade Center" you can be pretty sure that you've identified part of the message because the result looks an awful lot like reasonable english. There are statistical ways to do this without having to attack it by eyeballing english. They're even pretty reliable.

    What in the hell? This is how you would start a known-plaintext attack against a substitution cipher. It has no relevance whatsoever to a one time pad.

    The entire point of the (ideal) OTP is that the key is truly random and of equal length as the message. Because of these facts, guessing part of the message reveals no information whatsoever about the rest of the message. Thus, guessing World Trade Center, even correctly, will not yield something like:

    "T*e atta** **ll *e at ******* on t*e World Trade Center"

    You would instead have:

    "(* x 37)World Trade Center"

    More importantly, it is useless to make guesses like this in the first place, because unlike other ciphers, the one time pad will provide you with no feedback as to whether your guess was right. The same ciphertext, produced by a one time pad, might decrypt to "World Trade Center", or "Golden Gate Bridge", or "Buy milk and eggs", all with equal probability.

  • Re:Do Nothing (Score:3, Insightful)

    by susano_otter (123650) on Wednesday October 09, 2002 @02:46PM (#4418353) Homepage
    Not by itself, at least. I always figured that obscurity would be the first element of any robust defense in depth. You'll have trouble picking the locks on my door if you have no idea where I live. But I don't rely only on your ignorance to protect my home--I also have really good locks. Of course, now that you know I have really good locks, your job becomes a little bit easier. If I told you the make and model of my locks, that would make your job easier yet. You'd probably also like to know about my alarm system, guard dogs, and surveillance cameras. Every piece of information you have about my security improves your chances of breaching it, and reduces my obscurity by an unacceptable amount. Obscurity is a vital component of any physical security system. Period.
  • Forget it. (Score:3, Insightful)

    by AnotherBlackHat (265897) on Wednesday October 09, 2002 @02:48PM (#4418375) Homepage
    It sounds a lot like a classic blunder, and not a new encryption at all.

    But assuming for the moment that one discovers a new kind of encryption,
    the question becomes why is this new encryption better than the hundreds of existing algorithms.

    Rijndael is libre, approved by FIPS, has reference implementations available,
    and has been thoroughly checked by several cryptographers.
    If the only difference your encryption scheme has is a (possibly flawed) proof of security,
    then you have a "me too" product that's competing in saturated market place.
    You best bet is probably to go for fame, and then try to turn that fame into a better paying job.

    -- this is not a .sig
  • Re:Easy. (Score:5, Insightful)

    by Darth_Burrito (227272) on Wednesday October 09, 2002 @03:03PM (#4418498)
    It is interesting to me all of the highly-marked comments suggest the patent route whereas the general tenor of /. discussions concerning patents is that THEY ARE BAD. What gives?

    Reality? Whether or not Patents are evil is debatable, but whether or not you need a patent to maintain ownership of your intellectual property isn't.
  • by Anonymous Coward on Wednesday October 09, 2002 @03:07PM (#4418530)

    Funniest. Post. Ever.
  • by malachid69 (306291) on Wednesday October 09, 2002 @03:09PM (#4418545) Homepage
    Personally, I have been thinking about this a lot lately too -- for encryption and other software that I am writing.

    I believe that the Patent office (and Copyright Law) are outdated and prevent the growth of technology. Why? Because the way it should work is that you design this new encryption, and it gets utilitized EVERYWHERE making everything better. Instead, what normally happens is that people patent things and it gets blocked from the public (either by the inventor, or the one he sells out to). This is part of the reason that medicines cost more than they should (see previous /. article), and the reason why we never see some kewl gadget that existed when our parents were kids. Look at OLED -- much better than LCD, cheaper to make, etc -- but CRT/LCD manufacturers loose money if they are mass produced.

    Besides, someone could probably outdo your patent by adding the words "using binary" since the Patent Office is obviously NOT doing its job correctly (regarding tech/software/hardware).

    But, how to make a living if it is OpenIP? If it is a "good" technology, then $5 registration or something MIGHT happen. However, if it is a "great" technology, perhaps by teaching -- ie: classes, books (O'Reilly, et al), etc... Try emailing O'Reilly and seeing if they would be interested in publishing a book on how it works if you write it.

    One thing that I personally am very careful of, and most people on this list will probably flame me for it, is I wouldn't use GPL. GPL is like a virus, and you loose the ability to get the whole world to use it. Most companies I have worked for were more than willing to use BSD-based code, but wouldn't even look at GPL-code... So, if you want the whole world to use it, GPL will loose half your audience. If you don't care about it being used by the masses, then it might protect you more (I am not convinced on that matter due to 'cygwin').

    Malachi

    BTW: I thank **ALL** encryption can be brute-forced.
  • Re:Easy. (Score:5, Insightful)

    by blibbleblobble (526872) on Wednesday October 09, 2002 @03:11PM (#4418565)
    Hang on a sec... this guy says he has a revolutionary new encryption algorithm that's as secure as a one-time pad? Now, even for people who don't have the first clue about cryptography*, that sounds like the inventor needs a breath of fresh air and a healthy dose of reality, never mind a patent lawyer.

    Hint: Encryption systems only become revolutionary after they've been in the public domain for 5-10 years. Even then, they won't get used if there's a patent attached.

    One-time pad? Bull. Crypto inventions come at a rate of one every 5 years, and the next one due is quantum cryptography. Think the idea is so smart it's better than quantum? Even claiming it's comparable to elliptic-curve crypto is one hell of a claim, and not something to be believed until it's published in a journal. Several times. And reviewed by people we've heard of. Even then, we won't believe it's unbreakable until the inventor has been imprisoned by the FBI for publishing it.

    Nevermind the patent issue: there's a common-sense issue to be solved first. Thousands of crackpots a year come up with unbreakable [by them] encryption; having a patent doesn't make it any less snake-oil.

    *Clues to be found in:
    Book: Applied cryptography
    Book: Secrets and Lies
    Article: Phil Zimmerman's writings on the PGP page
    Helpfile: PGP helpfile

  • by susano_otter (123650) on Wednesday October 09, 2002 @03:12PM (#4418568) Homepage
    How about e) Given the reasonable expectation that experienced cryptographers and information experts generally don't get online through AOL (since AOL markets heavily to non-technical people, and most if not all technical people you meet don't use it at all), it is reasonable to expect that an AOL user will not come up with a technically robust encryption scheme. It's not about techno-bigotry, so much as reasonable expectations based on years of statistical and anecdotal evidence.
  • Re:Easy. (Score:5, Insightful)

    by JonTurner (178845) on Wednesday October 09, 2002 @03:39PM (#4418839) Journal
    And then what? "Rock solid" legal agreements don't mean shit unless you have the money to take then to court if they violate the terms or even outright steal the idea. That they did it isn't enough. You have to PROVE it in court, and that takes $$$. Are you prepared for the appeals, motions for discovery, and dozens of other motions filed that are designed to tie you up and run up your legal bills? And even if you do win a decision you have to collect which is another matter entirely.
    A bunch of words on paper isn't going to do much good for someone who may have trouble scraping together the $20,000 for the patent work, the $100,000+++ needed to sue a large corporation with a fleet of slick attorneys is going to be difficult to find.

    Don't just do something, stand there!

  • by coyote-san (38515) on Wednesday October 09, 2002 @03:40PM (#4418847)
    Or we can save him the effort and tell him what his "revolutionary" idea is, thus simultaneously providing proof of prior art (making the patent question moot) and that he needs to spend more time studying cryptology before his next big idea.

    The fact that he says it's "multiple use" and that it requires a "digital key" suggests that he's using the key as the seed for some crypto PRNG (e.g., you recursively encrypt your salt with your key as the password, then pull out some of the bytes to create your OTP. Put the random salt as the first few bytes of the cipher text and voila, instant multiuse OTPs. Not weak (not if you use a good crypto PRNG), but hardly an original thought that would not occur to the casual practitioner of
    the science.

    (There's also the pesky fact that most experts would consider this approach foolhardy. If you have a decent encryption routine, use it to encrypt the data directly. Crypto PRNGs are believed to be strong, but I don't know if this has been formally studied. There would well be an emergent property in the implementation that makes the PRNG highly predictable.)

    A refinement would involve recognizing that DSA keys actually have a 'generator' attribute, and you could use that to map your salt to a seemingly random sequence of values. It should be much more efficient than the recursive crypto approach, but again is hardly original since the very reason that these keys include generators is that they're used to efficiently generate ephemeral session keys via the same property.
  • Re:Easy. (Score:5, Insightful)

    by jovlinger (55075) on Wednesday October 09, 2002 @03:42PM (#4418866) Homepage
    I think schneier was the one to point out that we are all able to invent ciphers that we can't break ourselves. The good ciphers are the ones that can't be broken by others.
  • Re:Easy. (Score:3, Insightful)

    by flossie (135232) on Wednesday October 09, 2002 @04:09PM (#4419122) Homepage
    If the idea is good enough, it shouldn't be hard to find someone capable of funding the battle in exchange for a cut of the winnings - many lawyers are happy to do this if the case is strong enough. Obviously, the important thing here is to wait until someone has made a lot of money with the product and *then* sue.
  • Re:Easy. (Score:5, Insightful)

    by Bagheera (71311) on Wednesday October 09, 2002 @04:09PM (#4419125) Homepage Journal
    Looks like you've hit this one on the head. Crypto is a very conservative world and people don't adopt new algorythms untill they've been analyzed to death. Being unwilling to publish it makes me suspecious right from the start. Once it's published he'll at least have copyright protection and can worry about the patent later.

    We won't go into professional cryptologists opinions of amatures with "new and revolutionary ideas." (But some of the threads in the USENET crypto groups can be very enlightening on that count)

    To answer his specific question, I would say NO. Unless he plans to use some form of free license, there are far too many good, unencumbered, crypto systems out there already for it to be worth it to add yet another patented one. At least for implementations at the application level. If there's going to be money in it, it'll be made from a good implementation of the system.

  • by Viking Coder (102287) on Wednesday October 09, 2002 @04:15PM (#4419174)
    One Time Pad is current, secure, and well understood.
  • by Dirtside (91468) on Wednesday October 09, 2002 @04:15PM (#4419175) Journal
    Ah, I see. And you can prove that the "nine out of ten slashdotters" who complain about the abuse of the patent system, are in fact the same people that are suggesting he patent it now? That's the assertion you're making, but you haven't backed it up. Slashdot is a community of thousands of people, some of whom have opposing views, but you assume that because you saw two opposing things on the same website, it must be the same people. Your logic is truly astonishing.
  • by Anonymous Coward on Wednesday October 09, 2002 @04:19PM (#4419210)

    You have to be careful when you use the words Strong and Weak in the context of cryptography. When you say an algorithm is Strong or Weak you are not commenting on how well the crypto system works in the real world. You are saying that it is difficult to break.
    And this deal with multi-use pads seems fishy. Even if you took a random pad and shifted it after the first use, all an attacker would have to do is try all possible pad shifts on the cypher text. The point is that OTPs are completely invulnerable to brute force attacks. Reusing a pad, or even a portion of a has to make it possible to decrypt a message once the pad has been used enough.
    Therefor even if this multi-pad system would take 6 trillion years to crack it would still be a Weaker algorithm than the OTP.
  • by Johnboi Waltune (462501) on Wednesday October 09, 2002 @04:23PM (#4419249)
    Just go to the bank you do business with and get a $20,000 loan. If you have a decent credit rating, it should be no problem at all. You could also take out a loan against your 401(k), or even a home equity loan. Rates are great right now. The point is, there's no reason to involve a third party who has an interest in your invention, just to get the funds to patent it.
  • by Sun Tzu (41522) on Wednesday October 09, 2002 @04:32PM (#4419341) Homepage Journal
    ...which is close to zero -- until you elaborate a bit on step 3, above, just before '4. Profit.' or insert a new step 2.5. :) My symmetric encryption algorithm has the following characteristics:
    • Encrypts blocks of arbitrary size
    • Chains blocks by default (it should be possible to disable this. heck, I can't remember)
    • any bit changed in either the key or the encrypted block (let's make it 16K...) flips about 50% of the bits in the encrypted output
    • The key can be an arbitrary size with negligible effect on efficiency
    • It is very efficient since it was designed from the beginning based on computer operations natively implemented in integer processing units
    • It is very inefficient (are you still paying attention? :) ... in setting up the 'encryption engine -- the first byte en/decrypted takes a setup time proportional to the block size, but subsequent bytes are very fast to en/decrypt. The advantage of this is it makes brute force attacks with some future supercomputer much less efficient while having little slowing effect on the entire stream of data -- unless the data stream is very small, of course

    Sounds good for packet streams or disk blocks (with block chaining disabled), right?

    Well, it isn't. I am nobody in the encryption world. My algorithm hasn't been published and peer reviewed. And, even if I published it, it would hardly be taken seriously. No one would trust it. Therefore, noone would even waste their time analyzing it.

    I submitted a patent disclosure document, then I presented it to a security group at Novell.

    They weren't really interested for all of the reasons listed above and only looked at it because of a request from Ray Noorda. (it was a few years ago). I gradually began to realize the magnitude of the problem and shelved the project to work on my various hobbies [starshiptraders.com] and pasttimes [tfn.net]

    At least I can have some fun from them while not making any money. ;

  • Re:Easy. (Score:3, Insightful)

    by juraj (262352) on Wednesday October 09, 2002 @04:50PM (#4419486)
    You are not true. As you probably know, if you have read these books, One Time Pad is _provably_ unbreakable. If it has a mathematical proof, as he claims, no test of time is needed. It's proved, period. (the question is, if the proof is okay and each step would survive, but if it is, as he claims -- which _can_ be checked, it's the invention right here right now).


    There are lots of people claiming they have unbreakable encryption, but if they have correct mathematical proof, man, this would be invention!

  • Re:Easy. (Score:5, Insightful)

    by j7953 (457666) on Wednesday October 09, 2002 @05:24PM (#4419761)
    Being unwilling to publish it makes me suspecious right from the start.

    Huh? A patent is a method of publishing your invention, in fact, that is (or used to be) one of the points of the patent system: to make it profitable for people to share their inventions instead of keeping them secret. The idea of patents is, as your constitution puts it, "to promote the progress of science."

    Of course, this doesn't work if patents are granted on solutions that are obvious once you know the problem, but that is not the case here. (Assuming the cryptographic algorithm actually works, it is likely that it was not obvious.)

    Remember that RSA is a very successful cryptographic technology, despite being protected by a (now expired) patent.

  • Release it Freely (Score:3, Insightful)

    by kentborg (12732) on Wednesday October 09, 2002 @05:29PM (#4419789)
    Release it freely. If it is actually good (or can be made good), use it to become famous, and find employment on that fame. Don't bother spending money patenting it because that would be a waste of money.

    First, because there is no shortage of really good encryption available for free, you aren't going to be able to sell it.

    Second, because it doesn't work, there is no point in wasting money trying to patent something that is faulty.

    How do I know it doesn't work? Because nearly no one can design good cryptography, so chances are yours isn't any good either. And, yours is currently secret; secret cryptography is almost poor. Sure, you might be not be able to see how it is defective, but that only means it is tougher than your ability as a cryptanalyst. Good cryptanalysts are rare. You also seem to say that OTP is vulnerable to known-plaintext attacks, which as I understand it is simply false. A OTP has terrible key distribution problems and there are always attacks outside the strict domain of the encryption, but a one time pad is, if you define the problem as a narrow cryptographic problem, perfect. This makes me doubt your abilities.

    Sorry to be so harsh,

    -kb, the Kent who tries to know how much he doesn't know about cryptography.
  • by rknop (240417) on Wednesday October 09, 2002 @06:16PM (#4420139) Homepage

    Your description sounds like the classic descrption of what Bruce Schneider calls "snake oil". You have a great new encryption algorithm that you've been sitting on.... If you've been sitting on it, nobody knows if it's any good. The best cryptographers don't really know if their algorithm is really any good until lots of other cryptographers have had time to beat on it and test it. The only algorithms that anybody with any sense will use are ones that have been open, and for a long time, so that they can truly be scrutinized.

    So, in a word, it doesn't matter. I'd rather you didn't patent it, because software patents are generally evil anyway, and if the algorithm turns out to be useful for something, it could create headaches later. But, as far as cryptography goes, if it is truly as you describe, it's effectively worthless at the moment, and will continue to be so until lots of people have had a chance to see and work on the algorithm.

    -Rob

  • Another approach (Score:2, Insightful)

    by Dr. Blue (63477) on Wednesday October 09, 2002 @07:38PM (#4420576)
    OK, some people have said patent and license for free to non-commercial uses. There's a much safer approach that will save the inventor some money, although at the risk of some embarrassment:

    1) Time stamp a document containing your results. There are lots of ways of doing this, with either automated services (such as "Stamper" at http://www.itconsult.co.uk/stamper.htm), or just posting the document on Usenet.

    2) Tell someone else -- I'd suggest making a very public release on some forum. Incidentally, your write-up should say that you will apply for a patent. In the U.S. you have a year after publication to file for a patent.

    3) Submit to a conference, like CRYPTO.

    By publishing, you've established ownership so noone else can patent your technique later (because yours would now be "prior art"), and you can still patent if it holds up to scrutiny. But you also save yourself the patent fees if it doesn't.

    I'd be willing to put a little bit of money on a bet that the result would be that a weakness would be discovered. If by "perfectly unbreakable" you mean an infinite unicity distance, there are only two ways you can do that: use a random key (i.e., a one-time pad), or encrypt completely random data (which would be pretty useless). Anything else (yes, *anything* else) will have a finite unicity distance, and so cannot be claimed to be completely unbreakable.

  • Re:Easy. (Score:1, Insightful)

    by Anonymous Coward on Wednesday October 09, 2002 @08:23PM (#4420755)
    Hmm, I can picture this same argument 1000 years ago.. The world is the center of the universe! It's been proven! Anything else is impossible!

    -*Anything* is possible
  • by dilute (74234) on Wednesday October 09, 2002 @09:02PM (#4420936)
    'cause telling the public about your inbvention is a good way to prevent anyone, including you, from ever getting a patent on it!

    Basically, it's like shootin yourself in the foot.

    Seeking free legal advice on a public board is a really dumb idea, for about 19 different reasons.
  • Question of Morals (Score:2, Insightful)

    by pegasustonans (589396) on Wednesday October 09, 2002 @09:47PM (#4421164)
    I suppose what's really at issue here is a moral question. Is it better to serve the interests of free-speech and expression with no assured great profits or is it better to get those profits for the financial security of one's family at the probable loss of momentum towards greater freedom? Since I tend to lean towards the idealistic, I'd probably go with the open-source route believing that creating such a good foundation for greater freedom would certainly come back in many positive ways to both oneself and one's family. But just the same, it is a difficult decision and you deserve respect for your efforts no matter which route you take.
  • by DavidTC (10147) <slas45dxsvadiv,vadiv&neverbox,com> on Wednesday October 09, 2002 @10:49PM (#4421479) Homepage
    If it's actually a one time pad, posting files encrypted by it on Usenet won't prove anything. ;)You can just make up any key to match any file that size.

    Of course, 'it's a one time pad, but I'm using it more than once' is just idiotic on the face of it.

  • This is snake oil (Score:3, Insightful)

    by Dwonis (52652) on Wednesday October 09, 2002 @10:55PM (#4421503)
    The advantages are proof (i.e. unbreakable) against brute force attacks and known-plaintext attacks (unlike the OTP).

    If this guy thinks the known-plaintext "attack" to OTP is a problem, then he don't know what a OTP is.

    For those of you who don't know, every byte in a one-time pad is used to encrypt one and only one byte. Ever. If you know the plaintext and the ciphertext, you can derive the key, for that one byte, but that information is useless for every other byte in the ciphertext.

  • OTP is breakable? (Score:1, Insightful)

    by Anonymous Coward on Wednesday October 09, 2002 @11:01PM (#4421541)
    Not to troll--I am only a student and not real knowledgable about crypto--according to the _Handbook of Applied Cryptography_, a One Time Pad as long as the message space is theoretically unbreakable (for obvious reasons; the number of possible keys is equal the number of possible messages). So the OTP shouldnt be susceptible to a known plaintext attact if it is as long as the message space. If thats your invention... Not to quibble, but extraordinary claims require extraordinary evidence. S

  • by DavidTC (10147) <slas45dxsvadiv,vadiv&neverbox,com> on Thursday October 10, 2002 @01:01AM (#4422054) Homepage
    Proving you're smart in encryption shouldn't translate into proving you're smart in security matters.

    Bruce has proven he's smart in both, but I know a middling amount about security, and the only encyption stuff I completely understand is basic stuff like OTPs and how public/private keys function (Not now to code a program that uses them, mind you, just that you get two large primes and multiply them together, and one prime and the product together is the private key and the other is the public key.) and that a quick way to factor the product of two large primes would really suck for 75% of the encrpytion out there, though I've heard elliptic curve stuff doesn't rely on large primes and is safe.

    That almost literally is the sum of my knowledge. I couldn't tell you a damned thing about RSA4, or what that faily new theoretical attack on almost every encryption algorithm out there that I read recently in Counterpane.

    But at least I'm smart enough to know I'm incompetant in that area. ;)

    Meanwhile, I know enough about software security to write software that is free from security issues. (Note 'know enough' does not always translate into 'actually do'.) I'm not claiming tobe an expert, and some of the SE-Linux documentation shut my brain down, but I know how to setup a firewall and how to check for and fix a buffer overflow. But you could hand me a PGP message and a key and give me internet access (sans downloading PGP) and a day and I couldn't decode it, while I'm sure Bruce could.

    Encryption and security are not the same thing at all, anymore than cameras are real-world security. Real world security are cameras and security monitors and employeee screening and strong locks, and sometimes security guards and increasing complicated things.

    Encryption is 'just' a tool of computer security. (I put 'just' in quotes because encryption is nowhere near being a subset of computer security, encryption is probably more complicated than all other security issues put together.) Luckily, there are people out there who make encryption a drop in solution, so people who know about securing computers to not have to be math experts either. The experts can say 'this is not decodeable, you can send passwords over it' and we'll all nod and hope they know what they're talking about.

    Or, of course, we could all be Bruce, and know everything.

  • wait... (Score:4, Insightful)

    by Zemran (3101) on Thursday October 10, 2002 @03:04AM (#4422405) Homepage Journal
    The first thing the guy should have done is to post an encrypted article. So that people could try and prove him wrong. If he really had faith in his product he would allow people to attempt to crack it. The advantage of this is two fold. If he is right, and it is unbreakable, then he gets lots of free advertisement and if he is wrong he saves the cost of the patent.
  • The one-time pad (Score:2, Insightful)

    by comp.sci (557773) on Thursday October 10, 2002 @04:26AM (#4422537)
    The one time pad is the only 100% secure, mathematically proven form of encryption. (Not considering Quantum Crypto) The security of the one-time pad relies on the fact that it is used only ONCE.
    This is how it works in a perfect world: Take a random string, XOR it with your message (the plaintext) and transmit the result to your friend. To decrypt the message, your friend has to XOR the message he got again with the random string.

    There are two problems with that:

    We are not able to produce real randomness, we can only use cryptographically secure pseudo-random number generators but these are not perfectly random.

    The problem of transmitting the random string (the key). It has to be distributed in advance.

    If a message gets encrypted twice with the same key, it is highly vulnerable to a statistical attack and therefore nearly useless. Every few days, someone claims to have invented a perfectly secure cryptosystem and posts it on sci.crypt just to have it torn to pieces by them.
    To the "inventor" of this new system: If you really feel your algorithm is that strong, offer something about 10000$ to anyone who can break it. That way you can be sure it gets enough attention. This is common practice.

It's a poor workman who blames his tools.

Working...