What Would You Do With a New Form of Encryption? 868
Kip Knight asks: "I've been sitting on an invention for six months now. I'm debating whether to 'give it to the world' or patent it. I would obviously like to feed my family on the fruits of my endeavour but don't see much hope in the open source route. My invention improves upon the 80 year old One-Time Pad encryption turning it into a 'Many-Time Pad'. Since I haven't got my export license to speak about the details yet, I won't describe further. The advantages are proof (i.e. unbreakable) against brute force attacks and known-plaintext attacks (unlike the OTP). The disadvantage is carrying around a very large digital key (which could easily fit on one of those USB memory key fobs). My question is this: Could I sell enough $10 shareware GPG extensions to compensate for not locking in 20 years of patent protection (and the $20,000 to patent it)?" While the claims made by the submittor have yet to withstand the crucial test of time (and prying eyes), if you had developed a new form of encryption, what would you do?
Two recommended routes: (Score:1, Interesting)
- call USPTO and ask for assistance
- call NSA and ask for a job
'Many-Time Pad' (Score:4, Interesting)
I'd patent it (Score:2, Interesting)
let gpl programs use it for free,
charge commercial companies
best of both worlds
Careful what you say (Score:4, Interesting)
Eat your cake... (Score:4, Interesting)
Patenting the software will ensure that *YOU* get some of that dough, while ensuring that *YOU* decide how it is going to be used, and who will use it. If you do not patent it, chances are that someone else will figure out a way to patent something extremely similar to it, and then charge *YOU* to use your software.
If you need some help with the $20k, let me know. I am almost sure you can raise it by asking 1000
---
Children seldom misquote you. In fact, they usually repeat word for word what you shouldn't have said.
Re:Easy. (Score:5, Interesting)
I realize it's an up-front cost for patenting, but look at the alternative: someone stealing/adapting your invention and making the money that YOU could've had. Don't let that happen to you. And if it's really that good, there are services out there that will help you patent inventions, although I will admit to not being entirely familiar with them having never patented something myself.
Re:Well (Score:1, Interesting)
>>2. Sell to highest bidder.
>>3. ???
>>4. Profit.
Why do people keep doing this!? Step 2 is where the profit comes from!! There is no unknown step three here, Sell to highest bidder == profit
Sorry, I think I've finally cracked from all the Step 123 and beowulf posts.
Re:Easy. (Score:3, Interesting)
Re:Why patent? (Score:3, Interesting)
But I don't think your comment really relates to the actual question he asked: do I patent [thing x] and hope to make enough money in a commercial world, or do I release shareware plugins?
frob.
Does he know what he's talking about? (Score:2, Interesting)
Get a *provisional* patent (Score:5, Interesting)
A provisional patent costs $85, and you don't need a lawyer. It essentially keeps your patent claim alive for one year, and establishes a filing date, allowing you to disclose the invention without (as much) fear of losing your rights.
Once you assess it's commercial viability, you can decide on the >$10k formal patent.
I've done this many times. It's definitely the way to go.
Re:learn to play the patent game (Score:4, Interesting)
Re:Here's a quote... (Score:2, Interesting)
The proof is all there, in the question about personal privacy: Bruce Schneier is Osama Bin Laden! Oh yeah, and George W is involved too (the whole evildoers connection).
Re:learn to play the patent game (Score:2, Interesting)
into a 1-20gig file
then he uses the cd key (a 700meg key file) to decrypt the data, and retrives the 5meg original file
so I don't think he'd go the usenet route because I believe his encrpytion makes the file to large.
Basic Misunderstanding (Score:4, Interesting)
Encryption is the ability to spread a limited source of entropy over a broad amount of data. The One Time Pad simply recognizes that if you have equal amounts of entropy and data then you don't need a very good mixing algorithm; just XOR the data with the pad and voila, the data becomes unreadable.
The challenge of good algorithms is to limit the amount of entropy needed to generate unreadable text to as small a size as possible. Typical algorithms in use today will by changing a single bit in the key, ultimately flip about 50% of the encrypted output. Half of the bits is optimum. Fewer and your entropy isn't getting mixed in very well. More and your bit is just inverting the data.
If you really want to contribute to the world of cryptography, don't bother with encryption algorithms. The ones we have are quite good. Honestly. Instead you should try to figure out a new use for the basic operations in cryptography. We know how to protect content, add signatures, authenticate content, and do non-repudiation. We can encrypt for a small number of readers each with his own key, or for broadcast, we can build webs of trust, and hierarchies. Come up with a new use that makes as much business sense as digital signatures and you'll have something worth patenting.
Re:Easy. (Score:3, Interesting)
Try a patent SEARCH first... (Score:3, Interesting)
Various entities create one-time pads based on cosmic waves or the behavior of radioactive items. They then produce a large pad and then re-use for a specified number of times by manipulating it with various algorithims. The algorithms are sent in a seperate one-time pad.
All of the major ideas in encyrption have existed for decades or centuries. Future advances will come algorithms that deliver degrees of randomness. Future flaws encyptions will come from subtle errors in those algorithims.
Re:Hehehehe (Score:2, Interesting)
The standard disclaimer is that yes, a OTP -is- unbreakable. So the obvious solution is to create a secured connection with the OTP, then rotate in new pads through the transmission channel, replacing the pads at every transaction. You also need to make the pad sizes randomly variable. This should work, but you'd better have good ack/nak or once the pads get out of sync, you are hosed. Of course you could then create an algorithm for dropping-back to previously used pads until your clients regain sync, but that would be risky.
You also need to make sure your clients have good random number generators on each end. So you might create USB keychain drives with random number electronics that monitor weather conditions, magnetic direction, sound, etc, plus a user selected user input XOR seed.
The upshot of all this work would be that your session would slow considerably. The methods of securing connections are inversely proportional to the bandwidth required.
Rod
Re:If you want to make money, patent it (Score:2, Interesting)
Re:Easy. (Score:1, Interesting)
Note that when an individual patents, Slashdotters are happy. When a corporation patents, Slashdotters are unhappy. If an individual forms a corporation, he goes from good to bad. Slashdot logic. Kinda makes you wonder if all the business-bashers work for non-profits or are just hypocrites.
Re:Easy. (Score:3, Interesting)
So only patent software if you believe that software isn't abstract mathematics which means that you fundamentally don't understand mathematics which means that there really isn't any way in which you could "promote the progress of the science and useful art" of mathematics, which means you really can't get a patent anyway since you don't understand the underlying subject matter.
Unless you don't care and you're willing to lie to the government to get something you really shouldn't have. Then all bets are off. It's a good thing corporations and people don't lie to try to make money.
This Is Not A New Method or Technique (Score:2, Interesting)
Re:Get the patent... (Score:3, Interesting)
On the other hand if you don't have it they may well just patent it and sue you anyway
And people wonder why western business is going down the toilet.
I have a much better suggestion, license it to someone cheap and use the money to train as a patent lawyer. There is no other future
a much more interesting question (Score:3, Interesting)
The only reasonable action I could think of is to anonymously (through a dozen anonymous remailers) email a description of the algorithm to Bruce Schneier, entrusting him to proceed with this knowledge in whatever way he finds most prudent. I surely wouldn't want to be associated with the discovery and the calamity that would follow, and somehow I feel like Bruce Scheier could be trusted to act responsibly and intelligently.
Re:a much more interesting question (Score:3, Interesting)
Re:Easy. (Score:5, Interesting)
The advantages are proof (i.e. unbreakable) against brute force attacks and known-plaintext attacks (unlike the OTP).
Which implies that the OTP is insecure with known-plaintext, or by brute-forcing, which is untrue for any correctly used OTP. So, either Kip Knight didn't express very well what he meant, or he is not as well versed in cryptography as he should be.
In any case, the proof is in the pudding. I remain skeptical of the claims.
Re:Easy. (Score:3, Interesting)
the problem with otp's isn't that they're breakable, it's the key distribution problem, a subset of the chicken and the egg problem.
Re:Easy. (Score:4, Interesting)
If you're an experienced cryptologist, chances are you already know the chances your algorythm has of withstanding attack and analysis. But then you'd also have a good idea whether it was worth patenting - or the company you're working for will make the decision on whether or not to patent it.
And yes, RSA is a highly successful algorythm - created by three of the finest cryptologists in the business. It was patent protected, but had a reasonable license model for application development. If it hadn't, and hadn't been created by folks with a known track record, it wouldn't have gotten anywhere near as far.
I don't mean to put the original poster down at all here (being an amature (very amature) cryptologist myself) but if he's asking
WORF (Score:1, Interesting)
Re:Easy. (Score:4, Interesting)
Patenting it is useless (Score:3, Interesting)
Aside from the fact that the claim is incredible...
As other posters point out, everyone can develop their own ciphers that they think is unbreakable. It's not until massive peer review for many years before they become trusted as unbreakable, and thusly become of any value.
Attempting to patent a cipher before this is a waste of money, and patenting it after peer review is likely impossible.
Put it out for public scrutiny. At least you'll hold the copyright on the reference implementation and be recognized as the inventor, and don't blow $20,000+ just to have someone tell you your cipher is bogus/duplicate/pathetic. :)