What Would You Do With a New Form of Encryption? 868
Kip Knight asks: "I've been sitting on an invention for six months now. I'm debating whether to 'give it to the world' or patent it. I would obviously like to feed my family on the fruits of my endeavour but don't see much hope in the open source route. My invention improves upon the 80 year old One-Time Pad encryption turning it into a 'Many-Time Pad'. Since I haven't got my export license to speak about the details yet, I won't describe further. The advantages are proof (i.e. unbreakable) against brute force attacks and known-plaintext attacks (unlike the OTP). The disadvantage is carrying around a very large digital key (which could easily fit on one of those USB memory key fobs). My question is this: Could I sell enough $10 shareware GPG extensions to compensate for not locking in 20 years of patent protection (and the $20,000 to patent it)?" While the claims made by the submittor have yet to withstand the crucial test of time (and prying eyes), if you had developed a new form of encryption, what would you do?
Easy. (Score:5, Insightful)
Re:Easy. (Score:4, Funny)
Re:Easy. (Score:5, Funny)
What, they ran out of monkeys and had to go lower on the evolutionary ladder?
Re:Easy. (Score:5, Insightful)
Re:Easy. (Score:4, Informative)
Before you go to a lawyer, start an invention journal, document your invention, document how you thought up of the invention, and have two trusted friends read/understand/sign/date every page of it. If the need arises, those two friends of yours have to be credible in a court of law, so don't ask your girlfriend or your family to do this. Then you can go to a lawyer to ask for further advice.
PGP Timestamping Service (Score:5, Informative)
Well, since this is crypto related, I think an even better way would be to use the PGP Timestamping Service [itconsult.co.uk].
It has several different modes, but basically you just encrypt your ideas, send an email to the timestamper with the encrypted files and it will sign the file, and the signature will contain a timestamp and a serial number.
The signatures are available on a daily basis and are posted weekly at alt.security.pgp for all the world to see.
Re:Easy. (Score:5, Informative)
The reason it's a myth is that it's perfectly possible to mail yourself an open envelope. Do that a few times when you're 18, wait ten years, and seal them up with a decade of inventions, make a billion dollars.
But there's nothing wrong with the theory, and there are plenty of ways to do something similiar. For example, banks keep track of when people access safe deposit boxes, so you could just rent one of those and stick it in there.
Actually, banks probably provide a service of this exact type.
Of course, the only reason this would matter is if someone steals your invention. If they invent it independently, you gain nothing at all. they've patented your invention, and it doesn't even count as prior art. (It has to be published to be that.)
But the whole thing's stupid. By defination you can't reuse one time pads, so I'm not sure how this even got on slashdot.
Re:Easy. (Score:4, Interesting)
Re:Easy. (Score:5, Insightful)
A bunch of words on paper isn't going to do much good for someone who may have trouble scraping together the $20,000 for the patent work, the $100,000+++ needed to sue a large corporation with a fleet of slick attorneys is going to be difficult to find.
Don't just do something, stand there!
No Lawyers/Rich Businessmen Required (Score:5, Insightful)
Re:Easy. (Score:4, Informative)
I agree, patent the algorithm. Some useful things to remember:
US$20,000 is the initial cost of patenting your algorithm. It may cost upwards of US$1 million to defend it in courts if people piss all over you.
Also, NDA's are hardly ever enforceable. It's best to use a trusted friend or family member if available (we should all be so lucky).
The angel investing approach to funding the patent may work, but you'll probably have to give up a percentage of the proceeds.
Good luck. I hope you're successful!
Re:Easy. (Score:5, Interesting)
I realize it's an up-front cost for patenting, but look at the alternative: someone stealing/adapting your invention and making the money that YOU could've had. Don't let that happen to you. And if it's really that good, there are services out there that will help you patent inventions, although I will admit to not being entirely familiar with them having never patented something myself.
learn to play the patent game (Score:3, Insightful)
It doesn't matter if you intend to make a product or wait until someone else uses your best kept secret. If you plan to ramp up a production line to pump out your products and are sued by someone who finally does (and will) get a patent on your idea, just show them the evidence. Rather than having their patent nullified due to prior art, they will give you cash to shut up. Same if someone else makes it and they happened to patent it. Threaten to sell your prior art to others. Hush money will come your way (or someone will come over to fit you with a pair of concrete shoes.)
You can be assured this will happen. The introduction of new technology makes new obvious things possible. Its a race with time. Better put the cards in your pocket and hide them until the dealer has a lot of cash on the table.
Re:learn to play the patent game (Score:3, Informative)
Re:learn to play the patent game (Score:5, Informative)
But Certified mail is.
Re:learn to play the patent game (Score:3, Insightful)
Preface: IANAL
Mailing to yourself does not hold up in court as a substitute for a notary. You could always mail yourself an empty, unsealed envelope then fill it with documents at a later date.
Document everything and get it notarized.
Re:learn to play the patent game (Score:5, Funny)
Re:learn to play the patent game (Score:4, Interesting)
Re:learn to play the patent game (Score:5, Informative)
That's a complete myth. Just think about how easy it would be to mail yourself an unsealed envelope and place your documents in later.
From http://www.forbes.com/asap/2002/0624/066sidebar.h
But don't mail your idea to yourself hoping that the postmark will prove the date you came up with the idea. This oft-tried strategy is filled with legal holes. Instead, file a $10 USPTO disclosure document (see www.uspto.gov/web/offices/pac/disdo.html [uspto.gov]).
From http://www.bpmlegal.com/patqa.html#10 [bpmlegal.com]
Can I protect myself by sealing a description of my invention in an envelope and mailing it to myself?
The mythical "postmark patent" offers no protection whatsoever. Having someone sign your written description as a witness would accomplish the same thing - documenting your date of conception of the idea. You might find our Invention Disclosure Form to be helpful in preparing a detailed written description. It doesn't provide any protection, either, but it will help you get your thoughts in order when you contact a patent attorney (our firm, we hope), and you'll save the 37 cents it would cost to mail it to yourself.
Re:Easy. (Score:5, Insightful)
Hint: Encryption systems only become revolutionary after they've been in the public domain for 5-10 years. Even then, they won't get used if there's a patent attached.
One-time pad? Bull. Crypto inventions come at a rate of one every 5 years, and the next one due is quantum cryptography. Think the idea is so smart it's better than quantum? Even claiming it's comparable to elliptic-curve crypto is one hell of a claim, and not something to be believed until it's published in a journal. Several times. And reviewed by people we've heard of. Even then, we won't believe it's unbreakable until the inventor has been imprisoned by the FBI for publishing it.
Nevermind the patent issue: there's a common-sense issue to be solved first. Thousands of crackpots a year come up with unbreakable [by them] encryption; having a patent doesn't make it any less snake-oil.
*Clues to be found in:
Book: Applied cryptography
Book: Secrets and Lies
Article: Phil Zimmerman's writings on the PGP page
Helpfile: PGP helpfile
Re:Easy. (Score:5, Insightful)
Re:Easy. (Score:5, Insightful)
We won't go into professional cryptologists opinions of amatures with "new and revolutionary ideas." (But some of the threads in the USENET crypto groups can be very enlightening on that count)
To answer his specific question, I would say NO. Unless he plans to use some form of free license, there are far too many good, unencumbered, crypto systems out there already for it to be worth it to add yet another patented one. At least for implementations at the application level. If there's going to be money in it, it'll be made from a good implementation of the system.
Re:Easy. (Score:5, Insightful)
Huh? A patent is a method of publishing your invention, in fact, that is (or used to be) one of the points of the patent system: to make it profitable for people to share their inventions instead of keeping them secret. The idea of patents is, as your constitution puts it, "to promote the progress of science."
Of course, this doesn't work if patents are granted on solutions that are obvious once you know the problem, but that is not the case here. (Assuming the cryptographic algorithm actually works, it is likely that it was not obvious.)
Remember that RSA is a very successful cryptographic technology, despite being protected by a (now expired) patent.
Re:Easy. (Score:4, Interesting)
If you're an experienced cryptologist, chances are you already know the chances your algorythm has of withstanding attack and analysis. But then you'd also have a good idea whether it was worth patenting - or the company you're working for will make the decision on whether or not to patent it.
And yes, RSA is a highly successful algorythm - created by three of the finest cryptologists in the business. It was patent protected, but had a reasonable license model for application development. If it hadn't, and hadn't been created by folks with a known track record, it wouldn't have gotten anywhere near as far.
I don't mean to put the original poster down at all here (being an amature (very amature) cryptologist myself) but if he's asking
Re:Easy. (Score:5, Informative)
That is true.
With OTP the size of the key and message are identical, and has been proven unconditionally secure. It has also been proven that no encryption with more bits of message than key can ever be unconditionally secure. This means that any cryptosystem with a many time pad or a pseudo random OTP is less secure than a real OTP.
In other words what this guy claims to have invented was proven impossible a long time ago. I find it hard to believe people when they claim to have done the impossible.
Re:Easy. (Score:5, Interesting)
The advantages are proof (i.e. unbreakable) against brute force attacks and known-plaintext attacks (unlike the OTP).
Which implies that the OTP is insecure with known-plaintext, or by brute-forcing, which is untrue for any correctly used OTP. So, either Kip Knight didn't express very well what he meant, or he is not as well versed in cryptography as he should be.
In any case, the proof is in the pudding. I remain skeptical of the claims.
Re:Easy. (Score:4, Funny)
Even simpler than using an OTP, just distribute your message using whatever secure means you used to distribute your OTP. Patent office, here I come!
Re:Easy. (Score:4, Funny)
Patent it, allow people to use it for free, once it becomes a worldwide standard, change your license terms to demand royalties from everyone using it.
Ethically and morally repugnant, but it makes a few bucks...
Re:Easy. (Score:3, Interesting)
Re:Easy. (Score:3, Insightful)
Sigh, do people even *try* to think these days? (Score:5, Insightful)
You might want to actually read the GPL some day, It says right in the preamble you don't have to accept the terms of the GPL if you want to run it, but if you don't you have no right to distribute the software.
Microsoft seems to believe they can force stipulations that wouldn't normally even hold up in a cort of law on anyone who clicks 'next'
Re:Easy. (Score:5, Insightful)
i wouldn't say that the general thinking is that all patents are bad, but frivolous patents on things that aren't patent-worthy (like Amazon's "One-Click Shopping") are certainly bad.
Patents are meant to protect individual inventors' inventions from being ripped off. Instead, many companies try to patent everything (even things that are common and that they didn't "invent", for instance if/when eBay tries to patent "online auctions" ) and then use their squads of lawyers to go out and try to slow down, fine or destroy any company that develops any products that bear any resemblance as a means of intimindation via multi-million dollar lawsuits.
Patents should be used as a means of defense, not offense.
Re:Easy. (Score:5, Insightful)
Reality? Whether or not Patents are evil is debatable, but whether or not you need a patent to maintain ownership of your intellectual property isn't.
His algorithm is probably worth the same as mine.. (Score:4, Insightful)
Sounds good for packet streams or disk blocks (with block chaining disabled), right?
Well, it isn't. I am nobody in the encryption world. My algorithm hasn't been published and peer reviewed. And, even if I published it, it would hardly be taken seriously. No one would trust it. Therefore, noone would even waste their time analyzing it.
I submitted a patent disclosure document, then I presented it to a security group at Novell.
They weren't really interested for all of the reasons listed above and only looked at it because of a request from Ray Noorda. (it was a few years ago). I gradually began to realize the magnitude of the problem and shelved the project to work on my various hobbies [starshiptraders.com] and pasttimes [tfn.net]
At least I can have some fun from them while not making any money. ;
wait... (Score:4, Insightful)
If you want to make money, patent it (Score:5, Insightful)
Note, however, that the claims made by the submittor is basically a laundry list of the kinds of claims that makes seasoned cryptographers go "oh no, not again."
Re:If you want to make money, patent it (Score:5, Insightful)
To all of the people with new cryptosystems - with all due respect - we now have really good, well understood cyphering methods up to a level where the failure in security won't be from the method of encryption. Key exchange could be improved, but actual symmetric cypher methods aren't going to revolutionize things anymore. We can always use better, and people will continue to look for flaws (as in Rijndael) but none of this is big time.
Re:If you want to make money, patent it (Score:5, Informative)
Note, however, that the claims made by the submittor is basically a laundry list of the kinds of claims that makes seasoned cryptographers go "oh no, not again."
No kidding. Read sci.crypt for a while, and you'll see any number of "revolutionary" encryption schemes, most of which are obviously junk invented by naive crypographer-wannabes. (Note: I'm not a cryptographer, nor do I play one on TV.)
At least the submitter understands that OTP only works if you have a big chunk of shared secret data to use as a pad. However, his mention that OTP is vulnerable to chosen-plaintext attacks makes me think that he's just another crackpot. Think about it--you use the random bits in the OTP only once, and they contain no information about future bits in the pad. Thus, OTP is 100% resistant to chosen plaintext.
My advice: DON'T BOTHER SPENDING ANY MONEY ON PATENTING THIS!!! If you decide that I'm full of it, at least do some serious study into cryptography before giving a dime to a patent lawyer.
Re:If you want to make money, patent it (Score:5, Insightful)
Re:If you want to make money, patent it (Score:5, Informative)
analog to inventing a perpetual motion machine.
Not only is the true one-time-pad proven to provide perfect secrecy, we
can also prove that no system that uses less key material can provide
perfect secrecy (at least not for arbitrary plaintext languages).
The results are found in the first half of Claude Shannon's seminal and
quite readable paper:
"Communication Theory of Secrecy Systems", Bell System Technical
Journal, vol.28-4, page 656--715, 1949.
which is available on-line, see:
http://www.cs.ucla.edu/~jkong/research/security
Also, the "known plaintext" weakness of the OTP is a myth. The idea is
that an attacker who knows the plaintext can compute the ciphertext of
any message he chooses, and substitute it for the intended ciphertext.
But the classic OTP is a secrecy system, and attacks on authentication
are irrelevant to its function.
We can, incidentally, also obtain provable authentication, and this also
requires use of one-time keys. Look up "universal hashing" for further
info.
--
--Bryan Olson
Cryptologic Engineer, Certicom Corp
Re:If you want to make money, patent it (Score:5, Insightful)
The fact that he says it's "multiple use" and that it requires a "digital key" suggests that he's using the key as the seed for some crypto PRNG (e.g., you recursively encrypt your salt with your key as the password, then pull out some of the bytes to create your OTP. Put the random salt as the first few bytes of the cipher text and voila, instant multiuse OTPs. Not weak (not if you use a good crypto PRNG), but hardly an original thought that would not occur to the casual practitioner of
the science.
(There's also the pesky fact that most experts would consider this approach foolhardy. If you have a decent encryption routine, use it to encrypt the data directly. Crypto PRNGs are believed to be strong, but I don't know if this has been formally studied. There would well be an emergent property in the implementation that makes the PRNG highly predictable.)
A refinement would involve recognizing that DSA keys actually have a 'generator' attribute, and you could use that to map your salt to a seemingly random sequence of values. It should be much more efficient than the recursive crypto approach, but again is hardly original since the very reason that these keys include generators is that they're used to efficiently generate ephemeral session keys via the same property.
Re:If you want to make money, patent it (Score:3, Insightful)
I'm reasonably decent at math. Actually, I'm modest. I'm really, really, really fucking good at math. I can't see any reason the encryption method you describe would be "weak". I certainly don't see any "obvious" reasons.
Would you please elaborate on these obvious reasons?
Re:If you want to make money, patent it (Score:3, Insightful)
If I had to guess, this guy came up with something like, "Each time you use the OTP, start at the next bit" so that it's like having a bunch of OTP keys, but in one place. I'm guessing whatever scheme he came up with either has already been invented, or is also critically flawed.
Re:If you want to make money, patent it (Score:5, Funny)
He didn't say 'incredibly weak.'
Rather, he said 'incredibly week.'
How can something be week (a calendar unit) rather than a week? While sometimes nouns are used as adverbs, extending the meaning. The most likely meaning for the adverb week, would be: having to do with a week, or weeks. And since our names for the week-days come from ancient gods, he was probably likening the one time pad to the unbeatable thunder god Thor.
Thor, of course, would be totally unbreakable.
For someone to see all this instantly--and then call it obvious--means that he is on a level of genius that our puny mathematical brains cannot possibly understand--nor should we try to.
(Mathematics is simply the art of finding equivalent statements. Psycho-analyze all the word problems and you're guareenteed at least D--so build from there.)
Get the patent... (Score:5, Informative)
What Would You Do With a New Form of Encryption? (Score:3, Insightful)
Patent it... (Score:5, Funny)
The same thing I do every day... (Score:5, Funny)
Feed the Family (Score:5, Insightful)
Not everyone who comes up with such a proven idea is a software developer, and they may not be able to live off of creating cutting edge software or maintaining said software for a living. The bazaar method doesn't apply to theory.
Too late (Score:4, Funny)
Butt is a prior art, iirc.
Re:Too late (Score:3, Funny)
Actually, there is also prior art for that method:
The way your dad looked at it, this watch was your birthright. He'd be damned if any of the slopes were gonna get their greasy yellow hands on his boy's birthright. So he hid it in the one place he knew he could hide something: his ass. Five long years, he wore this watch up his ass. Then when he died of dysentery, he gave me the watch. I hid this uncomfortable piece of metal up my ass for two years. Then, after seven years, I was sent home to my family. And now, little man, I give the watch to you.
So, you see, the "watch up the ass" was clearly documented prior to Mr. Walken placing the watch up his own ass, predating Mr. Walken's use of said method by five years.
However, given the circumstances, it is quite likely that a verbal agreement was reached for patent cross-licensing, allowing Mr. Walken full rights to said method in an enterprise environment.
Hehehehe (Score:5, Insightful)
"many-time" otp are quite nonsense. See the problem is people think that good ciphers can have security approaching the OTP. The OTP is an absolutely different type of security.
For instance, *no* ammount of time is sufficient to break an OTP without the key. Whereas a block cipher can be broken at least in theory.
I'd suggest to the original poster that he try to get his design published. When it gets horribly broken it will serve as a learning experience as how "not" to approach science.
Tom
Re:Hehehehe (Score:5, Informative)
It can't be 'unbreakable' under the normal definition of the word. It's impossible because truly unbreakable crypto requires a key that contains at least as much information as the plaintext, and a 'many-time pad' does not satisfy this precondition.
It would seem to me that this simple observation disproves his claim without even knowing his algorithm.
Re:Hehehehe (Score:5, Insightful)
Indeed.
I seriously doubt the guy has looked at this from all angles or considered how it would be implemented digitally. Some ideas that seem really good on paper break down when you get to the nuts and bolts of how to do it with bits and bytes. Considering the guy's tendency to throw around OTP and, gag, "many-time pad," I don't see a lot of familarity with the way these terms are percieved by the lay crypto.
Still, if he's got that much faith in it, patent it, or write it up and copyright the description (not really ironclad, but it could get a settlement if OmniCorp steals the idea). I think the only reason the guy is asking about rather than just doing it is because he fully expects it to be broken shortly after going public and all the costs of filing a patent going to waste.
Considering he says it's invulnerable to known plaintext attack he could post some plaintext and ciphertext for people to whack at for a while. It might just be security through obscurity if no one breaks it, but it could also illustrate that while he's so busy looking at ways to break the algorithm he's too close to see he's taking the long route around a much more straightforward (and trivial) transform.
Posting ciphertext and plaintext and inviting people to attack it should keep the encryption method safe if it's as secure as he thinks it is. If some reverse engineers the algorithm (or an equivalent) it will show it wasn't worth patenting in the first place (or that it's already been patented).
Re:Hehehehe (Score:5, Informative)
I'm going home now...
Do Nothing (Score:5, Funny)
That would be the best encryption you can have. The one only you know about.
Re:Do Nothing (Score:5, Insightful)
Re:Do Nothing (Score:3, Insightful)
Your first job: Air it out to the crypto community (Score:5, Insightful)
Plus no self-respecting paranoid freak is ever going to use a new cipher that hasn't had any time in the spotlight. Release it to the field and ask for comments.
'Many-Time Pad' (Score:4, Interesting)
99.9 percent sure (Score:5, Insightful)
And then someone with a decoder ring will crack that puppy wide open.
Yawn. Snake oil.
Re:99.9 percent sure (Score:3, Insightful)
It does! It tells me that you are either:
a) A techno-bigot
b) A 13 year old who lacks in social skills
c) An overweight 42 year old who lives in his mother's basement and spells "Microsoft" as "Micro$oft" (all credit to Gabe and Tycho)
or
d) A cynical idiot who doesn't really have anything constructive to add to the discussion.
(note: D can be used in conjuction with any of the previous choices)
Well (Score:5, Funny)
(sound of pitter-pattering many greedy feet scurrying to the nearest PTO)
Second:
1. Patent new encryption algorithm.
2. Sell to highest bidder.
3. ???
4. Profit.
Ah well, you could always be more philanthrophic than me, and support FSF, but hell, I'm just a capitalist at heart.
Support Slashdot with it (Score:5, Funny)
You don't lose control when you patent it. (Score:5, Informative)
I say patent it and then decide based on what offers you get. Once you patent it you can shop around for people to license it to. You can define the terms of the license (3 years and then you can offer it as GPL or NOT)
Don't be a fool, its your blood and sweat, you deserve to own it.
I was in the same situation; here's what I did (Score:5, Funny)
SKLJ4H9sdflkjh48B3498HW4IFN4IN8
OKDNJ48458DI4.SL4993;W5497GKH48
2HCB4KBHS843,JNS,JH43872B34JYB4
ZMNB48lkjh48BB4JHG8cbhbj8675309
Re:I was in the same situation; here's what I did (Score:3, Funny)
And... (Score:3, Funny)
Re:I was in the same situation; here's what I did (Score:3, Funny)
SKLJ4H9sdflkjh48B3498HW4IFN4IN8
OKDNJ48458DI4.SL4993;W5497GKH48
2HCB4KBHS843,JNS,JH43872B34JYB4
ZMNB48lkjh48BB4JHG8cbhbj8675309
How dare you insult my mother like that!
Re:I was in the same situation; here's what I did (Score:5, Funny)
Don't
SKLJ4H9sdflkjh48B3498HW4IFN4IN8
Forget
OKDNJ48458DI4.SL4993;W5497GKH48
To Drink
2HCB4KBHS843,JNS,JH43872B34JYB4
Your
ZMNB48lkjh48BB4JHG8cbhbj8675309
Ovaltine.
A commercial? What a gip!
I fail to see an issue. (Score:3, Insightful)
Careful what you say (Score:4, Interesting)
Patent it. Then license it. (Score:3, Informative)
Patent:
A grant made by a government that confers upon the creator of an invention the sole right to make, use, and sell that invention for a set period of time.
License:
Official or legal permission to do or own a specified thing. See Synonyms at permission.
I would patent it, then license it. It could be licensed for free use to non-profit groups, and governments could be required to pay a yearly sum.
But that sounds almost too easy to me :)
Is it worth patenting? (Score:5, Insightful)
The US is a first-to-invent not a first-to-patent country, so make sure you have a hardcopy of your invention description dated and notarized.
Then let some Net crypto people beat on your idea, make sure you say "Patent Pending."
If it holds up, you should easily be able to raise the money to get it patented properly. (Actually, if so, email me, I may know a few investors)
Judging from your description, I'd say your invention has a high probability of not truly doing what you think it does. Developing novel and useful cryptographic technology is a rare occurance, generally done by people who have a ton of experience in the area. No point in wasting money if it won't stand up to 30 minutes in sci.crypt
Re:Is it worth patenting? (Score:3, Informative)
Mathematically impossible (Score:5, Insightful)
Information theory proves that the One-Time Pad (OTP) is optimal - it cannot be improved.
The advantages are proof (i.e. unbreakable) against brute force attacks and known-plaintext attacks (unlike the OTP).
The OTP has no known-plaintext vulnerability. By submitting even a chosen plaintext to be encrypted, and studying the encrypted message, you only learn the piece of the One-Time pad used on your own content. It does not help you break any other part of any other message.
The only way to break a OTP is to get a copy the pad or by breaking the random number generator used to create the pad.
This post's claim is the usual nonsense. So patent it if you wish - release it if you wish - I doubt anyone will find it usable.
Re:Mathematically impossible (Score:3, Informative)
That is not correct. Information theory proves that one-time pad is unbreakable. Optimality, on the other hand, is a whole other thing. For one you have to specify what you are measuring: Security? Easyness of operation? Ability to distribute keys easily (like PKC)?
Many people think PKC is best because key distribution is a lot simpler than for most other encryption schemes.
Re:Mathematically impossible (Score:5, Insightful)
Sorry, I can't let that one pass -
Information theory doesn't prove anything of the sort.
OTP are provably unbreakable in one, limited sense.
There's plenty of room for improvement in all the other senses however.
Not true.
The traditional XOR - OTP is vulnerable to a man-in-the-middle active change attack.
Picture a bank deposit protected with an XOR OTP.
The MitM XORs the account number of the victim with (victim's account number ^ MitM's account number)
At least we agree on something.
- this is not a
Here's a quote... (Score:5, Insightful)
Who said it? Bruce Schneier, one of the current gurus of crypto. Where did he say it? Here on Slashdot [slashdot.org]
The whole article is worth a read.
My perspective is that I seriously doubt your claims. Until there is strong peer review of your entire cryptosystem from top to bottom, I won't touch it. Unless it solves some problem with other cryptosystems already in use, the market won't touch it. If you can these two objections then you might have a shot at some money. Otherwise...
Not commercially lucrative (Score:3, Insightful)
There are tons of symmetric encryption methods ranging from patented to totally free. They all have the property of being effectively unbreakable with decent keysizes. Unlike your proposed method, they dont require ridiculously large keysizes. I really dont see the commercial potential, or even the potential for significant non-commercial use.
The method you describe would actually have significant *disadvantages*, such as being ill-suited for use with asymmetric cyphers.
The advantages are proof (i.e. unbreakable) against brute force attacks and known-plaintext attacks (unlike the OTP).
I dont see how a one time pad wouldnt have these properties. Note that the name is One Time Pad, so if you reuse the pad, its not one time anymore.
Eat your cake... (Score:4, Interesting)
Patenting the software will ensure that *YOU* get some of that dough, while ensuring that *YOU* decide how it is going to be used, and who will use it. If you do not patent it, chances are that someone else will figure out a way to patent something extremely similar to it, and then charge *YOU* to use your software.
If you need some help with the $20k, let me know. I am almost sure you can raise it by asking 1000
---
Children seldom misquote you. In fact, they usually repeat word for word what you shouldn't have said.
The first thing (Score:4, Funny)
Some suggestions... (Score:3, Insightful)
2. Pay said expert a fee to examine your system and comment on its merit.
3. If your system has potential but needs adjustment, repeat #1 and #2 as necessary, if possible with different experts (within the limits of your financial resources, of course).
4. If you are still convinced that your system is worthy, hire a patent lawyer and patent it.
5. Don't try to sell it on your own. Instead, try selling it to an encryption firm or software distributor, using the expert opinions from #1 and #2 to bolster your sales pitch.
6. If you find a buyer, try to license your encryption system rather then sell it outright.
7.
8. Profit!
What to do first? (Score:3, Informative)
- Talk to a lawyer and tell him that you have an idea. If it REALLY IS a good idea, the small investment in a good IP lawyer at that point is a good thing.
The idea still needs community work and approval, but you still want to retain ownership should the idea succeed. He should advise you that a patent is a bad idea at that point, a better idea would be one of many publication or trade secret options.
- Talk with the community. Post everything about it to all the crypto newsgroups. Get the routines published in the proper community forums and conferences. If it is good enough it will make it into any of the IEEE or ACM conferences. Encourage feedback. That cannot be stressed enough. ANY GOOD SECURITY MECHINISM, PATENTED OR PUBLIC, MUST HAVE ALL ITS PARTS STUDIED CAREFULLY BY EXPERTS. There is no way around that.
- Write and publish the extensions. Write the GPG extension, and extensions for the Windows shell, and Outlook, and Eudora, and Pegasus, and everything else. If it doesn't get adopted it won't matter if you patent it since it won't get used.
- If at the end of the year it looks profitable, patent it. Your lawyer should have told you that also. If you know that it won't be possible to recoup the money, don't do it.
So that should answer the original question: "Could I sell enough $10 shareware GPG extensions to compensate for not locking in 20 years of patent protection (and the $20,000 to patent it)?" If at the end of the first year you haven't made a dime and haven't had the routine published or accepted in the community, you probably never will.frob.
aol... (Score:5, Funny)
Don't be too sure of yourself (Score:5, Insightful)
I'm sorry to burst your bubble, but there have been a lot of great mathematicians and cryptographers that have tried to design good, secure algorithms over the past few decades. Very few have actually managed to create algorithms that'll stand up under analysis. You may think you've done so, but it's going to take a lot to convince everyone of that.
Try to break it (Score:5, Funny)
I'm not falling for that trick-- (Score:4, Funny)
My advice - give it away for free (Score:5, Insightful)
The chances of making money out of a patent are slim. Moreover, the cryptography market is "canibalized" - even if your system is, as you claim, a lot better than the existing techniques, most people will still use something that stood the test of time (e.g. RSA, which has become free)
Anyway, the US Patent system allows you to publish your idea one year before you file for a patent. Get some peer reviews (a proof is simply not a proof if kept secret) before embarking on a patent adventure.
Get a *provisional* patent (Score:5, Interesting)
A provisional patent costs $85, and you don't need a lawyer. It essentially keeps your patent claim alive for one year, and establishes a filing date, allowing you to disclose the invention without (as much) fear of losing your rights.
Once you assess it's commercial viability, you can decide on the >$10k formal patent.
I've done this many times. It's definitely the way to go.
What does Crypto-Gram say? (Score:5, Informative)
Memo to the Amateur Cipher Designer
Congratulations. You've just invented this great new cipher, and you want to do something with it. You're new in the field; no one's heard of you, and you don't have any credentials as a cryptanalyst. You want to get well-known cryptographers to look at your work. What can you do?
Unfortunately, you have a tough road ahead of you. I see about two new cipher designs from amateur cryptographers every week. The odds of any of these ciphers being secure are slim. The odds of any of them being both secure and efficient are negligible. The odds of any of them being worth actual money are virtually non-existent.
Anyone, from the most clueless amateur to the best cryptographer, can create an algorithm that he himself can't break. It's not even hard. What is hard is creating an algorithm that no one else can break, even after years of analysis. And the only way to prove that is to subject the algorithm to years of analysis by the best cryptographers around.
"The best cryptographers around" break a lot of ciphers. The academic literature is littered with the carcasses of ciphers broken by their analyses. But they're a busy bunch; they don't have time to break everything. How do they decide what to look at?
Ideally, cryptographers should only look at ciphers that have a reasonable chance of being secure. And since anyone can create a cipher that he believes to be secure, this means that cryptographers should only look at ciphers created by people whose opinions are worth something. No one is impressed if a random person creates an cipher he can't break; but if one of the world's best cryptographers creates an cipher he can't break, now that's worth looking at.
The real world isn't that tidy. Cryptographers look at algorithms that are either interesting or are likely to yield publishable results. This means that they are going to look at algorithms by respected cryptographers, algorithms fielded in large public systems (e.g., cellular phones, pay-TV decoders, Microsoft products), and algorithms that are published in the academic literature. Algorithms posted to Internet newsgroups by unknowns won't get a second glance. Neither will patented but unpublished algorithms, or proprietary algorithms embedded in obscure products.
It's hard to get a cryptographic algorithm published. Most conferences and workshops won't accept designs from unknowns and without extensive analysis. This may seem unfair: unknowns can't get their ciphers published because they are unknowns, and hence no one will ever see their work. In reality, if the only "work" someone ever does is in design, then it's probably not worth publishing. Unknowns can become knowns by publishing cryptanalyses of existing ciphers; most conferences accept these papers.
When I started writing _Applied Cryptography_, I heard the maxim that the only good algorithm designers were people who spent years analyzing existing designs. The maxim made sense, and I believed it. Over the years, as I spend more time doing design and analysis, the truth of the maxim has gotten stronger and stronger. My work on the Twofish design has made me believe this even more strongly. The cipher's strength is not in its design; anyone could design something like that. The strength is in its analysis. We spent over 1000 man-hours analyzing Twofish, breaking simplified versions and variants, and studying modifications. And we could not have done that analysis, nor would we have had any confidence in that analysis, had not the entire design team had experience breaking many other algorithm designs.
A cryptographer friend tells the story of an amateur who kept bothering him with the cipher he invented. The cryptographer would break the cipher, the amateur would make a change to "fix" it, and the cryptographer would break it again. This exchange went on a few times until the cryptographer became fed up. When the amateur visited him to hear what the cryptographer thought, the cryptographer put three envelopes face down on the table. "In each of these envelopes is an attack against your cipher. Take one and read it. Don't come back until you've discovered the other two attacks." The amateur was never heard from again.
I don't mean to be completely negative. People occasionally design strong ciphers. Amateur cryptographers even design strong ciphers. But if you are not known to the cryptographic community, and you expect other cryptographers to look at your work, you have to do several things:
1. Describe your cipher using standard notation. This doesn't mean C code. There is established terminology in the literature. Learn it and use it; no one will learn your specialized terminology.
2. Compare your cipher with other designs. Most likely, it will use some ideas that have been used before. Reference them. This will make it easier for others to understand your work, and shows that you understand the literature.
3. Show why your cipher is immune against each of the major attacks known in literature. It is not good enough just to say that it is secure, you have to show why it is secure against these attacks. This requires, of course, that you not only have read the literature, but also understand it. Expect this process to take months, and result in a large heavily mathematical document. And remember, statistical tests are not very meaningful.
4. Explain why your cipher is better than existing alternatives. It makes no sense to look at something new unless it has clear advantages over the old stuff. Is it faster on Pentiums? Smaller in hardware? What? I have frequently said that, given enough rounds, pretty much anything is secure. Your design needs to have significant performance advantages. And "it can't be broken" is not an advantage; it's a prerequisite.
5. Publish the cipher. Experience shows that ciphers that are not published are most often very weak. Keeping the cipher secret does not improve the security once the cipher is widely used, so if your cipher has to be kept secret to be secure, it is useless anyway.
6. Don't patent the cipher. You can't make money selling a cipher. There are just too many good free ones. Everyone who submitted a cipher to the AES is willing to just give it away; many of the submissions are already in the public domain. If you patent your design, everyone will just use something else. And no one will analyze it for you (unless you pay them); why should they work for you for free?
7. Be patient. There are a lot of algorithms to look at right now. The AES competition has given cryptographers 15 new designs to analyze, and we have to pick a winner by Spring 2000. Any good cryptographer with spare time is poking at those designs.
If you want to design algorithms, start by breaking the ones out there. Practice by breaking algorithms that have already been broken (without peeking at the answers). Break something no one else has broken. Break another. Get your breaks published. When you have established yourself as someone who can break algorithms, then you can start designing new algorithms. Before then, no one will take you seriously.
Creating a cipher is easy. Analyzing it is hard.
See "Self-Study Course in Block Cipher Cryptanalysis": http://www.counterpane.com/self-study.html
Publish it.... (Score:3, Informative)
B) The fundimental building blocks for crypto these days are all patent free: You have free hashes, free block cyphers (AES), free public key (RSA). There is no reason for someone theses days to choose a patent-entangled encryption primitive.
C) A one time pad is not vulnerable to known plaintext. I don't know what the poster is talking about. Since one time pads are never reused, the known plaintext tells NO information about the rest of the pad.
D) For the US, you can publish THEN patent, you do have a year between when there is a public disclosure and when you can patent it. This does NOT apply to non-US patents. But since the US is at least half the market, who cares about the rest?
D is really critical, because the post does raise many "snake oil" warning flags. If it's NOT snake oil, he can disclose it and patent it after people at least get a look at it. If it IS snake-oil, then it can be shot down before spending the k$s needed to patent it.
Intersections (Score:5, Funny)
copyright better than patent? (Score:5, Funny)
Just tear it up and throw it away.... (Score:5, Insightful)
Finally, you can actually both "give it to the world" and "make money". In fact, the whole point of the patent system is to get people to give out their secrets by granting them a limited monopoly.
If you really have something worth while, you can simply license you're concepts for general use. Public Key crypto has been patented for 30 years (almost expired) but it's used everywhere and has been a great boon to secure communications. Why? Because the authors licensed it for reasonable rates and allowed it to be used for free.
Patents only cost about $700, and once you get one it's yours for the next N years (or whatever, not sure about the exact number of years, it may be different in different fields). You can still let people use it for N-1 years and then try to get money out of it in year N (see the Unisys GIF patent). Patents aren't like trademarks where you have to keep policing them or you lose them, despite what morons on Slashdot (such as Hemos, even... btw whatever happened to him?) seem to believe.
One other thing:
The advantages are proof (i.e. unbreakable) against brute force attacks and known-plaintext attacks (unlike the OTP).
If I'm reading this right, you seem to think OTP is susceptible to brute force attacks. If this is true, you basically know jack about encryption.
I would... (Score:3, Funny)
Basic Misunderstanding (Score:4, Interesting)
Encryption is the ability to spread a limited source of entropy over a broad amount of data. The One Time Pad simply recognizes that if you have equal amounts of entropy and data then you don't need a very good mixing algorithm; just XOR the data with the pad and voila, the data becomes unreadable.
The challenge of good algorithms is to limit the amount of entropy needed to generate unreadable text to as small a size as possible. Typical algorithms in use today will by changing a single bit in the key, ultimately flip about 50% of the encrypted output. Half of the bits is optimum. Fewer and your entropy isn't getting mixed in very well. More and your bit is just inverting the data.
If you really want to contribute to the world of cryptography, don't bother with encryption algorithms. The ones we have are quite good. Honestly. Instead you should try to figure out a new use for the basic operations in cryptography. We know how to protect content, add signatures, authenticate content, and do non-repudiation. We can encrypt for a small number of readers each with his own key, or for broadcast, we can build webs of trust, and hierarchies. Come up with a new use that makes as much business sense as digital signatures and you'll have something worth patenting.
Mail it to the patent office... (Score:4, Informative)
This loophole exists for people like you who have an idea, but are not willing to pay a patent lawyer without testing it.
PS: This is my first slashdot post, so please be kind...
I will pay no money for it, nor use it if free (Score:4, Insightful)
Your description sounds like the classic descrption of what Bruce Schneider calls "snake oil". You have a great new encryption algorithm that you've been sitting on.... If you've been sitting on it, nobody knows if it's any good. The best cryptographers don't really know if their algorithm is really any good until lots of other cryptographers have had time to beat on it and test it. The only algorithms that anybody with any sense will use are ones that have been open, and for a long time, so that they can truly be scrutinized.
So, in a word, it doesn't matter. I'd rather you didn't patent it, because software patents are generally evil anyway, and if the algorithm turns out to be useful for something, it could create headaches later. But, as far as cryptography goes, if it is truly as you describe, it's effectively worthless at the moment, and will continue to be so until lots of people have had a chance to see and work on the algorithm.
-Rob
Re:Why patent? (Score:3, Interesting)
But I don't think your comment really relates to the actual question he asked: do I patent [thing x] and hope to make enough money in a commercial world, or do I release shareware plugins?
frob.