Slashdot Mirror
What Would You Do With a New Form of Encryption?
Kip Knight asks: "I've been sitting on an invention for six months now. I'm debating whether to 'give it to the world' or patent it. I would obviously like to feed my family on the fruits of my endeavour but don't see much hope in the open source route. My invention improves upon the 80 year old One-Time Pad encryption turning it into a 'Many-Time Pad'. Since I haven't got my export license to speak about the details yet, I won't describe further. The advantages are proof (i.e. unbreakable) against brute force attacks and known-plaintext attacks (unlike the OTP). The disadvantage is carrying around a very large digital key (which could easily fit on one of those USB memory key fobs). My question is this: Could I sell enough $10 shareware GPG extensions to compensate for not locking in 20 years of patent protection (and the $20,000 to patent it)?" While the claims made by the submittor have yet to withstand the crucial test of time (and prying eyes), if you had developed a new form of encryption, what would you do?
blog |
... patent it, *then* you can figure out what business model you want to use.
Note, however, that the claims made by the submittor is basically a laundry list of the kinds of claims that makes seasoned cryptographers go "oh no, not again."
Fact is, if i need money, then liscense it to a company who will do the dirty work for me and live off the proceeds. If it is, in fact, a brilliant discovery, you should fight for provisions which will ensure some amount of open review.
Not everyone who comes up with such a proven idea is a software developer, and they may not be able to live off of creating cutting edge software or maintaining said software for a living. The bazaar method doesn't apply to theory.
"Moving through the masses like a fish through water." syrup
Ten bucks says five mins after he publishes it it will get broken.
"many-time" otp are quite nonsense. See the problem is people think that good ciphers can have security approaching the OTP. The OTP is an absolutely different type of security.
For instance, *no* ammount of time is sufficient to break an OTP without the key. Whereas a block cipher can be broken at least in theory.
I'd suggest to the original poster that he try to get his design published. When it gets horribly broken it will serve as a learning experience as how "not" to approach science.
Tom
Someday, I'll have a real sig.
I would patent it and sell it because if you present this to the public free of charge then other companies will take advantage of this. Think of your family first and be a capitalist.
It's heartwarming that you've invented a new form of crypto. However, before anyone takes it seriously, you're going to have to reveal it to the cryptographic community. "Many eyes make bugs shallow" as they say, and in few places is this more important than in crypto. An algorithm you've looked at 10000 times may have a logical error you've never caught, that would be glaring to a knowledgable pair of fresh eyes.
Plus no self-respecting paranoid freak is ever going to use a new cipher that hasn't had any time in the spotlight. Release it to the field and ask for comments.
But what do I know. I'm just looking for anonymous gay sex.
That this invention is a bunch of crap. Most likely scenario: inventor releases a press release that gets widely reported and the most secure thing ever invented. Claims like "unbreakable" and "proven secure" and "many time pad" will be thrown around freely.
And then someone with a decoder ring will crack that puppy wide open.
Yawn. Snake oil.
If tits were wings it'd be flying around.
so you want us to decide what's more important to you? I'd say give it to the world, but that's my own opinion. that's what this whole thing is going to be... opinion. what's more important? money or ideals? it gets trickier (as mentioned) when you've got to put food on the table. Trickier still when you consider the investment (time and money) needed to see your invention pay off. as with any big life decision you just need to look at all the courses of action and their consequences, and chose the one that suits your life goals best.
aoeu
release it at a crypto convention and get a reality check as it is broken by one of the people at the con before you go home.....
It's Christmas everyday with BitTorrent.
Security Through Obscurity Does Not Work. Period.
Patenting something (properly) will cost thousands of dollars and will require a patent lawyer.
The US is a first-to-invent not a first-to-patent country, so make sure you have a hardcopy of your invention description dated and notarized.
Then let some Net crypto people beat on your idea, make sure you say "Patent Pending."
If it holds up, you should easily be able to raise the money to get it patented properly. (Actually, if so, email me, I may know a few investors)
Judging from your description, I'd say your invention has a high probability of not truly doing what you think it does. Developing novel and useful cryptographic technology is a rare occurance, generally done by people who have a ton of experience in the area. No point in wasting money if it won't stand up to 30 minutes in sci.crypt
My invention improves upon the 80 year old One-Time Pad encryption turning it into a 'Many-Time Pad'.
Information theory proves that the One-Time Pad (OTP) is optimal - it cannot be improved.
The advantages are proof (i.e. unbreakable) against brute force attacks and known-plaintext attacks (unlike the OTP).
The OTP has no known-plaintext vulnerability. By submitting even a chosen plaintext to be encrypted, and studying the encrypted message, you only learn the piece of the One-Time pad used on your own content. It does not help you break any other part of any other message.
The only way to break a OTP is to get a copy the pad or by breaking the random number generator used to create the pad.
This post's claim is the usual nonsense. So patent it if you wish - release it if you wish - I doubt anyone will find it usable.
It is impossible to make money selling a cryptographic algorithm. It's difficult, but not impossible, to make money selling a cryptographic protocol.
Who said it? Bruce Schneier, one of the current gurus of crypto. Where did he say it? Here on Slashdot
The whole article is worth a read.
My perspective is that I seriously doubt your claims. Until there is strong peer review of your entire cryptosystem from top to bottom, I won't touch it. Unless it solves some problem with other cryptosystems already in use, the market won't touch it. If you can these two objections then you might have a shot at some money. Otherwise...
There are tons of symmetric encryption methods ranging from patented to totally free. They all have the property of being effectively unbreakable with decent keysizes. Unlike your proposed method, they dont require ridiculously large keysizes. I really dont see the commercial potential, or even the potential for significant non-commercial use.
The method you describe would actually have significant *disadvantages*, such as being ill-suited for use with asymmetric cyphers.
The advantages are proof (i.e. unbreakable) against brute force attacks and known-plaintext attacks (unlike the OTP).
I dont see how a one time pad wouldnt have these properties. Note that the name is One Time Pad, so if you reuse the pad, its not one time anymore.
1. Sign a non-disclosure agreement with a reputable encryption expert.
...
2. Pay said expert a fee to examine your system and comment on its merit.
3. If your system has potential but needs adjustment, repeat #1 and #2 as necessary, if possible with different experts (within the limits of your financial resources, of course).
4. If you are still convinced that your system is worthy, hire a patent lawyer and patent it.
5. Don't try to sell it on your own. Instead, try selling it to an encryption firm or software distributor, using the expert opinions from #1 and #2 to bolster your sales pitch.
6. If you find a buyer, try to license your encryption system rather then sell it outright.
7.
8. Profit!
I'm sorry to burst your bubble, but there have been a lot of great mathematicians and cryptographers that have tried to design good, secure algorithms over the past few decades. Very few have actually managed to create algorithms that'll stand up under analysis. You may think you've done so, but it's going to take a lot to convince everyone of that.
Be who you are...and be it in style!
You say that it is ``... proof (i.e. unbreakable) against brute force attacks and known-plaintext attacks .... Can you prove that? Can you prove it well enough that a mathematician won't laugh at you? If you haven't gotten this reviewed by some competent cryptographers, the whole issue is probably moot anyway.
As for your explicit question: `` Could I sell enough $10 shareware GPG extensions ...'' I suspect that the answer is ``probably not''. PGP doesn't seem to have sold very well, and cryptography doesn't seem to be a hot seller right now. Patent or not, this may not be a big money maker. A better way to have phrased your question might have been: ``Is this invention likely to make enough money that I could come out ahead by patenting it?''
A better place to have asked your question might have been a forum where cryptographers hang out. I'm not sure that a lot of them will see this here on slashdot. If you have some sort of credentials as a cryptographer or mathematician, you might try sending emails to some patent-holding cryptographers, and ask about their opinions on your algorithm, and their experiences with patents.
See what I've been reading.
If you patent the idea, you can then control how it is used -- including permitting its use in Open Source or other software. As some people are aware, Dennis Richie holds a patent on the 'set-uid' bit concept. In fact, patenting it yourself (and thus allowing you to set the terms of its use) is probably better for the Open Source and Free Software interests since that would ensure some other, less friendly, entity could not patent it later -- if you do not patent it, someone else will (even if they shouldn't be able to [the uspo being so imfamously incompetent]).
Yea and the titanic was thought to be unsinkable... Unless its been out in circulation for attempts to be made, i would hold off on the claims.
1st move...Patent it
I can't believe this hasn't had the crap flamed out of it, let alone get a +2.
Obscurity isn't a great security model. I am not going to say that it has no place in security either.
Just because I am the only one that knows that I XOr'd my message with the umteenth row in a pascal triangle, doesn't mean that someone won't be able to see the pattern, or use other attacks to figure it out.
It does make a good, but vulnerable, security system a little better, but shouldn't be the main part of your security system, or even a major part.
The chances of making money out of a patent are slim. Moreover, the cryptography market is "canibalized" - even if your system is, as you claim, a lot better than the existing techniques, most people will still use something that stood the test of time (e.g. RSA, which has become free)
Anyway, the US Patent system allows you to publish your idea one year before you file for a patent. Get some peer reviews (a proof is simply not a proof if kept secret) before embarking on a patent adventure.
The Raven
... some plain text and some cipher text. If any one can deduce the way your n-time(n >= 1) pad then forget the patent. One the other hand, if your n-time pad is unbreakable expect some time to pass before all of the best cryptoanalists have had a wack at breaking it. Then after that expect the NSA to come knocking at your door and telling you what your rights are for disseminating the n-time pad. This happend to IBM with their "Lucifer" encryption scheme known as DES - or Triple-DES now. Finally, does your code eat much processor time if it does then it will also be limited in use even after passing rigorus testing. Check out AES/Rijndael on google - uses 50k of memory VERY important for cell/PDA application.... That is all. SittingBull
There's even a better method that has been discussed for years. Document everything. Mail it to yourself. The postmark is sufficient proof of the date.
It doesn't matter if you intend to make a product or wait until someone else uses your best kept secret. If you plan to ramp up a production line to pump out your products and are sued by someone who finally does (and will) get a patent on your idea, just show them the evidence. Rather than having their patent nullified due to prior art, they will give you cash to shut up. Same if someone else makes it and they happened to patent it. Threaten to sell your prior art to others. Hush money will come your way (or someone will come over to fit you with a pair of concrete shoes.)
You can be assured this will happen. The introduction of new technology makes new obvious things possible. Its a race with time. Better put the cards in your pocket and hide them until the dealer has a lot of cash on the table.
I seriously doubt you've found anything substantial that some of the worlds greatest mathematical minds just sort of 'passed over'. I mean, seriously. It's been proven that the only secure encryption technique is OTP. You could no more have come up with something more secure then I could add 2 + 2 and end up with 64,000.
Finally, you can actually both "give it to the world" and "make money". In fact, the whole point of the patent system is to get people to give out their secrets by granting them a limited monopoly.
If you really have something worth while, you can simply license you're concepts for general use. Public Key crypto has been patented for 30 years (almost expired) but it's used everywhere and has been a great boon to secure communications. Why? Because the authors licensed it for reasonable rates and allowed it to be used for free.
Patents only cost about $700, and once you get one it's yours for the next N years (or whatever, not sure about the exact number of years, it may be different in different fields). You can still let people use it for N-1 years and then try to get money out of it in year N (see the Unisys GIF patent). Patents aren't like trademarks where you have to keep policing them or you lose them, despite what morons on Slashdot (such as Hemos, even... btw whatever happened to him?) seem to believe.
One other thing:
The advantages are proof (i.e. unbreakable) against brute force attacks and known-plaintext attacks (unlike the OTP).
If I'm reading this right, you seem to think OTP is susceptible to brute force attacks. If this is true, you basically know jack about encryption.
autopr0n is like, down and stuff.
OTP provides perfect secrecy. It doesn't provide any form of authentication, or even hint at a way to provide authentication. If someone knows the message, they can figure out the key, and they can send whatever message they like in its place.
When I wanted to learn more about cryptography, I started from what I understood (OTP) and came up with some ideas for fixing its limitations. I wrote up a page describing the new method (One Time Deck), and put up links to cryptography newsgroups for comment. Sure enough, they pointed out some superior methods (my method works, it's just stupidly expensive in key data). I added links to papers on the superior methods to my page, and moved on.
All in all, time well spent in gaining a thorough understanding of theoretically perfect non-quantum cryptocgraphic methods. It may be taken for granted that all worthwhile OTP variants have been covered. In cryptography, theoretical perfection is as simple and boring as basic arithmetic, while practicality is as complex and rich as computer programming.
The inventor would be well-advised to follow my approach, and at least learn something. Unless he intends to swindle other people who understand even less than he does... that has traditionally been the most profitable use for bad ideas in cryptography.
Not by itself, at least. I always figured that obscurity would be the first element of any robust defense in depth. You'll have trouble picking the locks on my door if you have no idea where I live. But I don't rely only on your ignorance to protect my home--I also have really good locks. Of course, now that you know I have really good locks, your job becomes a little bit easier. If I told you the make and model of my locks, that would make your job easier yet. You'd probably also like to know about my alarm system, guard dogs, and surveillance cameras. Every piece of information you have about my security improves your chances of breaching it, and reduces my obscurity by an unacceptable amount. Obscurity is a vital component of any physical security system. Period.
Any sufficiently well-organized community is indistinguishable from Government.
It sounds a lot like a classic blunder, and not a new encryption at all.
.sig
But assuming for the moment that one discovers a new kind of encryption,
the question becomes why is this new encryption better than the hundreds of existing algorithms.
Rijndael is libre, approved by FIPS, has reference implementations available,
and has been thoroughly checked by several cryptographers.
If the only difference your encryption scheme has is a (possibly flawed) proof of security,
then you have a "me too" product that's competing in saturated market place.
You best bet is probably to go for fame, and then try to turn that fame into a better paying job.
-- this is not a
Funniest. Post. Ever.
Personally, I have been thinking about this a lot lately too -- for encryption and other software that I am writing.
/. article), and the reason why we never see some kewl gadget that existed when our parents were kids. Look at OLED -- much better than LCD, cheaper to make, etc -- but CRT/LCD manufacturers loose money if they are mass produced.
I believe that the Patent office (and Copyright Law) are outdated and prevent the growth of technology. Why? Because the way it should work is that you design this new encryption, and it gets utilitized EVERYWHERE making everything better. Instead, what normally happens is that people patent things and it gets blocked from the public (either by the inventor, or the one he sells out to). This is part of the reason that medicines cost more than they should (see previous
Besides, someone could probably outdo your patent by adding the words "using binary" since the Patent Office is obviously NOT doing its job correctly (regarding tech/software/hardware).
But, how to make a living if it is OpenIP? If it is a "good" technology, then $5 registration or something MIGHT happen. However, if it is a "great" technology, perhaps by teaching -- ie: classes, books (O'Reilly, et al), etc... Try emailing O'Reilly and seeing if they would be interested in publishing a book on how it works if you write it.
One thing that I personally am very careful of, and most people on this list will probably flame me for it, is I wouldn't use GPL. GPL is like a virus, and you loose the ability to get the whole world to use it. Most companies I have worked for were more than willing to use BSD-based code, but wouldn't even look at GPL-code... So, if you want the whole world to use it, GPL will loose half your audience. If you don't care about it being used by the masses, then it might protect you more (I am not convinced on that matter due to 'cygwin').
Malachi
BTW: I thank **ALL** encryption can be brute-forced.
http://www.google.com/profiles/malachid
Ah, I see. And you can prove that the "nine out of ten slashdotters" who complain about the abuse of the patent system, are in fact the same people that are suggesting he patent it now? That's the assertion you're making, but you haven't backed it up. Slashdot is a community of thousands of people, some of whom have opposing views, but you assume that because you saw two opposing things on the same website, it must be the same people. Your logic is truly astonishing.
"Destroy science and religion. Science would re-emerge exactly the same; but not religion." - Penn Jillette, paraphrased
Just go to the bank you do business with and get a $20,000 loan. If you have a decent credit rating, it should be no problem at all. You could also take out a loan against your 401(k), or even a home equity loan. Rates are great right now. The point is, there's no reason to involve a third party who has an interest in your invention, just to get the funds to patent it.
"The advanced societies of the future will be driven by competing systems of psychopathology." -JG Ballard
Release it freely. If it is actually good (or can be made good), use it to become famous, and find employment on that fame. Don't bother spending money patenting it because that would be a waste of money.
First, because there is no shortage of really good encryption available for free, you aren't going to be able to sell it.
Second, because it doesn't work, there is no point in wasting money trying to patent something that is faulty.
How do I know it doesn't work? Because nearly no one can design good cryptography, so chances are yours isn't any good either. And, yours is currently secret; secret cryptography is almost poor. Sure, you might be not be able to see how it is defective, but that only means it is tougher than your ability as a cryptanalyst. Good cryptanalysts are rare. You also seem to say that OTP is vulnerable to known-plaintext attacks, which as I understand it is simply false. A OTP has terrible key distribution problems and there are always attacks outside the strict domain of the encryption, but a one time pad is, if you define the problem as a narrow cryptographic problem, perfect. This makes me doubt your abilities.
Sorry to be so harsh,
-kb, the Kent who tries to know how much he doesn't know about cryptography.
Your description sounds like the classic descrption of what Bruce Schneider calls "snake oil". You have a great new encryption algorithm that you've been sitting on.... If you've been sitting on it, nobody knows if it's any good. The best cryptographers don't really know if their algorithm is really any good until lots of other cryptographers have had time to beat on it and test it. The only algorithms that anybody with any sense will use are ones that have been open, and for a long time, so that they can truly be scrutinized.
So, in a word, it doesn't matter. I'd rather you didn't patent it, because software patents are generally evil anyway, and if the algorithm turns out to be useful for something, it could create headaches later. But, as far as cryptography goes, if it is truly as you describe, it's effectively worthless at the moment, and will continue to be so until lots of people have had a chance to see and work on the algorithm.
-Rob
OK, some people have said patent and license for free to non-commercial uses. There's a much safer approach that will save the inventor some money, although at the risk of some embarrassment:
1) Time stamp a document containing your results. There are lots of ways of doing this, with either automated services (such as "Stamper" at http://www.itconsult.co.uk/stamper.htm), or just posting the document on Usenet.
2) Tell someone else -- I'd suggest making a very public release on some forum. Incidentally, your write-up should say that you will apply for a patent. In the U.S. you have a year after publication to file for a patent.
3) Submit to a conference, like CRYPTO.
By publishing, you've established ownership so noone else can patent your technique later (because yours would now be "prior art"), and you can still patent if it holds up to scrutiny. But you also save yourself the patent fees if it doesn't.
I'd be willing to put a little bit of money on a bet that the result would be that a weakness would be discovered. If by "perfectly unbreakable" you mean an infinite unicity distance, there are only two ways you can do that: use a random key (i.e., a one-time pad), or encrypt completely random data (which would be pretty useless). Anything else (yes, *anything* else) will have a finite unicity distance, and so cannot be claimed to be completely unbreakable.
'cause telling the public about your inbvention is a good way to prevent anyone, including you, from ever getting a patent on it!
Basically, it's like shootin yourself in the foot.
Seeking free legal advice on a public board is a really dumb idea, for about 19 different reasons.
I suppose what's really at issue here is a moral question. Is it better to serve the interests of free-speech and expression with no assured great profits or is it better to get those profits for the financial security of one's family at the probable loss of momentum towards greater freedom? Since I tend to lean towards the idealistic, I'd probably go with the open-source route believing that creating such a good foundation for greater freedom would certainly come back in many positive ways to both oneself and one's family. But just the same, it is a difficult decision and you deserve respect for your efforts no matter which route you take.
And all our yesterdays have lighted fools The way to dusty death. --Will
If this guy thinks the known-plaintext "attack" to OTP is a problem, then he don't know what a OTP is.
For those of you who don't know, every byte in a one-time pad is used to encrypt one and only one byte. Ever. If you know the plaintext and the ciphertext, you can derive the key, for that one byte, but that information is useless for every other byte in the ciphertext.
Not to troll--I am only a student and not real knowledgable about crypto--according to the _Handbook of Applied Cryptography_, a One Time Pad as long as the message space is theoretically unbreakable (for obvious reasons; the number of possible keys is equal the number of possible messages). So the OTP shouldnt be susceptible to a known plaintext attact if it is as long as the message space. If thats your invention... Not to quibble, but extraordinary claims require extraordinary evidence. S
This is how it works in a perfect world: Take a random string, XOR it with your message (the plaintext) and transmit the result to your friend. To decrypt the message, your friend has to XOR the message he got again with the random string.
There are two problems with that:
We are not able to produce real randomness, we can only use cryptographically secure pseudo-random number generators but these are not perfectly random.
The problem of transmitting the random string (the key). It has to be distributed in advance.
If a message gets encrypted twice with the same key, it is highly vulnerable to a statistical attack and therefore nearly useless. Every few days, someone claims to have invented a perfectly secure cryptosystem and posts it on sci.crypt just to have it torn to pieces by them.
To the "inventor" of this new system: If you really feel your algorithm is that strong, offer something about 10000$ to anyone who can break it. That way you can be sure it gets enough attention. This is common practice.