Slashdot Mirror

← Back to Stories (view on slashdot.org)

What Would You Do With a New Form of Encryption?

Posted by Cliff on from the share-or-sell dept.

Kip Knight asks: "I've been sitting on an invention for six months now. I'm debating whether to 'give it to the world' or patent it. I would obviously like to feed my family on the fruits of my endeavour but don't see much hope in the open source route. My invention improves upon the 80 year old One-Time Pad encryption turning it into a 'Many-Time Pad'. Since I haven't got my export license to speak about the details yet, I won't describe further. The advantages are proof (i.e. unbreakable) against brute force attacks and known-plaintext attacks (unlike the OTP). The disadvantage is carrying around a very large digital key (which could easily fit on one of those USB memory key fobs). My question is this: Could I sell enough $10 shareware GPG extensions to compensate for not locking in 20 years of patent protection (and the $20,000 to patent it)?" While the claims made by the submittor have yet to withstand the crucial test of time (and prying eyes), if you had developed a new form of encryption, what would you do?

42 of 789 comments (clear)

  1. Easy. by superdan2k · · Score: 5, Insightful
    1. Patent it. Period.
    2. Allow it to be used freely by open source programs. License it to commercial companies that stand to make money.
    3. ...
    4. Profit.
    --
    blog |
    1. Re:Easy. by Lokni · · Score: 5, Insightful

      I definitely agree with the above poster on 1, 2 ,4. As far as coming up with the $20,000, find a lawyer that will draw up a rock solid non disclosure agreement and then shop it around to rich businessmen and patent lawyers after you get a signed NDA.

    2. Re:Easy. by blibbleblobble · · Score: 5, Insightful

      Hang on a sec... this guy says he has a revolutionary new encryption algorithm that's as secure as a one-time pad? Now, even for people who don't have the first clue about cryptography*, that sounds like the inventor needs a breath of fresh air and a healthy dose of reality, never mind a patent lawyer.

      Hint: Encryption systems only become revolutionary after they've been in the public domain for 5-10 years. Even then, they won't get used if there's a patent attached.

      One-time pad? Bull. Crypto inventions come at a rate of one every 5 years, and the next one due is quantum cryptography. Think the idea is so smart it's better than quantum? Even claiming it's comparable to elliptic-curve crypto is one hell of a claim, and not something to be believed until it's published in a journal. Several times. And reviewed by people we've heard of. Even then, we won't believe it's unbreakable until the inventor has been imprisoned by the FBI for publishing it.

      Nevermind the patent issue: there's a common-sense issue to be solved first. Thousands of crackpots a year come up with unbreakable [by them] encryption; having a patent doesn't make it any less snake-oil.

      *Clues to be found in:
      Book: Applied cryptography
      Book: Secrets and Lies
      Article: Phil Zimmerman's writings on the PGP page
      Helpfile: PGP helpfile

    3. Re:Easy. by JonTurner · · Score: 5, Insightful
      And then what? "Rock solid" legal agreements don't mean shit unless you have the money to take then to court if they violate the terms or even outright steal the idea. That they did it isn't enough. You have to PROVE it in court, and that takes $$$. Are you prepared for the appeals, motions for discovery, and dozens of other motions filed that are designed to tie you up and run up your legal bills? And even if you do win a decision you have to collect which is another matter entirely.
      A bunch of words on paper isn't going to do much good for someone who may have trouble scraping together the $20,000 for the patent work, the $100,000+++ needed to sue a large corporation with a fleet of slick attorneys is going to be difficult to find.

      Don't just do something, stand there!

    4. Re:Easy. by jovlinger · · Score: 5, Insightful

      I think schneier was the one to point out that we are all able to invent ciphers that we can't break ourselves. The good ciphers are the ones that can't be broken by others.

    5. Re:Easy. by flossie · · Score: 3, Insightful

      If the idea is good enough, it shouldn't be hard to find someone capable of funding the battle in exchange for a cut of the winnings - many lawyers are happy to do this if the case is strong enough. Obviously, the important thing here is to wait until someone has made a lot of money with the product and *then* sue.

      --
      flossie

      Write now. Defend liberty

    6. Re:Easy. by Bagheera · · Score: 5, Insightful

      Looks like you've hit this one on the head. Crypto is a very conservative world and people don't adopt new algorythms untill they've been analyzed to death. Being unwilling to publish it makes me suspecious right from the start. Once it's published he'll at least have copyright protection and can worry about the patent later.

      We won't go into professional cryptologists opinions of amatures with "new and revolutionary ideas." (But some of the threads in the USENET crypto groups can be very enlightening on that count)

      To answer his specific question, I would say NO. Unless he plans to use some form of free license, there are far too many good, unencumbered, crypto systems out there already for it to be worth it to add yet another patented one. At least for implementations at the application level. If there's going to be money in it, it'll be made from a good implementation of the system.

      --
      Never attribute to malice what can as easily be the result of incompetence...
    7. Re:Easy. by juraj · · Score: 3, Insightful
      You are not true. As you probably know, if you have read these books, One Time Pad is _provably_ unbreakable. If it has a mathematical proof, as he claims, no test of time is needed. It's proved, period. (the question is, if the proof is okay and each step would survive, but if it is, as he claims -- which _can_ be checked, it's the invention right here right now).


      There are lots of people claiming they have unbreakable encryption, but if they have correct mathematical proof, man, this would be invention!

    8. Re:Easy. by j7953 · · Score: 5, Insightful
      Being unwilling to publish it makes me suspecious right from the start.

      Huh? A patent is a method of publishing your invention, in fact, that is (or used to be) one of the points of the patent system: to make it profitable for people to share their inventions instead of keeping them secret. The idea of patents is, as your constitution puts it, "to promote the progress of science."

      Of course, this doesn't work if patents are granted on solutions that are obvious once you know the problem, but that is not the case here. (Assuming the cryptographic algorithm actually works, it is likely that it was not obvious.)

      Remember that RSA is a very successful cryptographic technology, despite being protected by a (now expired) patent.

      --
      Sig (appended to the end of comments I post, 54 chars)
  2. If you want to make money, patent it by hpa · · Score: 5, Insightful

    ... patent it, *then* you can figure out what business model you want to use.

    Note, however, that the claims made by the submittor is basically a laundry list of the kinds of claims that makes seasoned cryptographers go "oh no, not again."

    1. Re:If you want to make money, patent it by markk · · Score: 5, Insightful

      I would reinforce this comment - the claims in the original submission are invalid on the face of it in the real world. There is no plaintext attack on a real 'otp' with enough randomness in the key since the key is used only once.
      To all of the people with new cryptosystems - with all due respect - we now have really good, well understood cyphering methods up to a level where the failure in security won't be from the method of encryption. Key exchange could be improved, but actual symmetric cypher methods aren't going to revolutionize things anymore. We can always use better, and people will continue to look for flaws (as in Rijndael) but none of this is big time.

    2. Re:If you want to make money, patent it by bellings · · Score: 3, Insightful

      Indeed. It sounds like an "XOR" encryption scheme : i.e. make a large, random digit file, and XOR it against things that you want to encrypt. It is incredibly week for obvious reasons...

      I'm reasonably decent at math. Actually, I'm modest. I'm really, really, really fucking good at math. I can't see any reason the encryption method you describe would be "weak". I certainly don't see any "obvious" reasons.

      Would you please elaborate on these obvious reasons?

      --
      Slashdot is jumping the shark. I'm just driving the boat.
    3. Re:If you want to make money, patent it by Marx_Mrvelous · · Score: 3, Insightful

      Aright, so the one-time-pad is totally unbreakable, as long as the key is random, and no one decrypts it. The weakness lies in, if you use the same pad two times, you can XOR the two encrypted messages together, and get message A XOR message B. This is a critical weakness of the OTP.

      If I had to guess, this guy came up with something like, "Each time you use the OTP, start at the next bit" so that it's like having a bunch of OTP keys, but in one place. I'm guessing whatever scheme he came up with either has already been invented, or is also critically flawed.

      --

      Moderation: Put your hand inside the puppet head!
    4. Re:If you want to make money, patent it by aero6dof · · Score: 5, Insightful

      The corollary to this advice would be to hire a lawyer to write an NDA and hire an competent, independent cryptographer under that NDA to advise you about the novelty of your encryption approach. This will give you an idea of its worth pursuing the patent. I would think that you should explore not only the encryption algorithm, but the physical key-management apparatus that you're envisioning.

    5. Re:If you want to make money, patent it by coyote-san · · Score: 5, Insightful

      Or we can save him the effort and tell him what his "revolutionary" idea is, thus simultaneously providing proof of prior art (making the patent question moot) and that he needs to spend more time studying cryptology before his next big idea.

      The fact that he says it's "multiple use" and that it requires a "digital key" suggests that he's using the key as the seed for some crypto PRNG (e.g., you recursively encrypt your salt with your key as the password, then pull out some of the bytes to create your OTP. Put the random salt as the first few bytes of the cipher text and voila, instant multiuse OTPs. Not weak (not if you use a good crypto PRNG), but hardly an original thought that would not occur to the casual practitioner of
      the science.

      (There's also the pesky fact that most experts would consider this approach foolhardy. If you have a decent encryption routine, use it to encrypt the data directly. Crypto PRNGs are believed to be strong, but I don't know if this has been formally studied. There would well be an emergent property in the implementation that makes the PRNG highly predictable.)

      A refinement would involve recognizing that DSA keys actually have a 'generator' attribute, and you could use that to map your salt to a seemingly random sequence of values. It should be much more efficient than the recursive crypto approach, but again is hardly original since the very reason that these keys include generators is that they're used to efficiently generate ephemeral session keys via the same property.

      --
      For every complex problem there is an answer that is clear, simple, and wrong. -- H L Mencken
    6. Re:If you want to make money, patent it by Viking+Coder · · Score: 3, Insightful

      One Time Pad is current, secure, and well understood.

      --
      Education is the silver bullet.
  3. Feed the Family by syrupMatt · · Score: 5, Insightful

    Fact is, if i need money, then liscense it to a company who will do the dirty work for me and live off the proceeds. If it is, in fact, a brilliant discovery, you should fight for provisions which will ensure some amount of open review.

    Not everyone who comes up with such a proven idea is a software developer, and they may not be able to live off of creating cutting edge software or maintaining said software for a living. The bazaar method doesn't apply to theory.

    --
    "Moving through the masses like a fish through water." syrup
  4. Hehehehe by tomstdenis · · Score: 5, Insightful

    Ten bucks says five mins after he publishes it it will get broken.

    "many-time" otp are quite nonsense. See the problem is people think that good ciphers can have security approaching the OTP. The OTP is an absolutely different type of security.

    For instance, *no* ammount of time is sufficient to break an OTP without the key. Whereas a block cipher can be broken at least in theory.

    I'd suggest to the original poster that he try to get his design published. When it gets horribly broken it will serve as a learning experience as how "not" to approach science.

    Tom

    --
    Someday, I'll have a real sig.
    1. Re:Hehehehe by X-rated+Ouroboros · · Score: 5, Insightful

      Indeed.

      I seriously doubt the guy has looked at this from all angles or considered how it would be implemented digitally. Some ideas that seem really good on paper break down when you get to the nuts and bolts of how to do it with bits and bytes. Considering the guy's tendency to throw around OTP and, gag, "many-time pad," I don't see a lot of familarity with the way these terms are percieved by the lay crypto.

      Still, if he's got that much faith in it, patent it, or write it up and copyright the description (not really ironclad, but it could get a settlement if OmniCorp steals the idea). I think the only reason the guy is asking about rather than just doing it is because he fully expects it to be broken shortly after going public and all the costs of filing a patent going to waste.

      Considering he says it's invulnerable to known plaintext attack he could post some plaintext and ciphertext for people to whack at for a while. It might just be security through obscurity if no one breaks it, but it could also illustrate that while he's so busy looking at ways to break the algorithm he's too close to see he's taking the long route around a much more straightforward (and trivial) transform.

      Posting ciphertext and plaintext and inviting people to attack it should keep the encryption method safe if it's as secure as he thinks it is. If some reverse engineers the algorithm (or an equivalent) it will show it wasn't worth patenting in the first place (or that it's already been patented).

      --
      Simple Machines in Higher Dimensions
  5. Your first job: Air it out to the crypto community by Faggot · · Score: 5, Insightful

    It's heartwarming that you've invented a new form of crypto. However, before anyone takes it seriously, you're going to have to reveal it to the cryptographic community. "Many eyes make bugs shallow" as they say, and in few places is this more important than in crypto. An algorithm you've looked at 10000 times may have a logical error you've never caught, that would be glaring to a knowledgable pair of fresh eyes.

    Plus no self-respecting paranoid freak is ever going to use a new cipher that hasn't had any time in the spotlight. Release it to the field and ask for comments.

    --

    But what do I know. I'm just looking for anonymous gay sex.

  6. 99.9 percent sure by PD · · Score: 5, Insightful

    That this invention is a bunch of crap. Most likely scenario: inventor releases a press release that gets widely reported and the most secure thing ever invented. Claims like "unbreakable" and "proven secure" and "many time pad" will be thrown around freely.

    And then someone with a decoder ring will crack that puppy wide open.

    Yawn. Snake oil.

    --
    If tits were wings it'd be flying around.
    1. Re:99.9 percent sure by Quarters · · Score: 3, Insightful
      Well, Kip's e-mail address is newtsprism@AOL.COM. That ought to tell you something.


      It does! It tells me that you are either:

      a) A techno-bigot
      b) A 13 year old who lacks in social skills
      c) An overweight 42 year old who lives in his mother's basement and spells "Microsoft" as "Micro$oft" (all credit to Gabe and Tycho)

      or

      d) A cynical idiot who doesn't really have anything constructive to add to the discussion.

      (note: D can be used in conjuction with any of the previous choices)
    2. Re:99.9 percent sure by susano_otter · · Score: 3, Insightful

      How about e) Given the reasonable expectation that experienced cryptographers and information experts generally don't get online through AOL (since AOL markets heavily to non-technical people, and most if not all technical people you meet don't use it at all), it is reasonable to expect that an AOL user will not come up with a technically robust encryption scheme. It's not about techno-bigotry, so much as reasonable expectations based on years of statistical and anecdotal evidence.

      --

      Any sufficiently well-organized community is indistinguishable from Government.

  7. Re:Do Nothing by Anonymous Coward · · Score: 5, Insightful

    Security Through Obscurity Does Not Work. Period.

  8. Is it worth patenting? by TheSync · · Score: 5, Insightful

    Patenting something (properly) will cost thousands of dollars and will require a patent lawyer.

    The US is a first-to-invent not a first-to-patent country, so make sure you have a hardcopy of your invention description dated and notarized.

    Then let some Net crypto people beat on your idea, make sure you say "Patent Pending."

    If it holds up, you should easily be able to raise the money to get it patented properly. (Actually, if so, email me, I may know a few investors)

    Judging from your description, I'd say your invention has a high probability of not truly doing what you think it does. Developing novel and useful cryptographic technology is a rare occurance, generally done by people who have a ton of experience in the area. No point in wasting money if it won't stand up to 30 minutes in sci.crypt

  9. Mathematically impossible by Lord+Greyhawk · · Score: 5, Insightful

    My invention improves upon the 80 year old One-Time Pad encryption turning it into a 'Many-Time Pad'.

    Information theory proves that the One-Time Pad (OTP) is optimal - it cannot be improved.

    The advantages are proof (i.e. unbreakable) against brute force attacks and known-plaintext attacks (unlike the OTP).

    The OTP has no known-plaintext vulnerability. By submitting even a chosen plaintext to be encrypted, and studying the encrypted message, you only learn the piece of the One-Time pad used on your own content. It does not help you break any other part of any other message.

    The only way to break a OTP is to get a copy the pad or by breaking the random number generator used to create the pad.

    This post's claim is the usual nonsense. So patent it if you wish - release it if you wish - I doubt anyone will find it usable.

    1. Re:Mathematically impossible by AnotherBlackHat · · Score: 5, Insightful
      My invention improves upon the 80 year old One-Time Pad encryption turning it into a 'Many-Time Pad'.

      Information theory proves that the One-Time Pad (OTP) is optimal - it cannot be improved.


      Sorry, I can't let that one pass -
      Information theory doesn't prove anything of the sort.
      OTP are provably unbreakable in one, limited sense.
      There's plenty of room for improvement in all the other senses however.


      The OTP has no known-plaintext vulnerability.

      Not true.
      The traditional XOR - OTP is vulnerable to a man-in-the-middle active change attack.
      Picture a bank deposit protected with an XOR OTP.
      The MitM XORs the account number of the victim with (victim's account number ^ MitM's account number)

      This post's claim is the usual nonsense.

      At least we agree on something.

      - this is not a .sig
  10. Here's a quote... by Bald+Wookie · · Score: 5, Insightful

    It is impossible to make money selling a cryptographic algorithm. It's difficult, but not impossible, to make money selling a cryptographic protocol.

    Who said it? Bruce Schneier, one of the current gurus of crypto. Where did he say it? Here on Slashdot

    The whole article is worth a read.

    My perspective is that I seriously doubt your claims. Until there is strong peer review of your entire cryptosystem from top to bottom, I won't touch it. Unless it solves some problem with other cryptosystems already in use, the market won't touch it. If you can these two objections then you might have a shot at some money. Otherwise...

  11. Not commercially lucrative by Srin+Tuar · · Score: 3, Insightful


    There are tons of symmetric encryption methods ranging from patented to totally free. They all have the property of being effectively unbreakable with decent keysizes. Unlike your proposed method, they dont require ridiculously large keysizes. I really dont see the commercial potential, or even the potential for significant non-commercial use.


    The method you describe would actually have significant *disadvantages*, such as being ill-suited for use with asymmetric cyphers.

    The advantages are proof (i.e. unbreakable) against brute force attacks and known-plaintext attacks (unlike the OTP).


    I dont see how a one time pad wouldnt have these properties. Note that the name is One Time Pad, so if you reuse the pad, its not one time anymore.

  12. Some suggestions... by sssmashy · · Score: 3, Insightful

    1. Sign a non-disclosure agreement with a reputable encryption expert.

    2. Pay said expert a fee to examine your system and comment on its merit.

    3. If your system has potential but needs adjustment, repeat #1 and #2 as necessary, if possible with different experts (within the limits of your financial resources, of course).

    4. If you are still convinced that your system is worthy, hire a patent lawyer and patent it.

    5. Don't try to sell it on your own. Instead, try selling it to an encryption firm or software distributor, using the expert opinions from #1 and #2 to bolster your sales pitch.

    6. If you find a buyer, try to license your encryption system rather then sell it outright.

    7. ...

    8. Profit!

  13. Don't be too sure of yourself by Erbo · · Score: 5, Insightful
    I suggest you begin by reading this, and maybe also this, both by Bruce Schneier, one of the foremost experts in cryptography and computer security today. Then re-evaluate your expectations about the potential success of your new algorithm, because it's possible you're deluding yourself.

    I'm sorry to burst your bubble, but there have been a lot of great mathematicians and cryptographers that have tried to design good, secure algorithms over the past few decades. Very few have actually managed to create algorithms that'll stand up under analysis. You may think you've done so, but it's going to take a lot to convince everyone of that.

    --
    Be who you are...and be it in style!
  14. My advice - give it away for free by vlad_petric · · Score: 5, Insightful
    IMHO it is much better to become renowned and not make money out of it than waste your money on a patent and get zero return.

    The chances of making money out of a patent are slim. Moreover, the cryptography market is "canibalized" - even if your system is, as you claim, a lot better than the existing techniques, most people will still use something that stood the test of time (e.g. RSA, which has become free)

    Anyway, the US Patent system allows you to publish your idea one year before you file for a patent. Get some peer reviews (a proof is simply not a proof if kept secret) before embarking on a patent adventure.

    --

    The Raven

  15. learn to play the patent game by dattaway · · Score: 3, Insightful

    There's even a better method that has been discussed for years. Document everything. Mail it to yourself. The postmark is sufficient proof of the date.

    It doesn't matter if you intend to make a product or wait until someone else uses your best kept secret. If you plan to ramp up a production line to pump out your products and are sued by someone who finally does (and will) get a patent on your idea, just show them the evidence. Rather than having their patent nullified due to prior art, they will give you cash to shut up. Same if someone else makes it and they happened to patent it. Threaten to sell your prior art to others. Hush money will come your way (or someone will come over to fit you with a pair of concrete shoes.)

    You can be assured this will happen. The introduction of new technology makes new obvious things possible. Its a race with time. Better put the cards in your pocket and hide them until the dealer has a lot of cash on the table.

    1. Re:learn to play the patent game by Roscol · · Score: 3, Insightful

      Preface: IANAL

      Mailing to yourself does not hold up in court as a substitute for a notary. You could always mail yourself an empty, unsealed envelope then fill it with documents at a later date.

      Document everything and get it notarized.

      --
      Nothing to see here.
  16. Just tear it up and throw it away.... by autopr0n · · Score: 5, Insightful

    I seriously doubt you've found anything substantial that some of the worlds greatest mathematical minds just sort of 'passed over'. I mean, seriously. It's been proven that the only secure encryption technique is OTP. You could no more have come up with something more secure then I could add 2 + 2 and end up with 64,000.

    Finally, you can actually both "give it to the world" and "make money". In fact, the whole point of the patent system is to get people to give out their secrets by granting them a limited monopoly.

    If you really have something worth while, you can simply license you're concepts for general use. Public Key crypto has been patented for 30 years (almost expired) but it's used everywhere and has been a great boon to secure communications. Why? Because the authors licensed it for reasonable rates and allowed it to be used for free.

    Patents only cost about $700, and once you get one it's yours for the next N years (or whatever, not sure about the exact number of years, it may be different in different fields). You can still let people use it for N-1 years and then try to get money out of it in year N (see the Unisys GIF patent). Patents aren't like trademarks where you have to keep policing them or you lose them, despite what morons on Slashdot (such as Hemos, even... btw whatever happened to him?) seem to believe.

    One other thing:

    The advantages are proof (i.e. unbreakable) against brute force attacks and known-plaintext attacks (unlike the OTP).

    If I'm reading this right, you seem to think OTP is susceptible to brute force attacks. If this is true, you basically know jack about encryption.

    --
    autopr0n is like, down and stuff.
  17. Re:Do Nothing by susano_otter · · Score: 3, Insightful

    Not by itself, at least. I always figured that obscurity would be the first element of any robust defense in depth. You'll have trouble picking the locks on my door if you have no idea where I live. But I don't rely only on your ignorance to protect my home--I also have really good locks. Of course, now that you know I have really good locks, your job becomes a little bit easier. If I told you the make and model of my locks, that would make your job easier yet. You'd probably also like to know about my alarm system, guard dogs, and surveillance cameras. Every piece of information you have about my security improves your chances of breaching it, and reduces my obscurity by an unacceptable amount. Obscurity is a vital component of any physical security system. Period.

    --

    Any sufficiently well-organized community is indistinguishable from Government.

  18. Forget it. by AnotherBlackHat · · Score: 3, Insightful

    It sounds a lot like a classic blunder, and not a new encryption at all.

    But assuming for the moment that one discovers a new kind of encryption,
    the question becomes why is this new encryption better than the hundreds of existing algorithms.

    Rijndael is libre, approved by FIPS, has reference implementations available,
    and has been thoroughly checked by several cryptographers.
    If the only difference your encryption scheme has is a (possibly flawed) proof of security,
    then you have a "me too" product that's competing in saturated market place.
    You best bet is probably to go for fame, and then try to turn that fame into a better paying job.

    -- this is not a .sig

  19. Re:What a bunch of fucking pathetic hypocrites... by Dirtside · · Score: 3, Insightful

    Ah, I see. And you can prove that the "nine out of ten slashdotters" who complain about the abuse of the patent system, are in fact the same people that are suggesting he patent it now? That's the assertion you're making, but you haven't backed it up. Slashdot is a community of thousands of people, some of whom have opposing views, but you assume that because you saw two opposing things on the same website, it must be the same people. Your logic is truly astonishing.

    --
    "Destroy science and religion. Science would re-emerge exactly the same; but not religion." - Penn Jillette, paraphrased
  20. No Lawyers/Rich Businessmen Required by Johnboi+Waltune · · Score: 5, Insightful

    Just go to the bank you do business with and get a $20,000 loan. If you have a decent credit rating, it should be no problem at all. You could also take out a loan against your 401(k), or even a home equity loan. Rates are great right now. The point is, there's no reason to involve a third party who has an interest in your invention, just to get the funds to patent it.

    --
    "The advanced societies of the future will be driven by competing systems of psychopathology." -JG Ballard
  21. Release it Freely by kentborg · · Score: 3, Insightful

    Release it freely. If it is actually good (or can be made good), use it to become famous, and find employment on that fame. Don't bother spending money patenting it because that would be a waste of money.

    First, because there is no shortage of really good encryption available for free, you aren't going to be able to sell it.

    Second, because it doesn't work, there is no point in wasting money trying to patent something that is faulty.

    How do I know it doesn't work? Because nearly no one can design good cryptography, so chances are yours isn't any good either. And, yours is currently secret; secret cryptography is almost poor. Sure, you might be not be able to see how it is defective, but that only means it is tougher than your ability as a cryptanalyst. Good cryptanalysts are rare. You also seem to say that OTP is vulnerable to known-plaintext attacks, which as I understand it is simply false. A OTP has terrible key distribution problems and there are always attacks outside the strict domain of the encryption, but a one time pad is, if you define the problem as a narrow cryptographic problem, perfect. This makes me doubt your abilities.

    Sorry to be so harsh,

    -kb, the Kent who tries to know how much he doesn't know about cryptography.

  22. I will pay no money for it, nor use it if free by rknop · · Score: 4, Insightful

    Your description sounds like the classic descrption of what Bruce Schneider calls "snake oil". You have a great new encryption algorithm that you've been sitting on.... If you've been sitting on it, nobody knows if it's any good. The best cryptographers don't really know if their algorithm is really any good until lots of other cryptographers have had time to beat on it and test it. The only algorithms that anybody with any sense will use are ones that have been open, and for a long time, so that they can truly be scrutinized.

    So, in a word, it doesn't matter. I'd rather you didn't patent it, because software patents are generally evil anyway, and if the algorithm turns out to be useful for something, it could create headaches later. But, as far as cryptography goes, if it is truly as you describe, it's effectively worthless at the moment, and will continue to be so until lots of people have had a chance to see and work on the algorithm.

    -Rob

  23. This is snake oil by Dwonis · · Score: 3, Insightful
    The advantages are proof (i.e. unbreakable) against brute force attacks and known-plaintext attacks (unlike the OTP).

    If this guy thinks the known-plaintext "attack" to OTP is a problem, then he don't know what a OTP is.

    For those of you who don't know, every byte in a one-time pad is used to encrypt one and only one byte. Ever. If you know the plaintext and the ciphertext, you can derive the key, for that one byte, but that information is useless for every other byte in the ciphertext.