What Would You Do With a New Form of Encryption?

Kip Knight asks: "I've been sitting on an invention for six months now. I'm debating whether to 'give it to the world' or patent it. I would obviously like to feed my family on the fruits of my endeavour but don't see much hope in the open source route. My invention improves upon the 80 year old One-Time Pad encryption turning it into a 'Many-Time Pad'. Since I haven't got my export license to speak about the details yet, I won't describe further. The advantages are proof (i.e. unbreakable) against brute force attacks and known-plaintext attacks (unlike the OTP). The disadvantage is carrying around a very large digital key (which could easily fit on one of those USB memory key fobs). My question is this: Could I sell enough $10 shareware GPG extensions to compensate for not locking in 20 years of patent protection (and the $20,000 to patent it)?" While the claims made by the submittor have yet to withstand the crucial test of time (and prying eyes), if you had developed a new form of encryption, what would you do?

'Many-Time Pad'

[wiredog]

Yeah. Right. Let me guess. It's a one time pad, but one where the unused code groups get remapped/reused, which is just another type of one time pad.

Careful what you say

[harrisj]

From my somewhat scanty introduction to patent laws, you might want to be careful about how much you reveal about it before you file a patent or at least provisional paperwork. My company recently did work to patent a product and we were told we couldn't really discuss it with many people. Furthermore, doing an openly public action such as showing it at a trade show before applying the patent would seriously jeopardize the patent process. Now I'm not a lawyer or an expert in patent law, so I can't really say how valid an objection this is, but I'm sharing it here in case it's relevant. If it is correct, I want you to be able to decide whether to patent and not have it decided for you. (Any real experts have a better assessment).

Eat your cake...

[thrillbert]

Just because you patent the information, does not mean that it cannot be made available to the Open Source community. There is plenty of software out there that is available for free for personal use, but requires licensing for business use.

Patenting the software will ensure that *YOU* get some of that dough, while ensuring that *YOU* decide how it is going to be used, and who will use it. If you do not patent it, chances are that someone else will figure out a way to patent something extremely similar to it, and then charge *YOU* to use your software.

If you need some help with the $20k, let me know. I am almost sure you can raise it by asking 1000 /.'ers for $20 each.. I know I'll be more than happy to help!

---
Children seldom misquote you. In fact, they usually repeat word for word what you shouldn't have said.

Re:Easy.

[twilightzero]

The above post definitely has this one right. Patent it, that way somebody else can't steal the idea and claim they invented it and make YOUR profit from it. That being done, you can easily distribute it freely to the masses for common use, or sell shareware, or whatever. If it's really as good as you claim, you shouldn't have problems selling $10 or whatever shareware licenses. Also, if it's that good, corporations would be climbing all over you for access to it. You could charge a very reasonable fee for its use, even allow yourself to be hired as a security consultant/whatever, and make your profit from it.

I realize it's an up-front cost for patenting, but look at the alternative: someone stealing/adapting your invention and making the money that YOU could've had. Don't let that happen to you. And if it's really that good, there are services out there that will help you patent inventions, although I will admit to not being entirely familiar with them having never patented something myself.

Get a *provisional* patent

[HEbGb]

I'm surprised no one has mentioned this.

A provisional patent costs $85, and you don't need a lawyer. It essentially keeps your patent claim alive for one year, and establishes a filing date, allowing you to disclose the invention without (as much) fear of losing your rights.

Once you assess it's commercial viability, you can decide on the >$10k formal patent.

I've done this many times. It's definitely the way to go.

Re:learn to play the patent game

[Archfeld]

that is really putting your money where your mouth is :) If it gets broken it wasn't that good..if it stands up, can you BUY better advertisment ??

Basic Misunderstanding

[kevinank]

I'm afraid you've fallen into a very common trap. You imagine that because a One Time Pad is unbreakable, that it is also 'the best' encryption imaginable. It isn't.

Encryption is the ability to spread a limited source of entropy over a broad amount of data. The One Time Pad simply recognizes that if you have equal amounts of entropy and data then you don't need a very good mixing algorithm; just XOR the data with the pad and voila, the data becomes unreadable.

The challenge of good algorithms is to limit the amount of entropy needed to generate unreadable text to as small a size as possible. Typical algorithms in use today will by changing a single bit in the key, ultimately flip about 50% of the encrypted output. Half of the bits is optimum. Fewer and your entropy isn't getting mixed in very well. More and your bit is just inverting the data.

If you really want to contribute to the world of cryptography, don't bother with encryption algorithms. The ones we have are quite good. Honestly. Instead you should try to figure out a new use for the basic operations in cryptography. We know how to protect content, add signatures, authenticate content, and do non-repudiation. We can encrypt for a small number of readers each with his own key, or for broadcast, we can build webs of trust, and hierarchies. Come up with a new use that makes as much business sense as digital signatures and you'll have something worth patenting.

Re:Easy.

[ChadN]

Furthermore, I am confused by this sentence in Kip's posting:

The advantages are proof (i.e. unbreakable) against brute force attacks and known-plaintext attacks (unlike the OTP).

Which implies that the OTP is insecure with known-plaintext, or by brute-forcing, which is untrue for any correctly used OTP. So, either Kip Knight didn't express very well what he meant, or he is not as well versed in cryptography as he should be.

In any case, the proof is in the pudding. I remain skeptical of the claims.

Re:Easy.

[Bagheera]

Good point (as was the other response to this). I'm obviously not a patent attorney, but still have a less than sterling opinion of the current patent process. My point here is that there is a lot of effort required to patent an idea. There are patent searches, etc., to name just the most obvious. Putting the effort into patenting the new algorythm if you're not absolutely sure it's going to stand up to analysis is almost certainly not worth the expenditure.

If you're an experienced cryptologist, chances are you already know the chances your algorythm has of withstanding attack and analysis. But then you'd also have a good idea whether it was worth patenting - or the company you're working for will make the decision on whether or not to patent it.

And yes, RSA is a highly successful algorythm - created by three of the finest cryptologists in the business. It was patent protected, but had a reasonable license model for application development. If it hadn't, and hadn't been created by folks with a known track record, it wouldn't have gotten anywhere near as far.

I don't mean to put the original poster down at all here (being an amature (very amature) cryptologist myself) but if he's asking /. for our collective opinion, I seriously doubt he has the credentials required.

Re:Easy.

[AvitarX]

I wouldn't say it's a myth and offers no protection. It gives you solid proof that on such and such a date you had such and such a device. If such and such a person you know steals the idea, you can prove that you had the idea on date x and if they cannot prove to have had it before then you have a start of a case that it was stolen. It is not total protection, but it is a piece of evidence.