Slashdot Mirror
What Would You Do With a New Form of Encryption?
Kip Knight asks: "I've been sitting on an invention for six months now. I'm debating whether to 'give it to the world' or patent it. I would obviously like to feed my family on the fruits of my endeavour but don't see much hope in the open source route. My invention improves upon the 80 year old One-Time Pad encryption turning it into a 'Many-Time Pad'. Since I haven't got my export license to speak about the details yet, I won't describe further. The advantages are proof (i.e. unbreakable) against brute force attacks and known-plaintext attacks (unlike the OTP). The disadvantage is carrying around a very large digital key (which could easily fit on one of those USB memory key fobs). My question is this: Could I sell enough $10 shareware GPG extensions to compensate for not locking in 20 years of patent protection (and the $20,000 to patent it)?" While the claims made by the submittor have yet to withstand the crucial test of time (and prying eyes), if you had developed a new form of encryption, what would you do?
blog |
... patent it, *then* you can figure out what business model you want to use.
Note, however, that the claims made by the submittor is basically a laundry list of the kinds of claims that makes seasoned cryptographers go "oh no, not again."
then encrypt the patent.
Notepad specialist & FAT administrator, group training available
Try to take over the world...
Fact is, if i need money, then liscense it to a company who will do the dirty work for me and live off the proceeds. If it is, in fact, a brilliant discovery, you should fight for provisions which will ensure some amount of open review.
Not everyone who comes up with such a proven idea is a software developer, and they may not be able to live off of creating cutting edge software or maintaining said software for a living. The bazaar method doesn't apply to theory.
"Moving through the masses like a fish through water." syrup
whether or not is actually been tested? I would worry first that the encryption standard actually is as robust as the claim before waving it the air asking about whether or not there is a profit margin involved. Without review or exposure it cannot substantiate the claim so it does not really matter if it is patented or not does it? I sure as hell wouldn't use it.
I've been sitting on an invention for six months now.
Butt is a prior art, iirc.
Ten bucks says five mins after he publishes it it will get broken.
"many-time" otp are quite nonsense. See the problem is people think that good ciphers can have security approaching the OTP. The OTP is an absolutely different type of security.
For instance, *no* ammount of time is sufficient to break an OTP without the key. Whereas a block cipher can be broken at least in theory.
I'd suggest to the original poster that he try to get his design published. When it gets horribly broken it will serve as a learning experience as how "not" to approach science.
Tom
Someday, I'll have a real sig.
Don't do anything to make it public. Just keep it for your own personal use.
That would be the best encryption you can have. The one only you know about.
It's heartwarming that you've invented a new form of crypto. However, before anyone takes it seriously, you're going to have to reveal it to the cryptographic community. "Many eyes make bugs shallow" as they say, and in few places is this more important than in crypto. An algorithm you've looked at 10000 times may have a logical error you've never caught, that would be glaring to a knowledgable pair of fresh eyes.
Plus no self-respecting paranoid freak is ever going to use a new cipher that hasn't had any time in the spotlight. Release it to the field and ask for comments.
But what do I know. I'm just looking for anonymous gay sex.
Yeah. Right. Let me guess. It's a one time pad, but one where the unused code groups get remapped/reused, which is just another type of one time pad.
Best Slashdot Co
That this invention is a bunch of crap. Most likely scenario: inventor releases a press release that gets widely reported and the most secure thing ever invented. Claims like "unbreakable" and "proven secure" and "many time pad" will be thrown around freely.
And then someone with a decoder ring will crack that puppy wide open.
Yawn. Snake oil.
If tits were wings it'd be flying around.
so you want us to decide what's more important to you? I'd say give it to the world, but that's my own opinion. that's what this whole thing is going to be... opinion. what's more important? money or ideals? it gets trickier (as mentioned) when you've got to put food on the table. Trickier still when you consider the investment (time and money) needed to see your invention pay off. as with any big life decision you just need to look at all the courses of action and their consequences, and chose the one that suits your life goals best.
aoeu
First, I wouldn't "Ask Slashdot"
(sound of pitter-pattering many greedy feet scurrying to the nearest PTO)
Second:
1. Patent new encryption algorithm.
2. Sell to highest bidder.
3. ???
4. Profit.
Ah well, you could always be more philanthrophic than me, and support FSF, but hell, I'm just a capitalist at heart.
I think you should trade this patent for some stock in VA Systems! How could that fail to make you wealthy?!
C - A language that combines the speed of assembly with the ease of use of assembly.
IF you patent the idea, you retain all rights to give it away freely, sell it or whatever, to whomever. If you don't you lose your rights over the invention.
I say patent it and then decide based on what offers you get. Once you patent it you can shop around for people to license it to. You can define the terms of the license (3 years and then you can offer it as GPL or NOT)
Don't be a fool, its your blood and sweat, you deserve to own it.
nbHF48FKJH4F;kjh4LKJHhNB498CN4I
SKLJ4H9sdflkjh48B3498HW4IFN4IN8
OKDNJ48458DI4.SL4993;W5497GKH48
2HCB4KBHS843,JNS,JH43872B34JYB4
ZMNB48lkjh48BB4JHG8cbhbj8675309
release it at a crypto convention and get a reality check as it is broken by one of the people at the con before you go home.....
It's Christmas everyday with BitTorrent.
If you check the usenet sci.crypt FAQ it ridicules the steady stream of people who invent "unbreakable" encryption techniques. You might give it a read. Most of the time it turns out that there are one or (usually) more fatal flaws in new encryption schemes.
From my somewhat scanty introduction to patent laws, you might want to be careful about how much you reveal about it before you file a patent or at least provisional paperwork. My company recently did work to patent a product and we were told we couldn't really discuss it with many people. Furthermore, doing an openly public action such as showing it at a trade show before applying the patent would seriously jeopardize the patent process. Now I'm not a lawyer or an expert in patent law, so I can't really say how valid an objection this is, but I'm sharing it here in case it's relevant. If it is correct, I want you to be able to decide whether to patent and not have it decided for you. (Any real experts have a better assessment).
Patent:
A grant made by a government that confers upon the creator of an invention the sole right to make, use, and sell that invention for a set period of time.
License:
Official or legal permission to do or own a specified thing. See Synonyms at permission.
I would patent it, then license it. It could be licensed for free use to non-profit groups, and governments could be required to pay a yearly sum.
But that sounds almost too easy to me :)
"I can't give you a brain, so I'll give you a diploma" - The Great Oz (blatently stolen sig)
However, I concur with the other posters - If you reuse any part of the key, it's not a one-time pad. If you generate any part of it algorithmically, it's not a one-time pad. The history of crypography is littered with "replacements" for the one-time pad that turned out to be trivially breakable. This could be the first example that turned out to be worthwhile, but the odds are against you.
...phil
"For a list of the ways which technology has failed to improve our quality of life, press 3."
Patenting something (properly) will cost thousands of dollars and will require a patent lawyer.
The US is a first-to-invent not a first-to-patent country, so make sure you have a hardcopy of your invention description dated and notarized.
Then let some Net crypto people beat on your idea, make sure you say "Patent Pending."
If it holds up, you should easily be able to raise the money to get it patented properly. (Actually, if so, email me, I may know a few investors)
Judging from your description, I'd say your invention has a high probability of not truly doing what you think it does. Developing novel and useful cryptographic technology is a rare occurance, generally done by people who have a ton of experience in the area. No point in wasting money if it won't stand up to 30 minutes in sci.crypt
My invention improves upon the 80 year old One-Time Pad encryption turning it into a 'Many-Time Pad'.
Information theory proves that the One-Time Pad (OTP) is optimal - it cannot be improved.
The advantages are proof (i.e. unbreakable) against brute force attacks and known-plaintext attacks (unlike the OTP).
The OTP has no known-plaintext vulnerability. By submitting even a chosen plaintext to be encrypted, and studying the encrypted message, you only learn the piece of the One-Time pad used on your own content. It does not help you break any other part of any other message.
The only way to break a OTP is to get a copy the pad or by breaking the random number generator used to create the pad.
This post's claim is the usual nonsense. So patent it if you wish - release it if you wish - I doubt anyone will find it usable.
It is impossible to make money selling a cryptographic algorithm. It's difficult, but not impossible, to make money selling a cryptographic protocol.
Who said it? Bruce Schneier, one of the current gurus of crypto. Where did he say it? Here on Slashdot
The whole article is worth a read.
My perspective is that I seriously doubt your claims. Until there is strong peer review of your entire cryptosystem from top to bottom, I won't touch it. Unless it solves some problem with other cryptosystems already in use, the market won't touch it. If you can these two objections then you might have a shot at some money. Otherwise...
There are tons of symmetric encryption methods ranging from patented to totally free. They all have the property of being effectively unbreakable with decent keysizes. Unlike your proposed method, they dont require ridiculously large keysizes. I really dont see the commercial potential, or even the potential for significant non-commercial use.
The method you describe would actually have significant *disadvantages*, such as being ill-suited for use with asymmetric cyphers.
The advantages are proof (i.e. unbreakable) against brute force attacks and known-plaintext attacks (unlike the OTP).
I dont see how a one time pad wouldnt have these properties. Note that the name is One Time Pad, so if you reuse the pad, its not one time anymore.
Just because you patent the information, does not mean that it cannot be made available to the Open Source community. There is plenty of software out there that is available for free for personal use, but requires licensing for business use.
/.'ers for $20 each.. I know I'll be more than happy to help!
Patenting the software will ensure that *YOU* get some of that dough, while ensuring that *YOU* decide how it is going to be used, and who will use it. If you do not patent it, chances are that someone else will figure out a way to patent something extremely similar to it, and then charge *YOU* to use your software.
If you need some help with the $20k, let me know. I am almost sure you can raise it by asking 1000
---
Children seldom misquote you. In fact, they usually repeat word for word what you shouldn't have said.
The first thing I would do is change my ISP/e-mail address.. no one is going to believe you with your current AOL one.
1. Sign a non-disclosure agreement with a reputable encryption expert.
...
2. Pay said expert a fee to examine your system and comment on its merit.
3. If your system has potential but needs adjustment, repeat #1 and #2 as necessary, if possible with different experts (within the limits of your financial resources, of course).
4. If you are still convinced that your system is worthy, hire a patent lawyer and patent it.
5. Don't try to sell it on your own. Instead, try selling it to an encryption firm or software distributor, using the expert opinions from #1 and #2 to bolster your sales pitch.
6. If you find a buyer, try to license your encryption system rather then sell it outright.
7.
8. Profit!
Then, who cares about a patent on something that doesn't work and isn't secure?
Crypto security and validation comes from peer review. Don't lose your time.
A message from the system administrator: 'I've upped my priority. Now up yours.'
- Talk to a lawyer and tell him that you have an idea. If it REALLY IS a good idea, the small investment in a good IP lawyer at that point is a good thing.
The idea still needs community work and approval, but you still want to retain ownership should the idea succeed. He should advise you that a patent is a bad idea at that point, a better idea would be one of many publication or trade secret options.
- Talk with the community. Post everything about it to all the crypto newsgroups. Get the routines published in the proper community forums and conferences. If it is good enough it will make it into any of the IEEE or ACM conferences. Encourage feedback. That cannot be stressed enough. ANY GOOD SECURITY MECHINISM, PATENTED OR PUBLIC, MUST HAVE ALL ITS PARTS STUDIED CAREFULLY BY EXPERTS. There is no way around that.
- Write and publish the extensions. Write the GPG extension, and extensions for the Windows shell, and Outlook, and Eudora, and Pegasus, and everything else. If it doesn't get adopted it won't matter if you patent it since it won't get used.
- If at the end of the year it looks profitable, patent it. Your lawyer should have told you that also. If you know that it won't be possible to recoup the money, don't do it.
So that should answer the original question: "Could I sell enough $10 shareware GPG extensions to compensate for not locking in 20 years of patent protection (and the $20,000 to patent it)?" If at the end of the first year you haven't made a dime and haven't had the routine published or accepted in the community, you probably never will.frob.
//TODO: Think of witty sig statement
Does it bother anyone else that the creator of the encryption scheme that will save the world uses AOL? (check his email addy...)
I'm sorry to burst your bubble, but there have been a lot of great mathematicians and cryptographers that have tried to design good, secure algorithms over the past few decades. Very few have actually managed to create algorithms that'll stand up under analysis. You may think you've done so, but it's going to take a lot to convince everyone of that.
Be who you are...and be it in style!
Nah, screw it. I'd just do it because it would be funny to use real encryption to compensate for fake encryption while locking the greedy corporations out of their own products. Turnabout is a bitch, eh?
You state that it will take 20G's this is not quite true. When you put in a patent request,
it should cost a couple hundred bucks at most.
I have read that the process takes about 2 years before they will get back to you saying YEA or NAY. It is at that point that you must come up with the money for the patent.
The trick is patent PENDING. Once you have put in the request your invention is protected (assuming that the patent office comes back in 2 years to grant the request)
If you believe it will work, then scrape up the dough for the application. Once you have applied, you can then get third party verification, or release your own application to test the market, and still be protected.
P.S. if you are in the USA, check out the Small Business Association, and their SCORE program.
This should get you on the right track.
Service guarantees Citizenship! Questions Guarantee GITMO.... Amerika Uber Alles!
You say that it is ``... proof (i.e. unbreakable) against brute force attacks and known-plaintext attacks .... Can you prove that? Can you prove it well enough that a mathematician won't laugh at you? If you haven't gotten this reviewed by some competent cryptographers, the whole issue is probably moot anyway.
As for your explicit question: `` Could I sell enough $10 shareware GPG extensions ...'' I suspect that the answer is ``probably not''. PGP doesn't seem to have sold very well, and cryptography doesn't seem to be a hot seller right now. Patent or not, this may not be a big money maker. A better way to have phrased your question might have been: ``Is this invention likely to make enough money that I could come out ahead by patenting it?''
A better place to have asked your question might have been a forum where cryptographers hang out. I'm not sure that a lot of them will see this here on slashdot. If you have some sort of credentials as a cryptographer or mathematician, you might try sending emails to some patent-holding cryptographers, and ask about their opinions on your algorithm, and their experiences with patents.
See what I've been reading.
Iay avehay ay ewnay encryptionay ethodmay ootay. Itay amecay otay emay inay ay eamdray.
Best Windows Freeware
But how did you get the monkeys to wear the pants?
[PowerPoint] is a tool for capitalist presentation
If you patent the idea, you can then control how it is used -- including permitting its use in Open Source or other software. As some people are aware, Dennis Richie holds a patent on the 'set-uid' bit concept. In fact, patenting it yourself (and thus allowing you to set the terms of its use) is probably better for the Open Source and Free Software interests since that would ensure some other, less friendly, entity could not patent it later -- if you do not patent it, someone else will (even if they shouldn't be able to [the uspo being so imfamously incompetent]).
Yea and the titanic was thought to be unsinkable... Unless its been out in circulation for attempts to be made, i would hold off on the claims.
1st move...Patent it
I can't believe this hasn't had the crap flamed out of it, let alone get a +2.
Obscurity isn't a great security model. I am not going to say that it has no place in security either.
Just because I am the only one that knows that I XOr'd my message with the umteenth row in a pascal triangle, doesn't mean that someone won't be able to see the pattern, or use other attacks to figure it out.
It does make a good, but vulnerable, security system a little better, but shouldn't be the main part of your security system, or even a major part.
Actually I think a new Mercedes would be obsoleted by your perpetual motion machine. I also think that because you have not realized this, you are obviously not smart enough to invent such a machine, which is why you want a Mercedes instead of a real car (the new SL500 is the possible exception of course).
(B) + (D) + (B) + (D) = (K) + (&)
nbHF48FKJH4F;kjh4LKJHhNB498CN4I
SKLJ4H9sdflkjh48B3498HW4IFN4IN8
OKDNJ48458DI4.SL4993;W5497GKH48
2HCB4KBHS843,JNS,JH43872B34JYB4
ZMNB48lkjh48BB4JHG8cbhbj8675309
How dare you insult my mother like that!
Table-ized A.I.
The licence you use is not related to the patent you put out on it. Put out a patent for it, and release the code for personal and non-profit uses for free. Charge up to the wazoo for commercial usage.
--
# Canmephians for a better Linux Kernel
$Stalag99{"URL"}="http://stalag99.net";
Actually there's a very urgent need for standard end-to-end encryption in IP. A few stories back there's a Q/A session with Vint Cerf who very interstingly mentions the following:
4) TCP/IP
by sdjunky
considering your work with TCP/IP protocols what would you change now that you can look back retrospectively to how it has been used/misused. What would you incorporate into designs now that weren't even thought of at the time that TCP/IP was created?
Vint:
I suppose I wish I had decided on a larger address space than 32 bits! (that decision was made in 1977 after a year of argument about it). Moreover, I now believe that it would have been wise for us to incorporate into the design principles the notion that every end unit ("thing with an IP address") has a way to "authenticate" itself to any other end unit. As it stands now, these end devices have to declare their own IP addresses and that leads to an architectural opportunity for deception and spoofing. In addition to that, I wish there had been some opportunity to develop end/end cryptographic methods such as IPSEC to increase the confidentiality of information passing through the net. Ironically, beginning in 1975 I began work on a secured version of Internet with the National Security Agency. Because the details of this design were classified, none of this design could be shared with the uncleared developers at universities and industry engaged in the unfolding design of the Internet.
-----
As it stands now, these end devices have to declare their own IP addresses and that leads to an architectural opportunity for deception and spoofing
Unfortunately it also leads to finding your ass in jail. Remember this guy?. That could be any of us if the RIAA gets its way in court, and many of us don't want it that way. Right now there are about 4,000,000 users running Kazaa. And if the courts decide that ISPs are obligated to tell the RIAA what users are doing, this could become a very unpleasant reality for each and every one of us. What we need is an end-to-end encryption standard that provides true anonymity. I.e. something that ensures that a 3rd party can't "sniff" packets and link IP addresses to thier source.
The government has a defect: it's potentially democratic. Corporations have no defect: they're pure tyrannies. -Chomsky
The chances of making money out of a patent are slim. Moreover, the cryptography market is "canibalized" - even if your system is, as you claim, a lot better than the existing techniques, most people will still use something that stood the test of time (e.g. RSA, which has become free)
Anyway, the US Patent system allows you to publish your idea one year before you file for a patent. Get some peer reviews (a proof is simply not a proof if kept secret) before embarking on a patent adventure.
The Raven
...how a known plaintext attack can be made against a OTP? You can find out the parts of the key associated with the parts of the message you already know, but that doesn't help you determine anything else about the text: the keys in a OTP are random, not periodic.
[ home ]
... some plain text and some cipher text. If any one can deduce the way your n-time(n >= 1) pad then forget the patent. One the other hand, if your n-time pad is unbreakable expect some time to pass before all of the best cryptoanalists have had a wack at breaking it. Then after that expect the NSA to come knocking at your door and telling you what your rights are for disseminating the n-time pad. This happend to IBM with their "Lucifer" encryption scheme known as DES - or Triple-DES now. Finally, does your code eat much processor time if it does then it will also be limited in use even after passing rigorus testing. Check out AES/Rijndael on google - uses 50k of memory VERY important for cell/PDA application.... That is all. SittingBull
1. For you to say "Patent Pending" you must have actually applied for the patent.
2. After you disclose it publically, as sci.crypt would most certainly qualify, you only have 1 years to patent it in the US, and you have ruled out the ability to patent it in many other countries.
3. Patenting it yourself with the help of a good book is better than disclosing it with the hope of patenting it later.
4. If you really want to see if it holds up, find a professor who researches cryptography, and discuss it with him. But be sure to make it clear to him (in writing) that this is for review only and is confidential.
-Alison
Putting a substandard many-time-pad into production on false premises is irresponsible. If what you say is correct, then this invention should remain in the laboratory.
You risk exposing customers to risk created by cheap corporations who want to save expenses associated with OTP technology. This would be fundamentally broken technology. It is irresponsible to release technology that is fundamentally broken.
Stop the brainwash
What is it this time? A PRNG for pad and a password for seed? Some trivial massaging of used pad? <sigh>
Post the algorithm on sci.crypt. Wait twelve hours. Replies will come in pointing you to the FAQ. Go read it. Feel sheepish for not understanding the OTP. No damage done. You'll soon be forgotten, like all the other clowns claiming improved "variations" of the OTP.
Plus side? You may feel relieved that you spent no money going for a patent.
No need to thank me.
Belief is the currency of delusion.
There's even a better method that has been discussed for years. Document everything. Mail it to yourself. The postmark is sufficient proof of the date.
It doesn't matter if you intend to make a product or wait until someone else uses your best kept secret. If you plan to ramp up a production line to pump out your products and are sued by someone who finally does (and will) get a patent on your idea, just show them the evidence. Rather than having their patent nullified due to prior art, they will give you cash to shut up. Same if someone else makes it and they happened to patent it. Threaten to sell your prior art to others. Hush money will come your way (or someone will come over to fit you with a pair of concrete shoes.)
You can be assured this will happen. The introduction of new technology makes new obvious things possible. Its a race with time. Better put the cards in your pocket and hide them until the dealer has a lot of cash on the table.
But I don't think your comment really relates to the actual question he asked: do I patent [thing x] and hope to make enough money in a commercial world, or do I release shareware plugins?
frob.
//TODO: Think of witty sig statement
He said it is "unbreakable" against brute-force attacks? Huh? You can't be unbreakable against brute-force attacks because brute-force is guaranteed to work, as long as you have enough time! Brute force means that you try every single possible key! What is he talking about? He also says that One-Time pads are vulnerable against known-plaintext attacks. Huh??? The whole point of one-time pads is that you do not have any known plaintext because it's a one-time pad!!! It's used once and then discarded!!! I have a feeling we're talking to an encryption rookie that really doesn't know what he's doing.
I don't think that having a perpetual motion machine would guarantee that you could extract useful work from the machine, certainly not in an efficient and compact enough manner to serve as an automobile engine ;)
XML causes global warming.
I'm surprised no one has mentioned this.
A provisional patent costs $85, and you don't need a lawyer. It essentially keeps your patent claim alive for one year, and establishes a filing date, allowing you to disclose the invention without (as much) fear of losing your rights.
Once you assess it's commercial viability, you can decide on the >$10k formal patent.
I've done this many times. It's definitely the way to go.
Verify its value through academia and protect it with non disclosure agreements. If it is the rare case that it is of original "value", let the NSA know. They and their bretheren may even pay you to sit on it. Always let your intelligence agency know what you are doing. The alternative could be costly in unforeseeable ways.
Quote
Memo to the Amateur Cipher Designer
Congratulations. You've just invented this great new cipher, and you want to do something with it. You're new in the field; no one's heard of you, and you don't have any credentials as a cryptanalyst. You want to get well-known cryptographers to look at your work. What can you do?
Unfortunately, you have a tough road ahead of you. I see about two new cipher designs from amateur cryptographers every week. The odds of any of these ciphers being secure are slim. The odds of any of them being both secure and efficient are negligible. The odds of any of them being worth actual money are virtually non-existent.
Anyone, from the most clueless amateur to the best cryptographer, can create an algorithm that he himself can't break. It's not even hard. What is hard is creating an algorithm that no one else can break, even after years of analysis. And the only way to prove that is to subject the algorithm to years of analysis by the best cryptographers around.
"The best cryptographers around" break a lot of ciphers. The academic literature is littered with the carcasses of ciphers broken by their analyses. But they're a busy bunch; they don't have time to break everything. How do they decide what to look at?
Ideally, cryptographers should only look at ciphers that have a reasonable chance of being secure. And since anyone can create a cipher that he believes to be secure, this means that cryptographers should only look at ciphers created by people whose opinions are worth something. No one is impressed if a random person creates an cipher he can't break; but if one of the world's best cryptographers creates an cipher he can't break, now that's worth looking at.
The real world isn't that tidy. Cryptographers look at algorithms that are either interesting or are likely to yield publishable results. This means that they are going to look at algorithms by respected cryptographers, algorithms fielded in large public systems (e.g., cellular phones, pay-TV decoders, Microsoft products), and algorithms that are published in the academic literature. Algorithms posted to Internet newsgroups by unknowns won't get a second glance. Neither will patented but unpublished algorithms, or proprietary algorithms embedded in obscure products.
It's hard to get a cryptographic algorithm published. Most conferences and workshops won't accept designs from unknowns and without extensive analysis. This may seem unfair: unknowns can't get their ciphers published because they are unknowns, and hence no one will ever see their work. In reality, if the only "work" someone ever does is in design, then it's probably not worth publishing. Unknowns can become knowns by publishing cryptanalyses of existing ciphers; most conferences accept these papers.
When I started writing _Applied Cryptography_, I heard the maxim that the only good algorithm designers were people who spent years analyzing existing designs. The maxim made sense, and I believed it. Over the years, as I spend more time doing design and analysis, the truth of the maxim has gotten stronger and stronger. My work on the Twofish design has made me believe this even more strongly. The cipher's strength is not in its design; anyone could design something like that. The strength is in its analysis. We spent over 1000 man-hours analyzing Twofish, breaking simplified versions and variants, and studying modifications. And we could not have done that analysis, nor would we have had any confidence in that analysis, had not the entire design team had experience breaking many other algorithm designs.
A cryptographer friend tells the story of an amateur who kept bothering him with the cipher he invented. The cryptographer would break the cipher, the amateur would make a change to "fix" it, and the cryptographer would break it again. This exchange went on a few times until the cryptographer became fed up. When the amateur visited him to hear what the cryptographer thought, the cryptographer put three envelopes face down on the table. "In each of these envelopes is an attack against your cipher. Take one and read it. Don't come back until you've discovered the other two attacks." The amateur was never heard from again.
I don't mean to be completely negative. People occasionally design strong ciphers. Amateur cryptographers even design strong ciphers. But if you are not known to the cryptographic community, and you expect other cryptographers to look at your work, you have to do several things:
1. Describe your cipher using standard notation. This doesn't mean C code. There is established terminology in the literature. Learn it and use it; no one will learn your specialized terminology.
2. Compare your cipher with other designs. Most likely, it will use some ideas that have been used before. Reference them. This will make it easier for others to understand your work, and shows that you understand the literature.
3. Show why your cipher is immune against each of the major attacks known in literature. It is not good enough just to say that it is secure, you have to show why it is secure against these attacks. This requires, of course, that you not only have read the literature, but also understand it. Expect this process to take months, and result in a large heavily mathematical document. And remember, statistical tests are not very meaningful.
4. Explain why your cipher is better than existing alternatives. It makes no sense to look at something new unless it has clear advantages over the old stuff. Is it faster on Pentiums? Smaller in hardware? What? I have frequently said that, given enough rounds, pretty much anything is secure. Your design needs to have significant performance advantages. And "it can't be broken" is not an advantage; it's a prerequisite.
5. Publish the cipher. Experience shows that ciphers that are not published are most often very weak. Keeping the cipher secret does not improve the security once the cipher is widely used, so if your cipher has to be kept secret to be secure, it is useless anyway.
6. Don't patent the cipher. You can't make money selling a cipher. There are just too many good free ones. Everyone who submitted a cipher to the AES is willing to just give it away; many of the submissions are already in the public domain. If you patent your design, everyone will just use something else. And no one will analyze it for you (unless you pay them); why should they work for you for free?
7. Be patient. There are a lot of algorithms to look at right now. The AES competition has given cryptographers 15 new designs to analyze, and we have to pick a winner by Spring 2000. Any good cryptographer with spare time is poking at those designs.
If you want to design algorithms, start by breaking the ones out there. Practice by breaking algorithms that have already been broken (without peeking at the answers). Break something no one else has broken. Break another. Get your breaks published. When you have established yourself as someone who can break algorithms, then you can start designing new algorithms. Before then, no one will take you seriously.
Creating a cipher is easy. Analyzing it is hard.
See "Self-Study Course in Block Cipher Cryptanalysis": http://www.counterpane.com/self-study.html
A) Patenting requires a few thousand dollars easily. Questionable value if what you have turns out to be valueless.
B) The fundimental building blocks for crypto these days are all patent free: You have free hashes, free block cyphers (AES), free public key (RSA). There is no reason for someone theses days to choose a patent-entangled encryption primitive.
C) A one time pad is not vulnerable to known plaintext. I don't know what the poster is talking about. Since one time pads are never reused, the known plaintext tells NO information about the rest of the pad.
D) For the US, you can publish THEN patent, you do have a year between when there is a public disclosure and when you can patent it. This does NOT apply to non-US patents. But since the US is at least half the market, who cares about the rest?
D is really critical, because the post does raise many "snake oil" warning flags. If it's NOT snake oil, he can disclose it and patent it after people at least get a look at it. If it IS snake-oil, then it can be shot down before spending the k$s needed to patent it.
Test your net with Netalyzr
nbHF48FKJH4F;kjh4LKJHhNB498CN4I
Don't
SKLJ4H9sdflkjh48B3498HW4IFN4IN8
Forget
OKDNJ48458DI4.SL4993;W5497GKH48
To Drink
2HCB4KBHS843,JNS,JH43872B34JYB4
Your
ZMNB48lkjh48BB4JHG8cbhbj8675309
Ovaltine.
A commercial? What a gip!
The intersection of the sets {AOL users, guys named Kip, actual inventors} is null.
Even though you have not revealed your algorithm, you have revealed a sufficient imprecision in your understanding of cryptography to have a useful patent.
As pointed out by others, your implication that one-time pad can be broken with 'known plaintext' implies you don't know what a one-time pad is.
Also, you claim you have a 'very large key'. If your algorithm uses a key that is as large as the data being encrypted, then in fact, it is itself a form of one-time pad..right up until you use a key-bit more than once where it necessarily becomes attackable.
You really need to consult a cryptologist about your algorithm before you waste any money on the patent. Many people before you have fallen into the trap of patenting 'unbreakable encryption' which is not.
Yes, there are probably problems with any crypto idea, but that is NOT the point of the posting.
frob.
//TODO: Think of witty sig statement
Where does the vegetarian pirana fit in to the algorithm?
Best Slashdot Co
Paying a royalty every time i s(h)it doesn't seem to pleasant to me.
It's pretty clear that in today's world, prior art doesn't matter.
retrorocket.o not found, launch anyway?
My invention improves upon the 80 year old One-Time Pad encryption turning it into a 'Many-Time Pad'.
Read the FAQs in the crypto newsgroups. This claim of yours set off every bullshit detector I've got.
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
Create a little tune and lyrically read your patent submission, any source code, and detailed description of your technology. Then the MPAA's actions will cover you. ROT-13 it and the DMCA will also cover you especially if you also distribute decoder rings with your developer's package (pricing and availability not specified at press time)
Patent it for the financial potential. People in other countries (And probably your own.) will release open-source knockoffs that start with "Gnu," "K," and "G" anyway, and eventually will find a workaround or prior art somewhere.
I'm not sure if this is what you mean, but a true one time pad is 100% unbreakable. There is no attack that can get even one bit of the message.
I don't understand your "Plug in "World Trade Center" step. Even if you match the part of the text that says "Word Trade Center" all you'll be doing is
P XOR P XOR C
where P is the message and C is ciphertext. all you'll end up with is a bunch of garbage, and a small section of the key.
This doesn't reveal anything. I think you have the OTP confused with a Vignere cipher (can't check spelling ATM)
Moderation: Put your hand inside the puppet head!
I seriously doubt you've found anything substantial that some of the worlds greatest mathematical minds just sort of 'passed over'. I mean, seriously. It's been proven that the only secure encryption technique is OTP. You could no more have come up with something more secure then I could add 2 + 2 and end up with 64,000.
Finally, you can actually both "give it to the world" and "make money". In fact, the whole point of the patent system is to get people to give out their secrets by granting them a limited monopoly.
If you really have something worth while, you can simply license you're concepts for general use. Public Key crypto has been patented for 30 years (almost expired) but it's used everywhere and has been a great boon to secure communications. Why? Because the authors licensed it for reasonable rates and allowed it to be used for free.
Patents only cost about $700, and once you get one it's yours for the next N years (or whatever, not sure about the exact number of years, it may be different in different fields). You can still let people use it for N-1 years and then try to get money out of it in year N (see the Unisys GIF patent). Patents aren't like trademarks where you have to keep policing them or you lose them, despite what morons on Slashdot (such as Hemos, even... btw whatever happened to him?) seem to believe.
One other thing:
The advantages are proof (i.e. unbreakable) against brute force attacks and known-plaintext attacks (unlike the OTP).
If I'm reading this right, you seem to think OTP is susceptible to brute force attacks. If this is true, you basically know jack about encryption.
autopr0n is like, down and stuff.
.yrassecen tentap oN
Friends,
I recently took a course from my employer's patent lawyers. They explained what the patent system is about when you might want to use it.
The reason that countries set up patents is to protect investments and to share discoveries. Prior to taking my course, I thought that the patent system was solely for the first reason. However, if you don't share the details of your discovery you can always keep it as a trade secret.
The idea behind sharing it (getting a patent) is this.
1) You are granted a 20 year monopoly on the idea.
2) Other people are free to look at the details of your idea and improve on it.
It's that second point that makes the patent system valuable. If you just sell your idea/product without getting a patent then you're not helping the rest of the world. If you get a patent, I'm free to look at what you did and improve on it. (Ok, open source is even more free that way but it doesn't help you make money with a 20 year monopoly on your idea.)
The other option is a trade secret. If you can't easily detect how your competitor is doing "their thing" then your patent isn't really enforceable anyway. Rather than sharing your secret via a patent you might just keep it to yourself and copywrite your code.
Vanguard
That which does not kill me only makes me whinier
OTP provides perfect secrecy. It doesn't provide any form of authentication, or even hint at a way to provide authentication. If someone knows the message, they can figure out the key, and they can send whatever message they like in its place.
When I wanted to learn more about cryptography, I started from what I understood (OTP) and came up with some ideas for fixing its limitations. I wrote up a page describing the new method (One Time Deck), and put up links to cryptography newsgroups for comment. Sure enough, they pointed out some superior methods (my method works, it's just stupidly expensive in key data). I added links to papers on the superior methods to my page, and moved on.
All in all, time well spent in gaining a thorough understanding of theoretically perfect non-quantum cryptocgraphic methods. It may be taken for granted that all worthwhile OTP variants have been covered. In cryptography, theoretical perfection is as simple and boring as basic arithmetic, while practicality is as complex and rich as computer programming.
The inventor would be well-advised to follow my approach, and at least learn something. Unless he intends to swindle other people who understand even less than he does... that has traditionally been the most profitable use for bad ideas in cryptography.
... name the algorithm threefish, then sell the patent and name to Microsoft, then watch Counterpane sue them and then read Bruce add another reason to hate Microsoft security on Crypto-Gram, like he does every other issue.
Encryption is the ability to spread a limited source of entropy over a broad amount of data. The One Time Pad simply recognizes that if you have equal amounts of entropy and data then you don't need a very good mixing algorithm; just XOR the data with the pad and voila, the data becomes unreadable.
The challenge of good algorithms is to limit the amount of entropy needed to generate unreadable text to as small a size as possible. Typical algorithms in use today will by changing a single bit in the key, ultimately flip about 50% of the encrypted output. Half of the bits is optimum. Fewer and your entropy isn't getting mixed in very well. More and your bit is just inverting the data.
If you really want to contribute to the world of cryptography, don't bother with encryption algorithms. The ones we have are quite good. Honestly. Instead you should try to figure out a new use for the basic operations in cryptography. We know how to protect content, add signatures, authenticate content, and do non-repudiation. We can encrypt for a small number of readers each with his own key, or for broadcast, we can build webs of trust, and hierarchies. Come up with a new use that makes as much business sense as digital signatures and you'll have something worth patenting.
LibBT: BitTorrent for C - small - fast - clean (Now Versio
Claiming it was not susceptible to a known plaintext attack and that it was a style of pad that could be used many times is ludicrous on its face.
This guy is describing the correct attack... against the wrong algorithm....
He is describing how you crack a replacement cryptographic system.
The way this system works is, you take a letter in your alphabet, say E and always replace Es with Rs.
When you "plug in" a peice of text, for instace "world trade center" to a piece of cipher text, you are saying (if the cipher text begins with x)... "ok, I'm going to see what happens when I tell all Xs to become Ws.
In this way, the rest of the text can "fall out" in the way he described. This is because, when you make one replacement that replacement is continued throughout the rest of the doccuemtn. This means there is a pattern, and patterns are the enemy of cryptography.
In a one time pad, there is no pattern. This is because the replacement scheme is different for every letter. This means, even if you "plug in" World Trade Center, it doesn't tell you anything about the rest of the text, because no pattern holds for the rest of the text
The parent text is describing the cracking of a system other than one time pad. This illustrates a fundamental problem with cryptography, that many people are pointing out in this article... it is tough to tell when someone makes a claim, if they know just what the hell they're talking about.
---Lane
Um, XOR or modulo addition are usualy used in the final stage to actualy encrypt things, after you've done all the math.
Also, if you only use your large random digit file once it is perfictly secure. The more you use it, the weaker it gets.
autopr0n is like, down and stuff.
Sounds very much like the usual snake oil to me, especially as the one-time pad cannot be improved. The concept itself just does not allow any improvement.
However there are numerous "improvements" out there that have serious flaws and are often claimed to be "as unbreakable as one-time pads" but without the limitation of using the pad only once or such things.
If that is the case here as well (which I strongly suspect), patent it. It will blend right in with all the other low-quality patents....
Most ACs are not even worth the keystrokes to insult them. Be generically insulted and ignored otherwise.
You forgot to add:
P.S.
I am not a crackpot
to your story submission.
1) Patent it! Most absolutely.
:P
2) Start marketing it to companies such as IBM, Sony, CISCO, Sun, etc. (Avoid MS!) Give stipulations that limit what they are legally allowed to impliment with it, so that they do not overstep your personal investments*
3) At the same time, start up a company of your own which would capitolize on this encryption process and provide products and services that impliment it
4) Release full implimentation use rights to the Open Source community
* these personal investments, being your own company, which you're starting at the same time. Possibly establish the company first, so you have some sort of credibility?
If all goes well, your company startup would have a corner on the encryption market in the same fashion that CISCO has on the router market. You'd be the end-all of the situation. Large distributors, security companies, and pretty much everyone else would come to you for solutions.
Don't write yourself out of the picture by selling rights to a company. If what you have is truely an unbreakable encryption scheme, you've got the holy grail of computing. Even a percentage share of profits wouldn't even be substantial enough, IMO, because you wouldn't have a say in how things work.
Get a couple loans and get started.
~/ssh slashdot.org ssh: connect to host slashdot.org port 22: too many beers
If he makes some kind of claim that it has relevance to DRM... well, then, he's set.
I advise that he not only patent it, but work on an implementation for securing some sort of digital media with it, whether it actually works or not.
Even if it's pure garbage, it won't be the first time, and he'll still have his advance money.
What we call folk wisdom is often no more than a kind of expedient stupidity.-Edward Abbey
It sounds a lot like a classic blunder, and not a new encryption at all.
.sig
But assuming for the moment that one discovers a new kind of encryption,
the question becomes why is this new encryption better than the hundreds of existing algorithms.
Rijndael is libre, approved by FIPS, has reference implementations available,
and has been thoroughly checked by several cryptographers.
If the only difference your encryption scheme has is a (possibly flawed) proof of security,
then you have a "me too" product that's competing in saturated market place.
You best bet is probably to go for fame, and then try to turn that fame into a better paying job.
-- this is not a
This article is about a variation on a OTP, "improving it" to being a multi-use pad. Such "improvements" are the type of thing such as what the prior poster mentioned : Something like "shift the bits in the otherwise one time key by the sum of the encrypted document...and then store the shift count in the final word...".
I'm not going to jail for you, or you, or anybody!
I could use it to hide my pr0n from my spousal unit.
Don't anthropomorphize computers, they don't like it.
Dude, you are totaly wrong.
Remember, in OTP the pad is the same length as the message. So if you plugged "World Trade Center" in at every point, you wouldn't have anything but garbaltygook for the rest of the message. The only way you can get the key to reveal itself is if you have the entire original message. And if you have the entire message what's the point of getting the pad, since it'll never be used again?
Also, because the pad should be random, there is no way to tell if you've gotten a valid result for a piece of text. So in other words, every single message of the right length could possibly be the actual message.
Someone please mod the above post back down.
autopr0n is like, down and stuff.
This article from Bruce Schneier contains the advice you are looking for:
l #c ipherdesign
http://www.counterpane.com/crypto-gram-9810.htm
I'm sure he can patent it, but I doubt he'll be able to sell it, because he's a complete moron who dosn't know what he's talking about at all.
autopr0n is like, down and stuff.
...Now all we need to do is combine this Infinate One Time Pad idea with the Infinate Compression Algoritm and well have an Infinate amount of Libraries Of Congress stored securly in only obe bit!
Wow!
Moneyed corporations, non-working 'poor' and criminal prisoners are turning productive citizens into tax-slaves.
That would be the best encryption you can have. The one only you know about.
The best encryption you can have is OTP. The next best encryption you can have is AES or some of the other advanced encryption methods that are known to be mathematically secure.
Just because you don't know how something was encrypted doesn't mean you can't figure it out if it wasn't done well. And given the fact that this guy thinks OTP is susceptible to plaintext attacks, I would put good money on the fact that anything encrypted with this method would not be done well.
In fact, if you do know the method, cryptanalysis isn't half as much fun.
autopr0n is like, down and stuff.
What you are suggesting has been done since the 70's at least.
Various entities create one-time pads based on cosmic waves or the behavior of radioactive items. They then produce a large pad and then re-use for a specified number of times by manipulating it with various algorithims. The algorithms are sent in a seperate one-time pad.
All of the major ideas in encyrption have existed for decades or centuries. Future advances will come algorithms that deliver degrees of randomness. Future flaws encyptions will come from subtle errors in those algorithims.
Conformity is the jailer of freedom and enemy of growth. -JFK
Personally, I have been thinking about this a lot lately too -- for encryption and other software that I am writing.
/. article), and the reason why we never see some kewl gadget that existed when our parents were kids. Look at OLED -- much better than LCD, cheaper to make, etc -- but CRT/LCD manufacturers loose money if they are mass produced.
I believe that the Patent office (and Copyright Law) are outdated and prevent the growth of technology. Why? Because the way it should work is that you design this new encryption, and it gets utilitized EVERYWHERE making everything better. Instead, what normally happens is that people patent things and it gets blocked from the public (either by the inventor, or the one he sells out to). This is part of the reason that medicines cost more than they should (see previous
Besides, someone could probably outdo your patent by adding the words "using binary" since the Patent Office is obviously NOT doing its job correctly (regarding tech/software/hardware).
But, how to make a living if it is OpenIP? If it is a "good" technology, then $5 registration or something MIGHT happen. However, if it is a "great" technology, perhaps by teaching -- ie: classes, books (O'Reilly, et al), etc... Try emailing O'Reilly and seeing if they would be interested in publishing a book on how it works if you write it.
One thing that I personally am very careful of, and most people on this list will probably flame me for it, is I wouldn't use GPL. GPL is like a virus, and you loose the ability to get the whole world to use it. Most companies I have worked for were more than willing to use BSD-based code, but wouldn't even look at GPL-code... So, if you want the whole world to use it, GPL will loose half your audience. If you don't care about it being used by the masses, then it might protect you more (I am not convinced on that matter due to 'cygwin').
Malachi
BTW: I thank **ALL** encryption can be brute-forced.
http://www.google.com/profiles/malachid
Well likely it's something simple like an xor substitution. He's claiming it's derived from a one-time pad, which can use an xor of the key (the pad) on the cleartext to produce the ciphertext. That's a very simple algorithm, but incredibly effective assuming you can get past the one-time pad's drawbacks (most notably, transmission of the key) /and/ assuming that the one-time pad was generated with a non-reproducable algorithm (there are plenty of ways to do this).
"(and the $20,000 to patent it)"
You can patent it yourself. If you are smart enough to make a new form of encryption, you are smart enough to learn the patent law and procedures. See the book Patent It Yourself.
After a trip to the Washington, D.C. U.S. Patent and Trademark office, I found that the patent procedure was as corrupt as the people who make money from it could make it. However, you can do it yourself even though there are many people who work in the patent industry who will try to stand in your way.
The patent examiners themselves, who work for the U.S. government, are quite friendly and helpful, I found. That's a very good thing. I'm proud of the U.S. government for its personal, friendly service, which I've found is quite common.
Another idea is to prepare the patent yourself and have an honest attorney (if you can find one) look at it and make comments for improvement. It's a lot of work to prepare everything yourself, but it is a lot of work supervising an attorney, too. If my experience is any guide, patent attorneys will try to steal as much as possible, while being somewhat disinterested in the exact technology of your claims.
There is a huge, huge problem in the United States with lawyers being dishonest. Something should be done about this. I guess the dishonesty goes along with all the other corruption, such as wanting war so that the rich people that own weapons manufacturing companies can get richer: What should be the Response to Violence? . The present U.S. President George W. Bush was arrested once for drunk driving, and U.S. Vice President Dick Cheney was arrested twice for drunk driving. Former U.S. president Bill Clinton was the child of alcoholics. If you know the culture of alcoholics, you know that both presidents show plenty of evidence in their personalities of their involvement with alchohol. (Yes, Clinton abused sexuality, but Clinton was intellectually capable of being president.) My family has no experience with alcoholism, but in researching the (unfinished) book I've talked with many alcoholics who say that it usually requires several years of drunk driving before you get so relaxed with drunkenness that you get arrested while driving. There is a huge, huge leadership shortage in the United States. The best leaders in the U.S. are two men who have been arrested for a serious crime a total of three times? That's a shortage of leadership.
Anyhow, patenting something requires personal attention from you. It is not like buying a car; you cannot pay and walk away. You need to be very knowledgeable about the construction of claims. If you know that, and you can express yourself well in writing, it is not difficult to prepare all the documents. However, it is a lot of work.
Encrypt it and post it to the internet. You'll know if you did a good job when nobody can break it. :-)
-DCookie
My SIG is a SG-552 Commando
A key at least as long as the message? Come on, years ago I used project gutenberg texts as keys. You agree on numbers for specific texts, then, the key given is textnumber:byte offset. Offset the ascii codes of the printable characters ascii codes at the lowest one (32?), for the key string, add that to each character, wrapping back down to the bottom. Obviously, knowing what the keys come from, a brute-force dictionary attack could do it, but if you use your own secret keys, maybe encrypt one page with another at some offset, or watch a lava lamp with a webcam for a day, saving each frame, and checksum them), and protect them, you're unbreakable.
Now, what I find fascinating is the assymetric keys, where you can give somebody a key to encrypt that can't be used to decrypt.
Anyway, my point: if your idea is nothing more than a full-length secret key, don't worry about export rules or patenting it. Anybody who didn't already think of it has nothing worth encrypting anyway.
It might actually be easier to break the encryption by just stealing your memory card or whatever.
At least (using conventional encryption methods) if you use a large enough key, brute force won't be a practical attack since the info protected is probably somewhat time sensitive (say to at least 100 years or so)...
Nevertheless, what worked well in WWII could find a practical use in todays world.
Troy
10 to 1, there is a huge hole in the idea.
Erm, more like infinity to one...
autopr0n is like, down and stuff.
And there's no way to "improve upon OTP by turning it into a 'Many Time Pad'". You use an OTP more than once and its absolutely worthless:
CypherText1 = ClearText1 XOR Key
ClearText1 = CypherText1 XOR Key
If the key is reused, we can take CypherText1 (which is really ClearText1 XOR key) and XOR it to the original known text and get the key.
The only conceiveable way to turn an OTP into a many time pad would be to only use a segment of the pad once. Probably this is why he wanted to make the pad so big - so it could continue to be used for a while until the pad has been used up. Big deal. That is no different from standard OTP and the same results would be obtained simply by generating a new OTP every time something needed to be encrypted.
Now, I am far from an expert in cryptography - and programming an OTP is as far as I've ever gotten. But even to me this story looks very amateurish.
No, Thursday's out. How about never - is never good for you?
1. I would treat it very kindly and with respect. Not like that last son of a bitch encryption that slept with my best friend.
2. Not make the same mistake of thinking that PGP stands for "Pope's Godlike Privacy"
I have been using the Comscire Random Number Generator (which uses Johnson Noise from a resistor to generate the numbers) to build 512 byte pads onto a flash device for a cryptrographic application I sell to customers who need VERY secure communications. As long as the flashdevice is not physically compromised, this method is secure and unbreakable. The key is to have two machines on each side, one of which allows the user to create the plaintext and then encrypts it and a totally seperate machine that is connected to the Internet. The encrypted text is transferred to the Internet-connected PC via a CDR. That way the machine which has the plaintext and ciphertext copies is never connected to the net. Pads are selected via a pre-arranged mechanism.
...despite the fact that nine out of ten slashdotters constantly complain about abuse of the patent system, almost every top-rated comment in this thread recommends that the submitter patent first and decide whether or not to extort later. What's even lamer is that each of those posts includes the obligatory bigotry about lawyers. You people are fucking pathetic.
So you have a cryptosystem. What value does it have if nobody trusts it? Who would use it? What are they risking? Lots of smart people need to establish a scientific consensus on the difficulty of a theoretical crack.
The value of a cryptosystem is shared, therefore, by the cryptographer and the community of cryptanalysts who establish its trustworthiness. Since the cryptanalysts have to do more work establishing the new system, you need to buy them out.
I suggest you patent it, and then seek a DoD contract. If that fails, sell shareware (good luck). You're going to do MUCH more work defending your system with mathematical proofs than you had to do to concieve and implement it for yourself. Go on the lecture circut for a little cash. Phil Zimmerman did...
--- Nothing clever here: move along now...
OK, Mr. Ellison. You've made your point.
mp3's are only for those with bad memories
All I got from that was: "You're gonna shoot your eye out".
*shrugs*
In case anyone is scratching their head at this...
Where does the school board find them and why do they keep sending them to ME?
Just about everyone 'invents' a better one-time pad. You'd be well advised to either open it for peer review (as with Blowfish, TwoFish, AES, PGP, etc.) or hure Counterpane under an NDA to tell you if you're all wet or not.
Good Luck!
Remember Lexington Green!
Why does this guys new "invention" sound suspiciously like public key cryptography to me, only minus the public aspect, thereby making it much less useful?
All circuits busy.
Let me guess, make a multi gig random "one time pad" and use it as a one time pad, but start from a different location each time, or sample it in different patterns.
Guess what, it's been done.
Yes it is unbreakable, if your source data is truely random. (It probaly isn't)
Banya: THAT'S GOLD JERRY!!!! ...GOLD!!!!
Berto
Chances are, you'll patent this, and the NSA will come along and 'make you an offer you can't refuse' for the exclusive rights, in which case you'll be a very rich person.
Uh, don't you mean the NSA will come along and laugh their asses off at some moron who dosn't know anything about encryption thinking he's created something revolutionary?
autopr0n is like, down and stuff.
I won't bother detailing the "obvious" issues with a plain XOR, especially for a multi-use pad (which is what we're talking about): I'll leave that to Google.
Maybe next time.
Synergy is your friend
And make sure you do it in that order. Otherwise, you might disappear and all this wonderful crypto knowledge would be lost forever!
"If he thinks he can hide and run from the United States and our allies, he's sorely mistaken." Bush on bin Laden
you can use only APPROVED cyphers and cryptography, this means weak, legal, breakable.
What the hell are you talking about? There's no law that says you can't use any encryption you want. At least in the US. Are you thinking of export laws?
Your cypher must be agreed by many federal commitees...
Good god, man, what the hell are you talking about?
Evil is the money of root.
(notwithstanding the extremely highly unlikliness that you have found such an algorithm)
If someone ever infringed on your patent, how would you prove it?
Why, I would just...
...
ahh... emmm...
D'oh!
My beliefs do not require that you agree with them.
I use encryption to keep my files secure because I don't necessarily trust the security of the medium they're stored on; I don't want anyone to be able to decrypt them except me, which would be possible even if I was the only one with the algorithm. There's also one-way encryption which is an encryption function that is mathematically impossible (or atleast extremely difficult) to reverse. The best example of uses for this is storing passwords: encrypt the password using one-way encryption, store it, whenever someone attempts to use the password encrypt that guess and compare the two, if they're the same, the original data were the same hence the password was correct.
You can't be unbreakable against brute-force attacks because brute-force is guaranteed to work, as long as you have enough time! Brute force means that you try every single possible key!
Actualy, OTP is protected against brute force because every single 'key' works, but they all produce diffrent outputs.
Think about it this way. Imagine for a bit that there are no books longer then the Oxford english dictionary. If you tried to brute force decrypt an OTP copy of the OED, you would have a copy of the OED in your 'pile' of decrypted stuff. You would also have every other book ever writen in your pile, along with every book that will be writen, and every book that anyone ever thought of writing, as well as an insanely large number of books full of garbletygook.
There is no way to tell which book is the 'real' book. In fact, all you're really doing is generating books at random.
autopr0n is like, down and stuff.
Just go to the bank you do business with and get a $20,000 loan. If you have a decent credit rating, it should be no problem at all. You could also take out a loan against your 401(k), or even a home equity loan. Rates are great right now. The point is, there's no reason to involve a third party who has an interest in your invention, just to get the funds to patent it.
"The advanced societies of the future will be driven by competing systems of psychopathology." -JG Ballard
I have discovered a remarkable new encryption system, but unfortunately it is too small to XOLMQ KRLQW MAAWE HRGTY QOKKQ DNAJS.
"Destroy science and religion. Science would re-emerge exactly the same; but not religion." - Penn Jillette, paraphrased
Just apply and interview at the NSA for a phat civil service job. Let them pay to patent it.
Treatment, not tyranny. End the drug war and free our American POWs.
See my user info for links.
For those of you who are curious, the submitter's website is right here
autopr0n is like, down and stuff.
Regardless of the good that you want to do to society, there was a sacrifice incurred by yourself and your family. Make sure your decision balances these two factors. For example, you can publish it with a license that is open but does not give all your rights away, so people can use it for non-commercial purposes. Reserve the right to license it for commercial usage. Then go get a job with the NSA or a big security shop. EIther of these places would love (and pay top dollar) to hire a guy that has the initiative to build a better mouse trap.
You can also get a SBA loan and open a skeleton shop to substain the patent application, then use the license fees as the main revenue stream for the shop. Since yu are allowing free access to the technology for non-commercial use, nobody can bitch about it.
If you want to use the invention as resume fodder, you MUST patent it first to avoid your employer trying to steal it from you (or if working for the feds, classifying the whole damn thing).
If you GPL it first you will still keep bragging rights but you will not get any compensation for the time spent.
Pedro
----
The Insomniac Coder
Sorry Kip Knight, but I find it hard to believe that you have come up with anything new. By refusing to disclose your invention, you have kept those who would tell you how wrong you are from doing so. For a one-time key to be provably secure, the key must be as the sum of all messages sent using it; any other method, such as re-using key space on the assumption that said re-use will not provide enough information to break the code, specifying a source of future key space in a message (since this is equivalent to using a key shorter than the message, assuming finite numbers of commonly-accessible sources of data), or manipulating the message in advance (to make it less recognizable, or to reduce size and to save key space), is obvious and/or dangerous. Also consider that the one-time pad comes from math, and may not be patentable due to the ban on patenting mathematical formulas.
Furthermore, any variation on the one-time pad is rather useless, since it ignores the practical problem in cryptography, which is key exchange. All modern cryptography works on the assumption that an analyst can observe *everything* you send and receive, including keys, and the solution to this is public/private key crypto. If you have to meet in person to exchange keys, it's easy to exchange large ones (CD-Rfulls of key), so re-using a key doesn't provide much real benefit.
If anything I'm saying is news to you, then you should forget the whole thing, since your invention is probably worthless. If you are aware of all this and still think that you have a useful and patentable invention, then you should find someone very knowledgeable in cryptography to talk to, get an NDA, and discuss what you have.
Then go to court and battle the stupidity of software patents. Noone will make a better case than you on this front.
If you do this the rising tide will lift all boats. Such things are not forgotten.
Novel theory: Modern Man evolved from psychopath
If you think you are right:
a) patent it
b) license it for free to all who liek to use it
c) license it only for GPL projects if you prefere that
However, I'm pretty sure you are a hoax.
Proof that it is protected agaisnt a brute force attack?
How silly!
You cant protect against a proof fore attack, it seems you do not know what brute force means: you test every posible combination. With bad luck I have the chance to find the kley in my first try.
With bad luck I find the key after the last sun in the universe is glown out.
However: I ALLWAYS WILL find it if I just have the time to calculate and test long enough.
Regards,
angel'o'sphere
Cost free eBook I read (by iBook/Kobo/Amazon/ObookO/Gutenberg etc.): "The Green Odyssey" by Philip Jose Farmer.
-some cypherpunk
A#()@KDHLSAMB@#KJH!@MDFKJHKJ!BN#@MB!@#KJ*(!r ypted: "I would post encrypted messages to Slashdot")
(Dec
Is that he's taking a really really large one-time pad, then giving bytewise (or bitwise) offsets into the data, then XORing with the cleartext to get the cyphertext.
This would have two serious weaknesses. First off, if it were used enough times and there were overlap of data, the computing necessary to pick out the overlap and solve it would be doable. Given a bitwise offset on a billion bit (128 megabyte) one-time pad, a supercomputer could rattle through the billion possible combinations while comparing double frequencies and find the overlap, and both messages could potentially be solved.
The other problem would be the physical existence of the one-time pad; unlike a memorized passphrase in combination with an obscured key, the pad can be stolen.
This idea DOES have some merits, however; in combination with a modern cryptosystem, it would add greatly to the obscurity of the cyphertext and help prevent its being analyzed.
... is worth what you pay for it. So here goes :-). File the provisional patent on the concept. This establishes the date. The clock starts and you have a year to file the utility patent. In that year research the heck out of the method and crypto in general. Consult with a good to great crypto authority under NDA. If the concept proves sound proceed with a utility application. While pending (the utility patent) publish the method and get comments. Make the application have claims broad enough to cover "tune-ups" to the method, but not so broad as to be unreasonable. License for non-commercial use for free if that is what you want, and charge a fee for commercial use, but remember that 1000 sales at $0.10 is better than 50 sales at $1.00 (generally). The easier you make it to use, the more widespreaad it will become.
- Tjp
I am in wallow with my inner money grubbing capitalistic pig. ... Oink!
A quick search on his mailadress on google turns up this:
"Jonathan Kipling Knight has a BS in Physics, an MA in Applied Mathematics and is pursuing a PhD in Computer Science."
Hardly enough credentials to guarantee that he's not a crackpot, but enough to allow the possibility that he has some basic understanding of cryptographics.
A search on google groups shows that he has never discussed on any crypto groups using this mail adress or his name. So not very active on the scene.
Opinions stated are mine and do not reflect those of the Illuminati
Say you managed to discover an algorithm that made factoring easy, to the degree that cyphers dependent on the intractability of factoring would be completely compromised. What would you do with with this extremely dangerous information?
The only reasonable action I could think of is to anonymously (through a dozen anonymous remailers) email a description of the algorithm to Bruce Schneier, entrusting him to proceed with this knowledge in whatever way he finds most prudent. I surely wouldn't want to be associated with the discovery and the calamity that would follow, and somehow I feel like Bruce Scheier could be trusted to act responsibly and intelligently.
Release it freely. If it is actually good (or can be made good), use it to become famous, and find employment on that fame. Don't bother spending money patenting it because that would be a waste of money.
First, because there is no shortage of really good encryption available for free, you aren't going to be able to sell it.
Second, because it doesn't work, there is no point in wasting money trying to patent something that is faulty.
How do I know it doesn't work? Because nearly no one can design good cryptography, so chances are yours isn't any good either. And, yours is currently secret; secret cryptography is almost poor. Sure, you might be not be able to see how it is defective, but that only means it is tougher than your ability as a cryptanalyst. Good cryptanalysts are rare. You also seem to say that OTP is vulnerable to known-plaintext attacks, which as I understand it is simply false. A OTP has terrible key distribution problems and there are always attacks outside the strict domain of the encryption, but a one time pad is, if you define the problem as a narrow cryptographic problem, perfect. This makes me doubt your abilities.
Sorry to be so harsh,
-kb, the Kent who tries to know how much he doesn't know about cryptography.
I would do exactly the same. I'd ask Slashdot!
This sig is a true statement, but I cannot prove it.
The CHAIR, or even some variants such as a STOOL, BENCH, or SOFA, all encompass prior art for your invention, methinks.
There is a little known loophole in the filing of patents that allows you to mail your idea to them. Once the letter arrives, you have 2 years to file the patent for your idea (that is just the submission, not the entire process).
This loophole exists for people like you who have an idea, but are not willing to pay a patent lawyer without testing it.
PS: This is my first slashdot post, so please be kind...
SSL and SSH are not encryption algorithms. They use encryption algorithms like blowfish, des, rijndael (AES), twofish, etc. but are merely protocols themselves.
ZERO ZERO ONE ZERO ONE ZERO ONE ONE! Just brushing up for my next big invention: Ethernet over Voice (EoV)
Well, since this is crypto related, I think an even better way would be to use the PGP Timestamping Service.
It has several different modes, but basically you just encrypt your ideas, send an email to the timestamper with the encrypted files and it will sign the file, and the signature will contain a timestamp and a serial number.
The signatures are available on a daily basis and are posted weekly at alt.security.pgp for all the world to see.
All editorial writers ever do is come down from the hill after the battle is over and shoot the wounded.
Really, there is no such thing as Many-time Pad.
MSDOS: 20+ years without remote hole in the default install
Lots of people have said that your idea probably isn't new and I'd like to expand on that with some personal experience.
:-)
One of the areas of programming that interested me most at college was sorting algorithms, but I never did much research into the subject. A couple of years ago I was looking for a fun little programming project to challenge myself with, so I decided to see if I could come up with a really fast sorting algorithm. It was an interesting project because (a) I was interested in the subject but (b) I was approaching it from a position of pretty much zero knowledge.
Now as boastful as this may sound I promise it's true, but the first idea I tried took about two hours of programming and was blisteringly fast and efficient. On a P2-233 with 128Mb it could take 100,000 lines of text (up to 255 chars in tests) and sort them into alphabetical order in less than a second. Not bad eh?
Great, methinks, I'm a genius, but I was curious to know how much of a genius so I trawled the web to find info on the fastest sorting algorithms to see how much better they were.
Well, long story short, my algorithm *was* the fastest one, but it was already known about and in common usage. Good for the ego in one way, but disappointing in another.
So back to the point: Are you sure your idea is new?
good !necessarily= new
Not to mention the fact that if you consulted your supervisor or used university property in the process of coming up with the method they probably own it for the purposes of patenting it.
Any sufficiently advanced technology is indistinguishable from a rigged demo
--Andy Finkel (J. Klass?)
Mail me (oops ^H^H) Bill Gates the algorithm. I'm sure I (no ^H) he, will have my (damn, ^H^H) his crack security people validate your claims and then do the right thing by it.
If you can't trust me (shit! ^H^H) him, who else can you trust?
Yours Belovedly,
Not Bill Gates
Your description sounds like the classic descrption of what Bruce Schneider calls "snake oil". You have a great new encryption algorithm that you've been sitting on.... If you've been sitting on it, nobody knows if it's any good. The best cryptographers don't really know if their algorithm is really any good until lots of other cryptographers have had time to beat on it and test it. The only algorithms that anybody with any sense will use are ones that have been open, and for a long time, so that they can truly be scrutinized.
So, in a word, it doesn't matter. I'd rather you didn't patent it, because software patents are generally evil anyway, and if the algorithm turns out to be useful for something, it could create headaches later. But, as far as cryptography goes, if it is truly as you describe, it's effectively worthless at the moment, and will continue to be so until lots of people have had a chance to see and work on the algorithm.
-Rob
I used it to protect my source code, then I forgot the password.
http://pcblues.com - Digits and Wood
+1 Insight full
I also fail to see why this invention is in any kind usefull. It has the old caveat, I need to bring the key A to B without beeing seen/intercepted/exchanged etc.
--
Karma 50, and all I got was this lousy T-Shirt.
Informative? ROFLMAO
Plaintext XOR pad = Ciphertext
If cipherbit = 1, possibilities are:
0 XOR 1 = 1
1 XOR 0 = 1
If cipherbit = 0, possibilities are:
0 XOR 0 = 0
1 XOR 1 = 0
With no pad, there's a fifty-fifty guess. Knowing the plaintext doesn't help solve that.
Kjella
Live today, because you never know what tomorrow brings
it doesn't work. forging mail is sooo easy and it would never hold up in court.
there is a way to copyright your stuff cheaply involving a notary -- basically you give the notary a copy and they hang on to it for you. notarys are like government approved honest people.
back to the forging the self-mailing thing -- to forge:
1. mail an empty envelope to yourself with weak tape sealing the flap
2. hang on to envelope for 10 years
3. place patented material in envelope and seal
4. forgery complete, sue for prior art.
other possibilities include steaming open your sealed envelope and replacing the contents.
a visit to the notary usually costs less than $20.
fear is the mind killer
OK, some people have said patent and license for free to non-commercial uses. There's a much safer approach that will save the inventor some money, although at the risk of some embarrassment:
1) Time stamp a document containing your results. There are lots of ways of doing this, with either automated services (such as "Stamper" at http://www.itconsult.co.uk/stamper.htm), or just posting the document on Usenet.
2) Tell someone else -- I'd suggest making a very public release on some forum. Incidentally, your write-up should say that you will apply for a patent. In the U.S. you have a year after publication to file for a patent.
3) Submit to a conference, like CRYPTO.
By publishing, you've established ownership so noone else can patent your technique later (because yours would now be "prior art"), and you can still patent if it holds up to scrutiny. But you also save yourself the patent fees if it doesn't.
I'd be willing to put a little bit of money on a bet that the result would be that a weakness would be discovered. If by "perfectly unbreakable" you mean an infinite unicity distance, there are only two ways you can do that: use a random key (i.e., a one-time pad), or encrypt completely random data (which would be pretty useless). Anything else (yes, *anything* else) will have a finite unicity distance, and so cannot be claimed to be completely unbreakable.
Even in the US you'd have to challenge the patent in court and the burden of proof is on you.
In the rest of the world you'd just get laughed at until you hang up.
Nerd: Derogatory term typically directed at anybody with a lower Slashdot ID than you.
The MTP cannot be as secure as the OTP. However, it's not obvious to me that its significantly weaker.
A one-time pad is a a sequence of random bits b0..bn.
A plaintext message is a sequence of bits p0..pm with m =< n.
The cyphertext is the sequence of bits c0..cm where ci = pi xor bi.
Since the bi are random, the ci are also random - hence in the absence of the OTP the cyphertext is undecodable.
Important: having decyphered the message, both sender and receiver delete bits b0..bm from their OTPs.
The problem with OTPs is arranging for secure delivery of b0..bn in the first place, without interception.
It seems the poster is suggesting that there is a secure way to use OTPs, without the important step of discarding used bits. This means that bits will be reused according to some function. So in effect the "many time pad" (MTP) is generating a longer stream of "xoring" bits from a b0..bn - that is, the MTP "xoring" bits m0... are constructed according to mi = f(i, b0..bn) - with f presumably being publically available - and the cypher text is given by ci = pi xor mi.
The problem is that for infinitely many i, j, k, f(i, b0..bn) = f(j, b0..bn) = f(k, b0..bn)...
After we have seen enough cyphertext go by (presumably many, many times more than n+1 bits, if f is any good) we will start to learn more and more about b0..bn (xored with some plaintext). Eventually we will collect a library of bits
pi xor f(i, b0..bn), pj xor f(j, bo..bn and so forth where we know that f(i, b0..bn) = f(j, b0..bn), hence we can work out pi xor pj. But this is just the xor of two non-random plaintext messages, which is subject to fairly straightforward attack.
So the upshot of it all is that if f is good then you should be able to (significantly) extend the life of your OTP, but eventually you will have to ditch the b0..bn and get some new ones. However, if for, say, n = 10^9 you get a useful lifetime of, say, 10^18 message bits, then you'll be happy with your scheme for a long time!
That said, you still have to solve the key exchange problem, which is the real stopping point with symmetric crypto systems.
'cause telling the public about your inbvention is a good way to prevent anyone, including you, from ever getting a patent on it!
Basically, it's like shootin yourself in the foot.
Seeking free legal advice on a public board is a really dumb idea, for about 19 different reasons.
I suppose what's really at issue here is a moral question. Is it better to serve the interests of free-speech and expression with no assured great profits or is it better to get those profits for the financial security of one's family at the probable loss of momentum towards greater freedom? Since I tend to lean towards the idealistic, I'd probably go with the open-source route believing that creating such a good foundation for greater freedom would certainly come back in many positive ways to both oneself and one's family. But just the same, it is a difficult decision and you deserve respect for your efforts no matter which route you take.
And all our yesterdays have lighted fools The way to dusty death. --Will
1) Read everything Nolo provides regarding patents and trade secrets.
2) Patent it yourself.
3) Prepare an iron clad NDA/Trade Secret plan yourself.
4) Have a specalist lawyer bullet proof your NDA/Trade secret plan.
5) Hire a lawyer under your bullet proof trade secret plan
6) Hire someone who knows how to start a company while you help protect your ownership rights to your invention under your bullet proof plan.
7) Sell your super product
8) After you have earned enough money for you and your family, take some of the excess cash and pay lawyers to help you find ways to start a patent sharing scheme that grants people license to use your patent if they grant you rights to the inventions they create based on it.
9) If the company you found turns out to bite you make sure there is a poison pill where you as the inventor can open the invention free to the world without negative consequences.
Most importantly, ASK PHIL ZIMMERMAN FOR HELP EVEN IF YOU MUST BEG HIM OR BRIBE HIM. He's been there, and got screwed. Doubtless he learned something about how he would do it the second time around. You see he knows more about this than us Slashdotters.
BTW, if you are looking to hire an experienced software developer or just getting started at project management type. I need a damn job and you need a Gantt for your project. Just kidding, sorta.
~~ What's stopping you?
If this guy thinks the known-plaintext "attack" to OTP is a problem, then he don't know what a OTP is.
For those of you who don't know, every byte in a one-time pad is used to encrypt one and only one byte. Ever. If you know the plaintext and the ciphertext, you can derive the key, for that one byte, but that information is useless for every other byte in the ciphertext.
But will any patented algorithms be accepted going forward? The RSA patent caused enough annoyance that I think everyone adopting crypto is wary of patents. And one of the criteria for the AES was freedom from patent encumbrance. We already have more than enough unencumbered algorithms for the recognized tasks such as block cipher, stream cipher, public-key. I think a patented algorithm would only be used if it provides substantial capabilities beyond what we have now (very unlikely) or if the patent itself were desirable to ban interoperable implementations.
This probably applies to any cryptosystem, BTW. ;)
If corporations are people, aren't stockholders guilty of slavery?
Aside from the fact that the claim is incredible...
As other posters point out, everyone can develop their own ciphers that they think is unbreakable. It's not until massive peer review for many years before they become trusted as unbreakable, and thusly become of any value.
Attempting to patent a cipher before this is a waste of money, and patenting it after peer review is likely impossible.
Put it out for public scrutiny. At least you'll hold the copyright on the reference implementation and be recognized as the inventor, and don't blow $20,000+ just to have someone tell you your cipher is bogus/duplicate/pathetic. :)
nbHF48FKJH4F;kjh4LKJHhNB498CN4I
SKLJ4H9sdflkjh
OKDNJ48458DI4.SL4993;W5497GKH48
2HCB4KBHS843,JNS,JH43872B34JYB4
ZMNB48lkjh48BB4
How dare you insult my mother like that!
heh... its like a nerdy rorschach inkblot.
The same thing I do every day. Try and take over the world.
WTF is a "known plaintext" attack on a one time pad?
-- the most controversial site on the Web
This is how it works in a perfect world: Take a random string, XOR it with your message (the plaintext) and transmit the result to your friend. To decrypt the message, your friend has to XOR the message he got again with the random string.
There are two problems with that:
We are not able to produce real randomness, we can only use cryptographically secure pseudo-random number generators but these are not perfectly random.
The problem of transmitting the random string (the key). It has to be distributed in advance.
If a message gets encrypted twice with the same key, it is highly vulnerable to a statistical attack and therefore nearly useless. Every few days, someone claims to have invented a perfectly secure cryptosystem and posts it on sci.crypt just to have it torn to pieces by them.
To the "inventor" of this new system: If you really feel your algorithm is that strong, offer something about 10000$ to anyone who can break it. That way you can be sure it gets enough attention. This is common practice.
The strnig "OTP" is clearly part of the comment I was commenting on. The person I replied to said OTP is weak. OTP is not weak.
autopr0n is like, down and stuff.
You are totally wrong. You can sell and use any type of encryption you want to within the United States. Again, I think you are thinking of export restrictions concerning what you can export from the U.S.
OTP technology is not widely used because the major problem is how to distribute keys. It has nothing to do with how secure the cypher is. If I have to send a message to my field office, unbreakable crypto does me no good if the other end doesn't have today's unbreakable key. The genius of asymetric crypto is that the two end users can freely exchange the necessary key information without compromising the actual key.
That is what I am talking about. It's illegal to sell such cyphers.
You are simply so wrong that it boggles the mind.
Evil is the money of root.
IANAL, so i am just asking. Many times, we have an idea, implemented, we can document it to a large extent, etc. But we can't patent it So the question really is:
If you can prove you developed certain idea prior to someone else patenting it, do they owe you anything? What are your rights in that case?
If you have some nice rights, then one great thing would be to have a Black (as in nobody knows what it is protected) Anti-Patent Firewall.
How would it work? A central database controlled by a company, where you would send them all your information, and an encripted patent (key you and your company will have to decript). They would certify the date of submission (attorney, notary, etc), and create the record and label the field of discovery and everything that you want disclosed beforehand. You could pay them X bucks for that service.
Then one day some greedy company files a patent for the obvious, but clever idea you devised, and this company is researching all these patents every day, and they discover it...and voila!
I know...i know...
unfinished: (adj.)
Which part of "one time" you do not understand???
The most likely meaning for the adverb week, would be: having to do with a week, or weeks. And since our names for the week-days come from ancient gods, he was probably likening the one time pad to the unbeatable thunder god Thor.
Well, then I definitely wouldn't be able to break it. I never could get the hang of Thor's Days.
That's right. No patents. No shareware. Post your idea right here for all to see and critique. This is the only way you'll get any credibility whatsoever. Sorry bud, but there's no such thing as unbreakable crypto where the ciphertext is longer than the key. This has been mathematically proven and if you insist otherwise, either you don't understand crypto theory sufficiently or you're off your rocker. So basically what you're talking about here is performing some form of hash or permutation of the pad to make it more difficult to recover from the ciphertext when used multiple times. This is not a new idea, nor is it unbreakable. In fact, if done improperly, it might be less secure than a traditional block cipher. Including the pad hash function / permutation within the first length of ciphertext won't make it unbreakable either--even if it changes with every consecutive use of the recycled pad.
On the other hand, it's nice that you're trying your hand at cryptography.. it's always a fun mathematical game. But for your own sake, let go of the notion that some sort of get-rich-quick idea is waiting for you. Mathematics is a field of discovery. Patenting discovery is plain wrong.