Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

What Would You Do With a New Form of Encryption?

Cliff posted more than 11 years ago | from the share-or-sell dept.

Patents 868

Kip Knight asks: "I've been sitting on an invention for six months now. I'm debating whether to 'give it to the world' or patent it. I would obviously like to feed my family on the fruits of my endeavour but don't see much hope in the open source route. My invention improves upon the 80 year old One-Time Pad encryption turning it into a 'Many-Time Pad'. Since I haven't got my export license to speak about the details yet, I won't describe further. The advantages are proof (i.e. unbreakable) against brute force attacks and known-plaintext attacks (unlike the OTP). The disadvantage is carrying around a very large digital key (which could easily fit on one of those USB memory key fobs). My question is this: Could I sell enough $10 shareware GPG extensions to compensate for not locking in 20 years of patent protection (and the $20,000 to patent it)?" While the claims made by the submittor have yet to withstand the crucial test of time (and prying eyes), if you had developed a new form of encryption, what would you do?

cancel ×


Sorry! There are no comments related to the filter you selected.

done it! (-1, Troll)

Anonymous Coward | more than 11 years ago | (#4417812)

FP again!!!!


OMGOMGOMG FP (-1, Troll)

Anonymous Coward | more than 11 years ago | (#4417814)

Easy. (5, Insightful)

superdan2k (135614) | more than 11 years ago | (#4417817)

  1. Patent it. Period.
  2. Allow it to be used freely by open source programs. License it to commercial companies that stand to make money.
  3. ...
  4. Profit.

Moron. (-1)

cut-N-paste Troll (584533) | more than 11 years ago | (#4417829)

3. ??
4. Eat a bag of hell.

Re:Moron. (0, Offtopic)

zapfie (560589) | more than 11 years ago | (#4417872)

Hell comes in bags now? Spoiled youngsters.

Re:Easy. (0)

Anonymous Coward | more than 11 years ago | (#4417858)

that probably wouldn't be gpl compatible, ruling out a whole heap of software. the author probably won't switch to a more flexible license, they'd probably wind up just using other algos

Re:Easy. (4, Funny)

dattaway (3088) | more than 11 years ago | (#4417922)

I'm sorry, everything that hasn't been invented yet has already been patented last decade. Never underestimate an infinite number of lawyers on an infinite number of typewriters submitting claims to the US Patent Office.

Re:Easy. (5, Insightful)

Lokni (531043) | more than 11 years ago | (#4417936)

I definitely agree with the above poster on 1, 2 ,4. As far as coming up with the $20,000, find a lawyer that will draw up a rock solid non disclosure agreement and then shop it around to rich businessmen and patent lawyers after you get a signed NDA.

Re:Easy. (5, Interesting)

twilightzero (244291) | more than 11 years ago | (#4417961)

The above post definitely has this one right. Patent it, that way somebody else can't steal the idea and claim they invented it and make YOUR profit from it. That being done, you can easily distribute it freely to the masses for common use, or sell shareware, or whatever. If it's really as good as you claim, you shouldn't have problems selling $10 or whatever shareware licenses. Also, if it's that good, corporations would be climbing all over you for access to it. You could charge a very reasonable fee for its use, even allow yourself to be hired as a security consultant/whatever, and make your profit from it.

I realize it's an up-front cost for patenting, but look at the alternative: someone stealing/adapting your invention and making the money that YOU could've had. Don't let that happen to you. And if it's really that good, there are services out there that will help you patent inventions, although I will admit to not being entirely familiar with them having never patented something myself.

encrypt this (-1, Troll)

Anonymous Coward | more than 11 years ago | (#4417819)

dsfsdgfsdfsda []

what a load of crap (-1, Troll)

Anonymous Coward | more than 11 years ago | (#4417820)

first post?

If you want to make money, patent it (5, Insightful)

hpa (7948) | more than 11 years ago | (#4417824)

... patent it, *then* you can figure out what business model you want to use.

Note, however, that the claims made by the submittor is basically a laundry list of the kinds of claims that makes seasoned cryptographers go "oh no, not again."

Re:If you want to make money, patent it (5, Insightful)

markk (35828) | more than 11 years ago | (#4417945)

I would reinforce this comment - the claims in the original submission are invalid on the face of it in the real world. There is no plaintext attack on a real 'otp' with enough randomness in the key since the key is used only once.
To all of the people with new cryptosystems - with all due respect - we now have really good, well understood cyphering methods up to a level where the failure in security won't be from the method of encryption. Key exchange could be improved, but actual symmetric cypher methods aren't going to revolutionize things anymore. We can always use better, and people will continue to look for flaws (as in Rijndael) but none of this is big time.

Re:If you want to make money, patent it (5, Informative)

ENOENT (25325) | more than 11 years ago | (#4417964)

Note, however, that the claims made by the submittor is basically a laundry list of the kinds of claims that makes seasoned cryptographers go "oh no, not again."

No kidding. Read sci.crypt for a while, and you'll see any number of "revolutionary" encryption schemes, most of which are obviously junk invented by naive crypographer-wannabes. (Note: I'm not a cryptographer, nor do I play one on TV.)

At least the submitter understands that OTP only works if you have a big chunk of shared secret data to use as a pad. However, his mention that OTP is vulnerable to chosen-plaintext attacks makes me think that he's just another crackpot. Think about it--you use the random bits in the OTP only once, and they contain no information about future bits in the pad. Thus, OTP is 100% resistant to chosen plaintext.

My advice: DON'T BOTHER SPENDING ANY MONEY ON PATENTING THIS!!! If you decide that I'm full of it, at least do some serious study into cryptography before giving a dime to a patent lawyer.

well... (2, Redundant)

mwm158 (526284) | more than 11 years ago | (#4417825)

Patent first, ask questions later.

Re:well... (0)

Anonymous Coward | more than 11 years ago | (#4417911)

Why wait? You can file for a patent up to one year after you first describe it in public.

(WTF, server told me three times I was too fast typing my reply. Why does slashdot punish fast people? I guess it's more catering to the Japanese animated porno crowd.)

Get the patent... (5, Informative)

BTWR (540147) | more than 11 years ago | (#4417826)

I'd get the patent. Even consider trying one of the previously mentioned do-it-yourself patent methods [] . Protecting your invention is worth the effort and capital.

send NORP (-1, Troll)

Anonymous Coward | more than 11 years ago | (#4417828)

send pron norp

fp biznatches

Mody FP (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#4417831)

Mody Pook First Post!


Re:Mody FP (0)

Anonymous Coward | more than 11 years ago | (#4417849)

Damn! Missed it again!

Mody firewalls!


What Would You Do With a New Form of Encryption? (3, Insightful)

i_want_you_to_throw_ (559379) | more than 11 years ago | (#4417833)

Replace the one that NSA has broke already...

Patent it... (5, Funny)

MagicFab (7234) | more than 11 years ago | (#4417834)

then encrypt the patent.

Re:Patent it... (0)

Anonymous Coward | more than 11 years ago | (#4417893)

Then eat it!

The same thing I do every day... (5, Funny)

killmenow (184444) | more than 11 years ago | (#4417835)

Try to take over the world...

Re:The same thing I do every day... (1)

bagojunk (608006) | more than 11 years ago | (#4417877)

You are living in the world of make-beleive with faeries and leprechauns with funny little hats.......oh by the way I was being sarcastic! well duh

Feed the Family (5, Insightful)

syrupMatt (248267) | more than 11 years ago | (#4417840)

Fact is, if i need money, then liscense it to a company who will do the dirty work for me and live off the proceeds. If it is, in fact, a brilliant discovery, you should fight for provisions which will ensure some amount of open review.

Not everyone who comes up with such a proven idea is a software developer, and they may not be able to live off of creating cutting edge software or maintaining said software for a living. The bazaar method doesn't apply to theory.

What about.... (2, Informative)

UnidentifiedCoward (606296) | more than 11 years ago | (#4417841)

whether or not is actually been tested? I would worry first that the encryption standard actually is as robust as the claim before waving it the air asking about whether or not there is a profit margin involved. Without review or exposure it cannot substantiate the claim so it does not really matter if it is patented or not does it? I sure as hell wouldn't use it.

encrypt this you homo! (-1, Troll)

Anonymous Coward | more than 11 years ago | (#4417842)

ooooooohhh yea!

Too late (4, Funny)

jsse (254124) | more than 11 years ago | (#4417843)

I've been sitting on an invention for six months now.

Butt is a prior art, iirc.

Re:Too late (2)

poot_rootbeer (188613) | more than 11 years ago | (#4417972)

He's right about 'prior art'.

Christopher Walken used the 'butt' method of encryption to securely transfer a watch once. It was a while ago.

You'll NEVER make money GP* anything (-1, Flamebait)

Anonymous Coward | more than 11 years ago | (#4417845)

Look at what's out there now. Nothing GP* makes money; they shrivel and die (VC being the only thing they get coming in, once). Patent now, license to the NSA and local Univs.

Hehehehe (5, Insightful)

tomstdenis (446163) | more than 11 years ago | (#4417846)

Ten bucks says five mins after he publishes it it will get broken.

"many-time" otp are quite nonsense. See the problem is people think that good ciphers can have security approaching the OTP. The OTP is an absolutely different type of security.

For instance, *no* ammount of time is sufficient to break an OTP without the key. Whereas a block cipher can be broken at least in theory.

I'd suggest to the original poster that he try to get his design published. When it gets horribly broken it will serve as a learning experience as how "not" to approach science.


Re:Hehehehe (0)

Anonymous Coward | more than 11 years ago | (#4417915)

While I agree with the content of your message, the delivery is quite insulting.

Two recommended routes: (1, Interesting)

Anonymous Coward | more than 11 years ago | (#4417847)

two recommended routes:
- call USPTO and ask for assistance
- call NSA and ask for a job

I would patent it and sell it (1, Insightful)

Anonymous Coward | more than 11 years ago | (#4417848)

I would patent it and sell it because if you present this to the public free of charge then other companies will take advantage of this. Think of your family first and be a capitalist.

Read some theory..... (1)

Sweetums (266193) | more than 11 years ago | (#4417850)

It'll be interesting to see how he gets around the most critical issue in one time pads. Never re-use them. There are several interesting stories about one time pads finally being re-used and years old messages being decrypted along with the new stuff.

Do Nothing (5, Funny)

RAzaRazor (562318) | more than 11 years ago | (#4417853)

Don't do anything to make it public. Just keep it for your own personal use.

That would be the best encryption you can have. The one only you know about.

Re:Do Nothing (5, Insightful)

Anonymous Coward | more than 11 years ago | (#4417905)

Security Through Obscurity Does Not Work. Period.

Re:Do Nothing (2)

Jonny Ringo (444580) | more than 11 years ago | (#4417937)

Now if only I had something worthy enough to encrypt :-(

patent (0)

Anonymous Coward | more than 11 years ago | (#4417854)

the problems with those patents about ecryption involved is the fact the us government may try and halt it for security reasons. I would suggest that you open source it but use a restrictive license that does not allow to view it unless with your permission...

Your first job: Air it out to the crypto community (5, Insightful)

Faggot (614416) | more than 11 years ago | (#4417855)

It's heartwarming that you've invented a new form of crypto. However, before anyone takes it seriously, you're going to have to reveal it to the cryptographic community. "Many eyes make bugs shallow" as they say, and in few places is this more important than in crypto. An algorithm you've looked at 10000 times may have a logical error you've never caught, that would be glaring to a knowledgable pair of fresh eyes.

Plus no self-respecting paranoid freak is ever going to use a new cipher that hasn't had any time in the spotlight. Release it to the field and ask for comments.

'Many-Time Pad' (4, Interesting)

wiredog (43288) | more than 11 years ago | (#4417856)

Yeah. Right. Let me guess. It's a one time pad, but one where the unused code groups get remapped/reused, which is just another type of one time pad.

99.9 percent sure (5, Insightful)

PD (9577) | more than 11 years ago | (#4417857)

That this invention is a bunch of crap. Most likely scenario: inventor releases a press release that gets widely reported and the most secure thing ever invented. Claims like "unbreakable" and "proven secure" and "many time pad" will be thrown around freely.

And then someone with a decoder ring will crack that puppy wide open.

Yawn. Snake oil.

Re:99.9 percent sure (0, Flamebait)

PD (9577) | more than 11 years ago | (#4417892)

Oh, and another thing I forgot to add. The story starts out "Kip Knight asks". Well, Kip's e-mail address is newtsprism@AOL.COM. That ought to tell you something.

I have a similar problem (0)

Anonymous Coward | more than 11 years ago | (#4417941)

I'm facing a similar problem with my perpetual motion machine. I'd like to give it to the world, so everyone can benefit, but I'd also like a nice new Mercedes.

patent it (0)

Anonymous Coward | more than 11 years ago | (#4417861)

Don't let the socialists con you into "giving back to the community." Do for your family and yourself and then worry about be altruistic. If you don't patent the idea, you don't have any recourse if you change your mind. If you patent it, you can always give it away later.

Yowza (1)

LinuxCumShot (582742) | more than 11 years ago | (#4417862)

The only way people are going to use it / trust it is if the code / algorithm can be closely examined.

If you give out the code, the only way to still make money is patent it.

If you say I got a great algoithm but you can't see it, people will just laught at you.

People will laught at you anyway, go get a job.

you really trust society! (2, Insightful)

pitc (557530) | more than 11 years ago | (#4417863)

so you want us to decide what's more important to you? I'd say give it to the world, but that's my own opinion. that's what this whole thing is going to be... opinion. what's more important? money or ideals? it gets trickier (as mentioned) when you've got to put food on the table. Trickier still when you consider the investment (time and money) needed to see your invention pay off. as with any big life decision you just need to look at all the courses of action and their consequences, and chose the one that suits your life goals best.

Well (5, Funny)

llamalicious (448215) | more than 11 years ago | (#4417864)

First, I wouldn't "Ask Slashdot"
(sound of pitter-pattering many greedy feet scurrying to the nearest PTO)

1. Patent new encryption algorithm.
2. Sell to highest bidder.
3. ???
4. Profit.

Ah well, you could always be more philanthrophic than me, and support FSF, but hell, I'm just a capitalist at heart.

Re:Well (1, Interesting)

Anonymous Coward | more than 11 years ago | (#4417963)

>>1. Patent new encryption algorithm.
>>2. Sell to highest bidder.
>>3. ???
>>4. Profit.

Why do people keep doing this!? Step 2 is where the profit comes from!! There is no unknown step three here, Sell to highest bidder == profit

Sorry, I think I've finally cracked from all the Step 123 and beowulf posts.

Support Slashdot with it (5, Funny)

egg troll (515396) | more than 11 years ago | (#4417865)

I think you should trade this patent for some stock in VA Systems! How could that fail to make you wealthy?!

You don't lose control when you patent it. (5, Informative)

Joel Ironstone (161342) | more than 11 years ago | (#4417866)

IF you patent the idea, you retain all rights to give it away freely, sell it or whatever, to whomever. If you don't you lose your rights over the invention.

I say patent it and then decide based on what offers you get. Once you patent it you can shop around for people to license it to. You can define the terms of the license (3 years and then you can offer it as GPL or NOT)

Don't be a fool, its your blood and sweat, you deserve to own it.

Give it away (0)

Anonymous Coward | more than 11 years ago | (#4417867)

Give it away and let your family starve, obviously.

I was in the same situation; here's what I did (5, Funny)

splattertrousers (35245) | more than 11 years ago | (#4417874)


moderators (-1, Offtopic)

Anonymous Coward | more than 11 years ago | (#4417910)

dude, that's funny as hell.. mod it up!

Re:I was in the same situation; here's what I did (3, Funny)

Rayonic (462789) | more than 11 years ago | (#4417976)

But how did you get the monkeys to wear the pants?

Re:I was in the same situation; here's what I did (0)

Anonymous Coward | more than 11 years ago | (#4417981)

damn!, beat me to it! Arrrrg!

What I would do..... (1, Offtopic)

forged (206127) | more than 11 years ago | (#4417875)

Quickly encrypt all the pr0n on my hard drives, since my wife begins to understand how to use the PC!

What you do is,,,, (2, Insightful)

TerryAtWork (598364) | more than 11 years ago | (#4417878)

release it at a crypto convention and get a reality check as it is broken by one of the people at the con before you go home.....

hmmm. . . (1)

mossmann (25539) | more than 11 years ago | (#4417879)

If you are a professional cryptographer, you should know the answer to your own question. If you aren't a professional cryptographer, then chances are _very_ good that your technology will be broken or otherwise made useless as soon as it becomes public.

That's not to say you aren't an intelligent person, but it takes a lot more than one great mind to accomplish your claim, in my opinion.

Check the FAQ (2, Informative)

Deton8 (522248) | more than 11 years ago | (#4417883)

If you check the usenet sci.crypt FAQ it ridicules the steady stream of people who invent "unbreakable" encryption techniques. You might give it a read. Most of the time it turns out that there are one or (usually) more fatal flaws in new encryption schemes.

Poke your stick into a hornet's nest (2, Funny)

scout.finch (120341) | more than 11 years ago | (#4417884)

I would take my encryption method, brag that it's unbreakable in some fashion to people with enough time to read /. and the bitter souls that accompany them. Then sit back and watch as your idea is torn to shreds saving you $20,000.

I'd patent it (2, Interesting)

pavera (320634) | more than 11 years ago | (#4417885)

Patent it!
let gpl programs use it for free,
charge commercial companies
best of both worlds

Porbably nothing (2, Insightful)

LordKronos (470910) | more than 11 years ago | (#4417886)

I probably wouldn't do anything with it. This topic comes up time and time again, and everyone always thinks they have something new and unique that nobody has ever done before (just like in the data compression field). Chances are VERY good that what you have come up with has been done many times, or else it doesn't work as good as you think.

In this case: a many time pad? That hardly makes sense. The only real strength of a one time pad is that it NEVER repeats. No matter how large you make your pad, if it repeats it is highly susceptable to attack. The more it is used, the more susceptable. Call me a Doubting Thomas if you will, but I'm definitely doubting it.

Idea (2, Funny)

Anonymous Coward | more than 11 years ago | (#4417888)

Maybe you should get together with that guy who was going to write the 3d animation program [] all by himself and compose a book on how to write overly-optimistic letters to Slashdot.

I fail to see an issue. (3, Insightful)

unicron (20286) | more than 11 years ago | (#4417891)

Don't let the 15 year old's working at Taco Bell try to tell you shit about selling out. Especially because you have a family due whatever is necessary to secure your financial future. I would weigh my options, and find out the best scheme involving reward vs. control of project lost. Find a nice happy medium between the two. But please, look at your family, think about all the things a higher standar of living could provide them before listening to anyone with advice like "Make it completely free and open source". You don't have to feed those people, you do have to feed your children.

You can start by. . . (0)

Anonymous Coward | more than 11 years ago | (#4417894)

evaluating the inflight meal on our black helicopters.

(posting as ac from deep within the NSA)

Careful what you say (4, Interesting)

harrisj (14577) | more than 11 years ago | (#4417899)

From my somewhat scanty introduction to patent laws, you might want to be careful about how much you reveal about it before you file a patent or at least provisional paperwork. My company recently did work to patent a product and we were told we couldn't really discuss it with many people. Furthermore, doing an openly public action such as showing it at a trade show before applying the patent would seriously jeopardize the patent process. Now I'm not a lawyer or an expert in patent law, so I can't really say how valid an objection this is, but I'm sharing it here in case it's relevant. If it is correct, I want you to be able to decide whether to patent and not have it decided for you. (Any real experts have a better assessment).

Patent it. Then license it. (3, Informative)

Havokmon (89874) | more than 11 years ago | (#4417901)

Granted, I'm just a techno dude. But says:

A grant made by a government that confers upon the creator of an invention the sole right to make, use, and sell that invention for a set period of time.

Official or legal permission to do or own a specified thing. See Synonyms at permission.

I would patent it, then license it. It could be licensed for free use to non-profit groups, and governments could be required to pay a yearly sum.

But that sounds almost too easy to me :)

What to do (2)

phil reed (626) | more than 11 years ago | (#4417904)

Patent it - you can always issue royalty-free licenses if you want to give it away.

However, I concur with the other posters - If you reuse any part of the key, it's not a one-time pad. If you generate any part of it algorithmically, it's not a one-time pad. The history of crypography is littered with "replacements" for the one-time pad that turned out to be trivially breakable. This could be the first example that turned out to be worthwhile, but the odds are against you.

Don't bother patenting (1)

gregor-e (136142) | more than 11 years ago | (#4417907)

Unless you're pretty sure you have a big winner on your hands, it probably isn't worth patenting. All a patent gives you is the right to ask the courts to stop a competitor from using your invention. Even after you go through all the rigamarole of having a patent granted, you still have to renew the patent and I believe there is a requirement that you show you are actually exploiting the invention toward a real product or service. Overall it's a long costly process that does not create any new wealth, it only gives you a big stick to smack the competition with. As an introduction, I recommend "Patent it yourself" [] published by Nolo Press.

Is it worth patenting? (5, Insightful)

TheSync (5291) | more than 11 years ago | (#4417908)

Patenting something (properly) will cost thousands of dollars and will require a patent lawyer.

The US is a first-to-invent not a first-to-patent country, so make sure you have a hardcopy of your invention description dated and notarized.

Then let some Net crypto people beat on your idea, make sure you say "Patent Pending."

If it holds up, you should easily be able to raise the money to get it patented properly. (Actually, if so, email me, I may know a few investors)

Judging from your description, I'd say your invention has a high probability of not truly doing what you think it does. Developing novel and useful cryptographic technology is a rare occurance, generally done by people who have a ton of experience in the area. No point in wasting money if it won't stand up to 30 minutes in sci.crypt

Dont Bother (1)

fava (513118) | more than 11 years ago | (#4417912)

Historically proprietary encryption schemes have faired badly in the market (RSA and RCx being possible exceptions). Why would any one want to pay to use a encryption method when there are so many free and effective alternates. If its not free few will use it, if few use it then there is little incentice for anyone to use it.

ARGH! (1)

Jordan Graf (4898) | more than 11 years ago | (#4417913)

This has got to be a joke! Listen, I hate to be insulting, but the odds are about 1:1,000,000 to one that the breakthrough you think you have is nothing of the sort. It's true I know close to nothing about you, but the name you chose (which implies re-use of one time pads), the question you ask and the fact that Ask Slashdot seems like an appropriate forum tells me that you're an amateur.

Go read back issues of Crypto-Gram [] and read up on all the lame hype laden "unbreakable" crypto schemes (often based on one time pads) that they destroy and then laugh at. If after reading all that you're still convinced you've got something, sure, go see a patent attorney.

My guess is you'll end up saving yourself the patent fees and a fair amount of humiliation by just letting it drop.

patent it, then sell it (1)

JamesCronus (592398) | more than 11 years ago | (#4417914)

patent it, then sell it to one of the big boys, like IBM or Sun.

Mathematically impossible (5, Insightful)

Lord Greyhawk (11722) | more than 11 years ago | (#4417918)

My invention improves upon the 80 year old One-Time Pad encryption turning it into a 'Many-Time Pad'.

Information theory proves that the One-Time Pad (OTP) is optimal - it cannot be improved.

The advantages are proof (i.e. unbreakable) against brute force attacks and known-plaintext attacks (unlike the OTP).

The OTP has no known-plaintext vulnerability. By submitting even a chosen plaintext to be encrypted, and studying the encrypted message, you only learn the piece of the One-Time pad used on your own content. It does not help you break any other part of any other message.

The only way to break a OTP is to get a copy the pad or by breaking the random number generator used to create the pad.

This post's claim is the usual nonsense. So patent it if you wish - release it if you wish - I doubt anyone will find it usable.

Here's a quote... (5, Insightful)

Bald Wookie (18771) | more than 11 years ago | (#4417920)

It is impossible to make money selling a cryptographic algorithm. It's difficult, but not impossible, to make money selling a cryptographic protocol.

Who said it? Bruce Schneier, one of the current gurus of crypto. Where did he say it? Here on Slashdot []

The whole article is worth a read.

My perspective is that I seriously doubt your claims. Until there is strong peer review of your entire cryptosystem from top to bottom, I won't touch it. Unless it solves some problem with other cryptosystems already in use, the market won't touch it. If you can these two objections then you might have a shot at some money. Otherwise...

Not commercially lucrative (3, Insightful)

Srin Tuar (147269) | more than 11 years ago | (#4417924)

There are tons of symmetric encryption methods ranging from patented to totally free. They all have the property of being effectively unbreakable with decent keysizes. Unlike your proposed method, they dont require ridiculously large keysizes. I really dont see the commercial potential, or even the potential for significant non-commercial use.

The method you describe would actually have significant *disadvantages*, such as being ill-suited for use with asymmetric cyphers.

The advantages are proof (i.e. unbreakable) against brute force attacks and known-plaintext attacks (unlike the OTP).

I dont see how a one time pad wouldnt have these properties. Note that the name is One Time Pad, so if you reuse the pad, its not one time anymore.

my 2 cents (1)

sboss (13167) | more than 11 years ago | (#4417928)

patent it if you have that incling. In todays market, trying to make a buck off of encryption is going to be hard. Look at NAI and PGP. I personally prefer the OpenSource over ClosedSource but will use the best product out there that is used by the masses.

Releasing a plugin for GnuPG/PGP would allow it to be used in a more widespread audience in a quicker timeframe.


Eat your cake... (4, Interesting)

thrillbert (146343) | more than 11 years ago | (#4417929)

Just because you patent the information, does not mean that it cannot be made available to the Open Source community. There is plenty of software out there that is available for free for personal use, but requires licensing for business use.

Patenting the software will ensure that *YOU* get some of that dough, while ensuring that *YOU* decide how it is going to be used, and who will use it. If you do not patent it, chances are that someone else will figure out a way to patent something extremely similar to it, and then charge *YOU* to use your software.

If you need some help with the $20k, let me know. I am almost sure you can raise it by asking 1000 /.'ers for $20 each.. I know I'll be more than happy to help!

Children seldom misquote you. In fact, they usually repeat word for word what you shouldn't have said.

First off, I'd show my credentials (1)

AxelTorvalds (544851) | more than 11 years ago | (#4417930)

And explain why I have thought of something that none of the experts have and what makes me an expert.

10 to 1, there is a huge hole in the idea.

Then I'd try to get some peer review. There are a lot of people around to do this, they will sign NDAs to do it. (Skipjack and the RCx algorithms proved that)

Then if it is still standing, I'd get a patent to buy time to figure out what to do with it.

The first thing (4, Funny)

tezzery (549213) | more than 11 years ago | (#4417932)

The first thing I would do is change my ISP/e-mail address.. no one is going to believe you with your current AOL one.

Some suggestions... (3, Insightful)

sssmashy (612587) | more than 11 years ago | (#4417939)

1. Sign a non-disclosure agreement with a reputable encryption expert.

2. Pay said expert a fee to examine your system and comment on its merit.

3. If your system has potential but needs adjustment, repeat #1 and #2 as necessary, if possible with different experts (within the limits of your financial resources, of course).

4. If you are still convinced that your system is worthy, hire a patent lawyer and patent it.

5. Don't try to sell it on your own. Instead, try selling it to an encryption firm or software distributor, using the expert opinions from #1 and #2 to bolster your sales pitch.

6. If you find a buyer, try to license your encryption system rather then sell it outright.

7. ...

8. Profit!

Re:Some suggestions... (0)

Anonymous Coward | more than 11 years ago | (#4417974)

Step seven is supposed to be:
7. ???
8. Profit!

Kip Knight from Prism Research? (1, Informative)

Anonymous Coward | more than 11 years ago | (#4417942)

Is it this Kip Knight? []

I suppose Prism Research feels it could use a little venture capital...

"About Prism Research

Prism Research was founded by Jonathan Kipling Knight in June of 1997 in order to provide meaningful research tools to the Newton community.[...] Jonathan Kipling Knight has a BS in Physics, an MA in Applied Mathematics and is pursuing a PhD in Computer Science."

Publish it... (2)

PissingInTheWind (573929) | more than 11 years ago | (#4417943)

... then be told by experts why you were mistaken, what you did wrong and how your design can't be fixed.

Then, who cares about a patent on something that doesn't work and isn't secure?

Crypto security and validation comes from peer review. Don't lose your time.

Banners (1)

_14k4 (5085) | more than 11 years ago | (#4417946)

Release it to the world free, the only way people make any money these days is with pop-up windows anyway..

So, release it on your .com and have it hidden inbetween gobs of banners. ;)

What to do first? (3, Informative)

Frobnicator (565869) | more than 11 years ago | (#4417947)

It isn't a matter of "do I patent or publish freely?" since in the US, you can patent a year after publishing. If you really care, the steps should be:
  1. Talk to a lawyer and tell him that you have an idea. If it REALLY IS a good idea, the small investment in a good IP lawyer at that point is a good thing. The idea still needs community work and approval, but you still want to retain ownership should the idea succeed. He should advise you that a patent is a bad idea at that point, a better idea would be one of many publication or trade secret options.
  2. Talk with the community. Post everything about it to all the crypto newsgroups. Get the routines published in the proper community forums and conferences. If it is good enough it will make it into any of the IEEE or ACM conferences. Encourage feedback. That cannot be stressed enough. ANY GOOD SECURITY MECHINISM, PATENTED OR PUBLIC, MUST HAVE ALL ITS PARTS STUDIED CAREFULLY BY EXPERTS. There is no way around that.
  3. Write and publish the extensions. Write the GPG extension, and extensions for the Windows shell, and Outlook, and Eudora, and Pegasus, and everything else. If it doesn't get adopted it won't matter if you patent it since it won't get used.
  4. If at the end of the year it looks profitable, patent it. Your lawyer should have told you that also. If you know that it won't be possible to recoup the money, don't do it.
So that should answer the original question: "Could I sell enough $10 shareware GPG extensions to compensate for not locking in 20 years of patent protection (and the $20,000 to patent it)?" If at the end of the first year you haven't made a dime and haven't had the routine published or accepted in the community, you probably never will.


aol... (5, Funny)

zsmooth (12005) | more than 11 years ago | (#4417948)

Does it bother anyone else that the creator of the encryption scheme that will save the world uses AOL? (check his email addy...)

Don't be too sure of yourself (5, Insightful)

Erbo (384) | more than 11 years ago | (#4417949)

I suggest you begin by reading this [] , and maybe also this [] , both by Bruce Schneier, one of the foremost experts in cryptography and computer security today. Then re-evaluate your expectations about the potential success of your new algorithm, because it's possible you're deluding yourself.

I'm sorry to burst your bubble, but there have been a lot of great mathematicians and cryptographers that have tried to design good, secure algorithms over the past few decades. Very few have actually managed to create algorithms that'll stand up under analysis. You may think you've done so, but it's going to take a lot to convince everyone of that.

In a hypothetical universe... (2)

back_pages (600753) | more than 11 years ago | (#4417950)

I would find some handy excuse to sneak into the film industries' online DVD archives and encrypt everything with my new unbreakable scheme so that every DVD they pressed was completely unusable until I elected, of my own benevolence, to allow them to be viewed. I would do this to protect the rights of the consumers, who might otherwise be unwittingly subjected to legal rights.

Nah, screw it. I'd just do it because it would be funny to use real encryption to compensate for fake encryption while locking the greedy corporations out of their own products. Turnabout is a bitch, eh?

One time pad? (0)

Anonymous Coward | more than 11 years ago | (#4417952)

is it really worth it if the padd is: 0xFFFFFFFF?

My approach (1)

Tablizer (95088) | more than 11 years ago | (#4417954)

Well, the first thing I would do is wk6bnbzrqremf62374blksjlkslkjsdsjssl slkj2l3aks4eibnmmcoi422j almslkjasoiv asalkmdc lka2dmv sl55y as qw3e vuc64mzplka sdlkf ol64kas3sd lkj

Patent Pending...... (2, Informative)

isotope23 (210590) | more than 11 years ago | (#4417955)

You state that it will take 20G's this is not quite true. When you put in a patent request,
it should cost a couple hundred bucks at most.

I have read that the process takes about 2 years before they will get back to you saying YEA or NAY. It is at that point that you must come up with the money for the patent.

The trick is patent PENDING. Once you have put in the request your invention is protected (assuming that the patent office comes back in 2 years to grant the request)

If you believe it will work, then scrape up the dough for the application. Once you have applied, you can then get third party verification, or release your own application to test the market, and still be protected.

P.S. if you are in the USA, check out the Small Business Association, and their SCORE program.
This should get you on the right track.

The question seems fuzzy (2, Insightful)

RealAlaskan (576404) | more than 11 years ago | (#4417958)

First, ``patent it'' and ``give it to the world'' aren't mutually exclusive. You can patent, and then give all users a free, non-revocable license. This is probably a good idea, to avoid being abused by holders of other patents. Or, you could give such a license for use only in software issued under your favorite license(s) (GPL, maybe?).

You say that it is ``... proof (i.e. unbreakable) against brute force attacks and known-plaintext attacks .... Can you prove that? Can you prove it well enough that a mathematician won't laugh at you? If you haven't gotten this reviewed by some competent cryptographers, the whole issue is probably moot anyway.

As for your explicit question: `` Could I sell enough $10 shareware GPG extensions ...'' I suspect that the answer is ``probably not''. PGP doesn't seem to have sold very well, and cryptography doesn't seem to be a hot seller right now. Patent or not, this may not be a big money maker. A better way to have phrased your question might have been: ``Is this invention likely to make enough money that I could come out ahead by patenting it?''

A better place to have asked your question might have been a forum where cryptographers hang out. I'm not sure that a lot of them will see this here on slashdot. If you have some sort of credentials as a cryptographer or mathematician, you might try sending emails to some patent-holding cryptographers, and ask about their opinions on your algorithm, and their experiences with patents.

Try to break it (5, Funny)

L. VeGas (580015) | more than 11 years ago | (#4417962)

Iay avehay ay ewnay encryptionay ethodmay ootay. Itay amecay otay emay inay ay eamdray.

get a provisional patent (1, Informative)

Anonymous Coward | more than 11 years ago | (#4417969)

Get a provisional patent, then publish and see what happens. A provisional patent is cheap ($20-40) and it establishes the date of submission. The paper work is also very light and the patent office doesn't even take a look at it. If you decide not to follow up on it, then you lose out on $20. It's the best way to go.

Even if it is not genuinely novel... (1)

chaboud (231590) | more than 11 years ago | (#4417973)

If it is something as silly as having a really big pad into which you index with a key, or double (triple, quadruple, etc...) flip/rotate/seed from, you might not want to bother wasting your time trying to patent it.

Of course, the USPTO will let you patent just about anything [] , so it might be worth it anyway.

Honestly, most of the people here (the ones who aren't joking) are right. Patent it first, and then figure out what you want to do with it. Don't show it to some company with a flimsy NDA. At most, show it to someone you trust so they can tell you that you're off your rocker.

Hooray for Snake Oil - Go for it, Patent your Oil (1, Informative)

Anonymous Coward | more than 11 years ago | (#4417975)

"The advantages are proof (i.e. unbreakable) against brute force attacks and known-plaintext attacks (unlike the OTP)."

OTP is not vulnerable to brute force attacks. Unless you use the key more than once. But in that case, it's no longer an OTP, is it?

Known plaintext attacks really aren't applicable to OTPs. Since key material in an OTP can only be used once, if you have any two of the plaintext, the key material, and the ciphertext, you have all the information you need. So what do you mean by OTPs having known plaintext attack weakness? Do you mean that if you have the ciphertext and the plaintext you can recover the keying material? That is certainly true, but doesn't really matter since any intelligent use of OTPs always requires that plaintext and key material NOT be exposed to your enemy, and without two of the three, your enemy provably cannot discover any of the other unknowns. Or do you mean something else?

Your statement and claims so closely match the modus operandi of snake oil crypto vendors that I seriously doubt you have anything of value in your invention.

I suggest you go ahead and patent your idea, then present it to the world. I doubt it will stand up, but hey, you could always form a snake-oil selling company (or use an existing one) to try to recoup your patent expenses. Such companies love to tout "patented" algorithms.

And in the unlikely event your discovery truly is revolutionary, a patent is just good sense.

Go for it!

An old sea chanty (1)

Arcaeris (311424) | more than 11 years ago | (#4417980)

What will we do with new encryption?
What will we do with new encryption?
What will we do with new encryption?
Early in the morning.

Ask Slashdot - get these same answers:
Ask Slashdot - get these same answers:
Ask Slashdot - get these same answers:
Early in the morning.

"Don't bow down to patent pressure,"
"Don't bow down to patent pressure,"
"Don't bow down to patent pressure,"
Early in the morning.

"Open source is ALWAYS better,"
"Open source is ALWAYS better,"
"Open source is ALWAYS better,"
Early in the morning.

"Don't forget Step 3: Profit!!!"
"Don't forget Step 3: Profit!!!"
"Don't forget Step 3: Profit!!!"
Early in the morning.

"Why not build a Beowulf cluster?"
"Why not build a Beowulf cluster?"
"Why not build a Beowulf cluster?"
Early in the morning.

That's what you do with new encryption,
When you ask on Slashdot.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?
or Connect with...

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>