Cryptology, Politics, and Business - Cryptology Unlocked

Cryptography Reference

In-Depth Information

Let's stick to the facts: the German government financed a project in connection

with the GnuPG mail encryption software (see Section 7.1.4) and supported

its proliferation. Doesn't that speak for itself?

Patent-Law Issues

Things are slightly different when it comes to patents. Somebody who develops

software knows how much money and time is involved. Good cryptographic

algorithms are even harder to develop and to study. So, the question as to who

is supposed to pay for this work is justified.

One solution could be publicly financed research. That's one reason why all

software developed at universities is a priori free in the USA. This is how a

considerable part — if not the largest part — of free UNIX software came about,

and subsequently has had a positive effect on developments all over the world.

I just mention two buzzwords: 'Linux' and 'Open Source'.

However, not all research is publicly financed. Shareware would be a good

concept: users voluntarily pay a one-time fee for using the program, and pro-

liferation of the software itself would be unlimited. (Experience has shown

that shareware doesn't work in Germany, though.) But only programs can

be shareware, algorithms can't. Imagine you work in a bank's procurement

department, and you've just bought a novel type of ATM from IBM with the

following note: 'This ATM implements the cryptographic shareware algorithms

and protocols SDETY, XPKKL, and ACS-15. Please transfer the amount of

200 dollars each to ... '

I guess there are currently only two ways to make money with algorithms.

•

One, you can keep your algorithm secret and charge license fees for its

usage. This was the case with RC4 for seven years until this algorithm

was disclosed in an unauthorized way (see Section 5.6). Now basically

everybody can use it legally, though RSA might sue.

That's the big disadvantage for designers: once your product is disclosed,

the source of money starts drying up. The disadvantage for users is that

the algorithm cannot be studied globally. Nobody knows whether it has

become known to good cryptanalysts, and whether they have found a

backdoor. This should ideally cause acceptance problems among users

so that they will reject this algorithm. The real world is far from being

ideal, though. Imagine RC4 had been cracked before it was disclosed. A

large number of programs use this algorithm.

Search WWH ::

Custom Search

Home