Subject: Re: The Pledge model -- K5 generates 6 mos income in three days
From: Ian Lance Taylor <ian@airs.com>
Date: 27 Jun 2002 09:55:06 -0700

"Stephen J. Turnbull" <stephen@xemacs.org> writes:

>     Ian> "Stephen J. Turnbull" <stephen@xemacs.org> writes:
> 
>     >> And _some_ software (RSA comes to mind) is sufficiently hard to
>     >> reimplement from the spec (Diffie- Hellman IIRC) that making it
>     >> proprietary always makes business sense.
> 
>     Ian> RSA is easy to implement if you understand number theory.  I
>     Ian> did it once in about a month,
> 
> Starting from _Diffie-Hellman_'s public-key algorithm as the spec?
> You're even smarter than I thought already![1]

I misunderstood.  You're right, of course: I worked from the RSA
paper; I didn't try to invent my own one-way trap-door function.

> _Anything_ is easy to implement (in this sense) once the algorithm is
> published.  The point is that, given the patent (== the relevant form
> of "making it proprietary" in this case), RSA had a couple of years
> lead before implementations of D-H that did not violate even the
> patent's narrowest claims (ie, w.r.t the specific number-theoretic
> algorithm implemented in RSAREF inter alia) appeared.

It's interesting to note that at that time, patents were valid for 17
years from date of grant, so M.I.T. used various procedural methods to
delay the grant of the patent until well after the paper was
published, rightly foreseeing that the patent would be more valuable
toward the end of the 17 years than the beginning.  (Patents are now
valid for 20 years from date of filing.)

It's also interesting to note that, at least as I recall, RSA was not
the first implementation of a public key algorithm.  I believe the
first implementation was Diffie's knapsack algorithm.  RSA is merely
the first one which has so far not been demonstrated to have a hole.

(And RSA could still have a hole.  It might be possible to efficiently
factor the particular types of numbers used in RSA without being able
to efficiently factor an arbitrary number.)

And, finally, RSA would not be valuable without revealing the
algorithm.  Few people would simply trust their security to such a
system if the algorithm were not available for inspection.  So the
only way to keep RSA proprietary was a patent.  Of course, that's a
special characteristic of crypto algorithms.

Ian