"Stephen J. Turnbull" <stephen@xemacs.org> writes: > Ian> "Stephen J. Turnbull" <stephen@xemacs.org> writes: > > >> And _some_ software (RSA comes to mind) is sufficiently hard to > >> reimplement from the spec (Diffie- Hellman IIRC) that making it > >> proprietary always makes business sense. > > Ian> RSA is easy to implement if you understand number theory. I > Ian> did it once in about a month, > > Starting from _Diffie-Hellman_'s public-key algorithm as the spec? > You're even smarter than I thought already![1] I misunderstood. You're right, of course: I worked from the RSA paper; I didn't try to invent my own one-way trap-door function. > _Anything_ is easy to implement (in this sense) once the algorithm is > published. The point is that, given the patent (== the relevant form > of "making it proprietary" in this case), RSA had a couple of years > lead before implementations of D-H that did not violate even the > patent's narrowest claims (ie, w.r.t the specific number-theoretic > algorithm implemented in RSAREF inter alia) appeared. It's interesting to note that at that time, patents were valid for 17 years from date of grant, so M.I.T. used various procedural methods to delay the grant of the patent until well after the paper was published, rightly foreseeing that the patent would be more valuable toward the end of the 17 years than the beginning. (Patents are now valid for 20 years from date of filing.) It's also interesting to note that, at least as I recall, RSA was not the first implementation of a public key algorithm. I believe the first implementation was Diffie's knapsack algorithm. RSA is merely the first one which has so far not been demonstrated to have a hole. (And RSA could still have a hole. It might be possible to efficiently factor the particular types of numbers used in RSA without being able to efficiently factor an arbitrary number.) And, finally, RSA would not be valuable without revealing the algorithm. Few people would simply trust their security to such a system if the algorithm were not available for inspection. So the only way to keep RSA proprietary was a patent. Of course, that's a special characteristic of crypto algorithms. Ian