Infamous patents in cryptography
- 1976-1977 - Diffie-Hellman - the patent was filled more than a year after the idea was circulated/published, thus was invalid. The invalid patent expired in 1997.
- 1991 - Schnorr signatures - Schnorr is obviously the best signature scheme we have, yet the NIST went ahead and standardized the sub-primitives DSA and ECDSA to circumvent Schnorr's patents (Schnorr was not happy 1, 2). In 2008 the patents expired and EdDSA and other schnorr-based signatures started flourishing again.
- 1996 - NTRU - The algorithm was placed in the public domain in 2017.
A note on patents. One reason that NTRU is not more widely deployed is that there have been patents restricting its usage for most of its lifetime. source
- 2001 - OCB - OCB was a beloved mode of operation for encryption invented by Rogaway, which has been sadly not adopted at all due to patent issues. (more)
RSA was patented until 2000. I believe the decision to use a DSA/ElGamal combination for GnuPG for a long time was due to the RSA patent.
IDEA was one of the post-DES-but-pre-AES algorithms, found this old Schneier interview:
https://slashdot.org/story/99/10/29/0832246/crypto-guru-bruce-schneier-answers