patents in crypto

patents.md

Infamous patents in cryptography

• 1976-1977 - Diffie-Hellman - the patent was filled more than a year after the idea was circulated/published, thus was invalid. The invalid patent expired in 1997.
• 1991 - Schnorr signatures - Schnorr is obviously the best signature scheme we have, yet the NIST went ahead and standardized the sub-primitives DSA and ECDSA to circumvent Schnorr's patents (Schnorr was not happy 1, 2). In 2008 the patents expired and EdDSA and other schnorr-based signatures started flourishing again.
• 1996 - NTRU - The algorithm was placed in the public domain in 2017.

  A note on patents. One reason that NTRU is not more widely deployed is that there have been patents restricting its usage for most of its lifetime. source

• 2001 - OCB - OCB was a beloved mode of operation for encryption invented by Rogaway, which has been sadly not adopted at all due to patent issues. (more)

RSA was patented until 2000. I believe the decision to use a DSA/ElGamal combination for GnuPG for a long time was due to the RSA patent.

IDEA was one of the post-DES-but-pre-AES algorithms, found this old Schneier interview:
https://slashdot.org/story/99/10/29/0832246/crypto-guru-bruce-schneier-answers

Early PAKEs where patented and certainly hindered their adoption (cf CFRG pake standardisation process)

• https://en.m.wikipedia.org/wiki/SPEKE#Patents
• https://en.m.wikipedia.org/wiki/Encrypted_key_exchange#Patents

There's an endomorphism trick to speed up elliptic curve multiplication which is sadly patented.

https://patents.google.com/patent/US20060029222

at 40:00 interesting discussion on patents: https://www.brighttalk.com/webcast/17700/396129?utm_campaign=communication_reminder_starting_now_registrants&utm_medium=email&utm_source=brighttalk-transact&utm_content=title#/register

kenny says that patents delayed ECC for 10-15 years

yehuda says that patents are the reason we don't use PAKE today