[Cryptography] Toxic Combination

Ben Laurie benl at google.com
Fri Dec 12 06:19:09 EST 2014

On 12 December 2014 at 06:15, Bill Frantz <frantz at pwpconsult.com> wrote:
> On 12/11/14 at 12:25 AM, grarpamp at gmail.com (grarpamp) wrote:
>> What is the revenue model of AES, OpenPGP, SHA3, ECDHE...?
> In the case of AES, many companies agreed they needed a common, trusted
> encryption algorithm to replace DES. NIST ran a competition to select one
> and AES was the result. Many companies have build products that incorporate
> In the case of OpenPGP, PGP was built by Phil Zimmermann for political
> reasons to protect activist's data. Commercial use required a fee. I agree
> that PGP was not primarily motivated by the profit motive. Its success was
> due to being the only choice available, and the fact that it worked. Note
> that PGP Corporation was a purely commercial enterprise based on PGP.
> SHA3's history is similar to AES. It is also driven by commercial interests
> which need compatibility and trust.
> The Diffie Hellman algorithm was granted U.S. Patent 4,200,770 and was
> assigned to Stanford University. While Stanford's interest was primarily in
> encouraging academic research, they did try to make money licensing the
> patent. ECDHE is an implementation of Diffie Hellman using elliptic curves
> instead of modular integer multiplication which gives faster implementation
> with smaller data. Again, the commercial interests drove ECDH's adoption
> (after negotiating a minefield of patents).
>> What of protocol creator Bitcoin, Pond, FOSS... where the revenue them?
> I wouldn't be surprised if the developer of the Bitcoin protocol didn't
> extract some money as an early adopter. There is, of course, no proof.

I thought it was well known that "Satoshi" holds many Bitcoins?

> I don't recognize Pond or FOSS, and I've done enough free research for
> tonight.

FOSS is "Free/Open Source Software". Pond is a secure messaging system
by Adam Langley.

You don't make a strong case for your rather over-broad claim above.
Though I do agree that crypto (like pretty much everything else) does
require someone to somehow support those who develop it. And those who
deploy it need to have a reason to bear the costs of doing so. And so
on. But this is not as simple as "No security protocol will achieve
wide adoption unless it includes a revenue model which someone can use
to build a business." You "explain" several counter-examples above,
for instance.

More information about the cryptography mailing list