[Cryptography] To what is Anderson referring here?

ianG iang at iang.org
Thu Jun 5 08:07:10 EDT 2014


On 5/06/2014 01:50 am, Kevin W. Wall wrote:
> On Wed, Jun 4, 2014 at 7:37 AM, Jerry Leichter <leichter at lrw.com> wrote:
>> On Jun 4, 2014, at 4:03 AM, fukami <lists at foo.io> wrote:
> [snip]
>> The results are of both theoretical and practical interest.  From a
>> theoretical point of view, it would inform, with actual data, the debate
>> about the public interest issues in patents:  If the only real effect of
>> crypto patents is to make the subject of the patent unavailable to the
>> public for the patent's lifetime, then patenting of such material does not
>> fulfill the public interest goals of making inventions broadly available.
>> From a practical point of view, if it can be shown that patents in this area
>> are essentially worthless - you pay to get a piece of paper, but no one will
>> buy what you're selling - it might be easier to convince people to freely
>> license their patents (assuming they get them at all).
> 
> OT wrt TC, but as long as we're discussing crypto patents, wouldn't it
> depend on how viable the alternatives are? For instance, if you wanted
> to signature blinding, didn't Chaum's and Brand's patents about cover
> all other conceivable alternatives?

>From memory of this time, Brands' was the best, but it required a 2
phase commit.  Chaum's was ok.  But also, Wagner was pretty good too, as
it made up for some shortcomings because it was patent unencumbered.
There were three others on the list at the time, but we concentrated on
BRN -> Wagner -> Chaum -> Brands.  BRN is just BigRandomNumbers which
act the same way so the software can shake out.

Again from memory, this was a deeply researched topic back in 98-01 or
so until we actually started fielding blinded cash and discovered that
... there wasn't so much interest any more.

So my conclusion is this:  the blinding formula (patent) actually played
more of a role as a signal than as a barrier.  99% of the people you
deal with won't see the difference.  Not seeing it as a signal that
could be bypassed meant that 99% of the activity was wasted.  By
bypassing the signal and finding the real ways around it, success was
possible.

Today, the blockchain is the signal, but it isn't the business.  You'll
note the same fervour for "must be blockchain" as back then, "must be
blinded."

Zerocoin again sits at the hilarious intersection of these signals and
is not getting as much attention as either did, purely.


> Of course maybe there was not that
> much of a market for signature blinding once the digital cash market
> spun out. Of course, in general, I'd agree with you, but I think it's usually
> because there's some other way--albeit not as efficient--to achieve
> similar outcomes.


Yes, precisely.  There is always another way.  Back in the day, to avoid
blinding patent, we used psuedonyms that allowed you to create multiple
accounts, which coupled with low entry barriers and distributed issuers,
made for reasonably strong privacy.  That could also be combined with
blinding if one was keen enough (had the patent, or alternative).  These
days you would want to mix blinding with blockchain, as blockchain has
published ledger, which is pathetically traceable.  c.f., Zerocoin.

However, while this cypherpunk focus was fun and interesting back then,
things have changed.  In order to ensure privacy we have to also now
conquer KYC/AML.  Which means we have to use more advanced 2000s designs
to integrate in the requirements, and focus at the institutional level,
not the transactional level.  Once this is in place, the old ideas about
transaction privacy look a little quaint.



Back to patents.  There is always another way.  In cryptography, RSA is
the only patent that ever made a lot of money, as far as I am aware.
Yet, even with that, there was another way:  DSA & ElGamal.

I agree with the general thread.  Someone needs to do a long term study
showing the relationships between patents, value to owner, value to
society and cost to society of crypto patents.  It's probably a PhD
topic in econ.



iang


More information about the cryptography mailing list