undefined | Better HN

0 pointstptacek16y ago0 comments

They discovered a horrible, systemic vulnerability and then patented most of the effective defenses for it. It's pure evil genius.

0 comments

JCLevesque16y ago

And that's why patents are broken.

tptacekOP16y ago

Strong disagree. They found the vulnerability. It is a remarkably interesting attack. Without their work, we'd just be silently vulnerable to the problem. I think (for instance) the DPA patents are a decent example of good-faith patents.

RSA was patent-encumbered for a long time too. You can formulate a similar argument about that. "RSA makes systems safer [ed: no it doesn't, but continuing...], so it's wrong to allow it to be patented".

gjm1116y ago

I think there are some steps missing in your argument. It seems to go something like this: (1) CR found the issue, spotted a business model, patented all the best solutions, and told the world. (2) Without patents, CR wouldn't have done this. (3) So without patents, no one would have done it. (4) So without patents, we'd all be silently vulnerable to a very general, very clever side-channel attack.

The step from (1) to (2) seems doubtful. If the CR people hadn't been able to patent a bunch of ways to deal with DPAs, they might none the less have published about them. It's not as if no one ever tells the world about a security vulnerability without a patent-based incentive.

The step from (2) to (3) seems doubtful. It seems more likely that without CR, sooner or later someone else would have thought of differential power attacks and published about them. Unless CR are just much much smarter than everyone else -- in which case, the guys in black hats would have been just as much worse off as the guys in white hats.

The step from (3) to (4) is OK, with the proviso I just mentioned: it seems that the obvious way for (3) to be true would tend to make the vulnerability matter much less.

1 more reply

j / k navigate · click thread line to collapse