On Mon, Oct 25, 2021 at 7:32 PM Markku-Juhani O. Saarinen
<
mjos....@gmail.com> wrote:
> There are more ways to resolve patent conflicts than "full abandonment" or waiting for an expiration date, as proposed below. The semiconductor industry (which occupies most of my time nowadays) certainly wouldn't be able to function if it thought about patents and intellectual property like that.
This approach has been attempted in the past with cryptography and it
resulted in widespread non-adoption and a lot of traffic going
unencrypted that otherwise would have been. When you produce a good
with effectively zero marginal cost-- such as a web-browser-- the cost
of *any* patent licensing is considerable. And even those parties who
have room for some royalties still need to operate with those who do
not.
I think this is even more likely to be the case for PQC because the
threat of quantum attacks are more conjectural and users have the
option of just continuing to use their mature non-PQC cryptosystems
which are good enough unless/until practical large quantum computers
are developed. To the extent that PQ crypto is a useful hedge to
protect confidentiality decades into the future-- it's the end user
that takes on that risk, not the application developer.
If NIST standardizes an approach that the industry treats as
encumbered and fails to also standardize a viable alternative which
the industry treats as unencumbered it will cause considerable harm to
the world when parties don't deploy the encumbered thing (due to
costs) and don't deploy a non-encumbered alternative (non-standard)
and as a result leave traffic with long term exposure that could have
been prevented.
Why do you believe this process is unable to weigh IPR risks but
totally able to weigh performance tradeoffs? If anything that is
backwards: New processors are constantly coming out and new software
optimizations are constantly being developed but new systems of law
are not so common. Performance being discussed in the comparison is
only applicable to the specific devices being discussed, use a
different part and you will get different results. Application
tolerances for performance also differ significantly. The reality is
that all metrics are inherently somewhat subjective or unclear.
And in terms of adoptability, I believe for widespread adoption being
extremely clear of IP encumbrances is significantly more important
than the performance differences among any of the lattice finalists
and alternates.