CNRS "Innovation"

368 views
Skip to first unread message

Vadim Lyubashevsky

unread,
Jun 8, 2021, 7:18:20 AM6/8/21
to pqc-forum
Dear all,

Dustin pointed to the statement that CNRS put out regarding the NIST PQC effort: https://www.cnrsinnovation.com/?lang=en

Given this statement, I don't see why we should be paying any attention to them anymore -- anyone can write what they did.  

It begins with (emphasis obviously mine):
"CNRS ...  is managing certain patents which may, or may not, be relevant to one or more proposals submitted to the National Institute of Standards and Technology"

If you're a research institution, you should know what your patents are about.
So if you really have a relevant piece of IP and want to maximize its value, you should state in great detail why it's relevant -- and then I think people will be willing to pay a reasonable price for it. There is simply no advantage to being so coy if you actually have something truly valuable.  So the "may, or may not, be relevant" part is nothing more than a bluff hoping that someone assumes the "may" part and pays them ahead of time. (They basically admitted in a court proceedings that it is not relevant to anything where key-generation does not commute with encryption -- like Kyber/Saber.)

Or perhaps even if we assume that it's not relevant, we may still feel good about paying because

"Such compensation is dedicated to be reallocated to public research laboratories in order to continue their fundamental research programs."

While I certainly support public research, and have myself worked for a French public laboratory for five years, I am not sure that this is good advertising.  Does ransomware try to sway you into paying by appealing to your desire to fund research which will produce even better ransomware?  What's going on here is exactly the opposite of what public research should be about.

They end with,      
"Such terms will be detailed and published in the upcoming months."
I am assuming that this means that they'll publish their bitcoin address.  

I am happy that at least one French researcher (who has no horse in this standardization race) is publicly showing his disappointment with CNRS and calling this FUD out for what it is -- but there should be more. 
 
Dustin asked a question about what people think about IP and standards.  Obviously, most will rightfully say that standards should not have IP. But how do we know that anything is safe from some IP -- even the NTRU submission is not really the NTRU from 20 years ago, and someone could have some patent on a minor new aspect of it. And it might even be a legitimate patent and they are keeping quiet about it. So my view is that the only protection is standardizing some fallback options and making it easy to fall back on them.

Best,
Vadim

Reply all
Reply to author
Forward
0 new messages