On 9 Feb 2016, at 02:56, Zhenfei Zhang zzhang@securityinnovation.com wrote:
Also in the discussion we were talking about the possibility of using non-product form polynomial version of NTRUEncrypt, as this version will become patent free by Aug 2017, while the patent for product form will last for another 4 years. The main concern is that Debian will not allow patented software in the package. However, through our discussion, it turns out that we may be able to include this proposal in the next one of two release of Tor. From this point of view, both patent (basic NTRU patent, till 2017 and product form patent, till 2021) are going to be an issue if Debian does not agree with SI's patent statement. So does it make sense to keep the product form polynomials as they enables roughly 3 times faster operations on both client side and server side?
I think our priority must be consistency across platforms, rather than performance. (Personally, I really wish NTRU wasn't patented, regardless of the open-source patent grant, then we wouldn't have to be concerned about this.)
As discussed in the meeting last week: * we have to standardise on one algorithm, * many tor relays are on debian, * if debian-legal declines the patent grant for either form, tor won't be able to use that form of NTRU on debian, * and if that is so, tor will have to choose a different form or algorithm.
So it's really up to debian-legal, who I assume we've asked or will be asking.
Tim
Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP 968F094B
teor at blah dot im OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F