I see one problem with adding NTRU to Crypto++ library. Crypto++ can be used by anybody for any purpose, which includes using the code in commercial products.
NTRU is explicitly licensed under GPL, which explicitly forbids commercial use (unless you purchase a commercial license). I don’t want to have Crypto++ contaminated by code with a license far more restrictive than what it has now. My $.02. P.S. Reading about Snowden and the noise that has been following, I wonder whether Lithium on this planet recently ran out. On Feb 11, 2014, at 16:16 , Ruben De Smet <[email protected]> wrote: > Hi all, > > I have some questions on an interesting topic (I think). > > Introduction > ------------ > > NTRU is a public key cryptosystem which is not known to be breakable by > Shor's algorithm, to which RSA, ElGamal and their associated algorithms > are vulnerable with a significant risk when quantum computers become > more powerful. > NTRU is a lattice based cryptosystem. > As I believe that an alternative should be available before there are > (known) quantum computers which are able to run Shor on a real life key, > I am investigating possibilities on this topic for a long time now. > These investigations have been accelerated since Edward Snowden has > revealed that those things that have been written by Dan Brown are > becoming true. > > My proposal > ----------- > > I would be very interested in implementing the NTRU algorithm for > CryptoPP. I would publish in public domain (or at any other license) so > the code can be merged in the CryptoPP code. > > Issue > ----- > > - As NTRU is patented, I want to ask the list if there are any issues in > implementing this algorithm in a public source code. Should we ask > permission form the authors? > There is a (GPL'ed) implementation available. As the code of CryptoPP is > public domain (and the compilation Boost 1), I would suggest of > rewriting the whole thing. I could still write unit tests based on > CryptoPP and the official implementation under GPL license, apart from > the CryptoPP code. > > The readme file in the official C++ implementation [1] states > "Furthermore, the open source licensing allows users to implement the > NTRU algorithm in other languages and for other operating systems beyond > those we currently support." > I read this as "yes, we can". > > What are your suggestions and opinions? > Are there other people working on this yet? > Are there other issues of which I should be aware? > > Ruben De Smet - aka rubdos >
signature.asc
Description: Message signed with OpenPGP using GPGMail
