[PATCH] Add NTRUEncrypt public key encryption algorithm

Opal Raava opalraava at riseup.net
Tue Sep 15 23:39:18 CEST 2015


Hi Zhenfei, all,

On 09/14/2015 04:16 PM, Christian Grothoff wrote:
> For including NTRU in libgcrypt, the GPL vs. LGPL and the
>    patent issue are crucial. One of the issues that I had/have
>    with NTRU is that the GPL-only exceptions to the patents
>    will make it tricky for NTRU to become a widely used
>    cryptographic primitive.  While I like giving free software
>    an edge, this also means that it is less likely to be the
>    most widely used PQ system, and thus also not the most
>    analyzed/understood.  If the license were changed to LGPL
>    and the patent clause broadened to cover LGPL libraries,
>    that concern would disappear. (Note that GNUnet is GPL,
>    so for GNUnet this does not matter too much.)
> 
>    In any case, if this integration with libgcrypt does eventually
>    go ahead, I would strongly urge that the FSF also looks over
>    the specific patent exemptions and that this is done in writing.

Yes, I agree, the licencing issue seems to be the main obstacle with
NTRU. The LGPL allows fpr the free use of the libgcrypt library in
closed source commercial software. And that is incompatible with the
licensing model and patents of Security Innovation.

NTRU Patent Licensing -
https://github.com/NTRUOpenSourceProject/ntru-crypto/blob/master/PATENTS.md

FOSS License Exception -
https://github.com/NTRUOpenSourceProject/ntru-crypto/blob/master/FOSS%20Exception.md

I'm not a laywer, but it seems a bit odd to me that Security Innovation
allows for the use of the NTRU encryption in LGPL, BSD and other such
permissively licensed open source software (libraries), because these
licences actually do allow for the use of the sofware in commercial
products. It seems to me that NTRU can only be used with certain FOSS
licences, and not others.

Cheers,
--Opal



More information about the Gcrypt-devel mailing list