[gjm11]

I think there are some steps missing in your argument. It seems to go something like this: (1) CR found the issue, spotted a business model, patented all the best solutions, and told the world. (2) Without patents, CR wouldn't have done this. (3) So without patents, no one would have done it. (4) So without patents, we'd all be silently vulnerable to a very general, very clever side-channel attack.

The step from (1) to (2) seems doubtful. If the CR people hadn't been able to patent a bunch of ways to deal with DPAs, they might none the less have published about them. It's not as if no one ever tells the world about a security vulnerability without a patent-based incentive.

The step from (2) to (3) seems doubtful. It seems more likely that without CR, sooner or later someone else would have thought of differential power attacks and published about them. Unless CR are just much much smarter than everyone else -- in which case, the guys in black hats would have been just as much worse off as the guys in white hats.

The step from (3) to (4) is OK, with the proviso I just mentioned: it seems that the obvious way for (3) to be true would tend to make the vulnerability matter much less.

[tptacek]

Regarding (2) to (3): sorry, I think it is --- in large part --- the fact that CRI is just much much smarter. They're a peculiar company: they do real-world implementation and high quality research. Yes, there are Dan Bernsteins and Dan Bleichenbachers in the world, but for the most part those people don't get a lot of exposure to custom hardware.

Regarding (1) to (2): sure, maybe CRI would have published even without compensation. Just like maybe I'd do my job part-time for free anyways even if I wasn't getting paid. You can say that for anyone who's doing what they love: musicians, lawyers, architects. But what's the win for not compensating CRI? Huge consumer electronics companies have to pay slightly less NRE to build new products. I'd rather have CRI in the world.

[gjm11]

If CRI really are that much smarter, then in a world without CRI the bad guys would probably never have thought of differential power attacks, in which case it wouldn't matter that they aren't there.

I don't think "maybe CRI would have published even without compensation" is at all the same as "maybe I'd do my job part-time for free". In a world in which CRI couldn't patent anti-DPA measures, I'm betting they'd still be able to get paid plenty well for doing crypto. A fair number of super-smart crypto people are, after all, and they don't all have CRI's patent portfolio. So the analogy is more "maybe I'd publish interesting and useful crypto stuff for free even though it isn't what I'm getting paid for". Which, in fact, you do.

(If you're inclined to object that what you publish for free is not innovative on the scale of the discovery of DPA attacks, let me remind you that you just claimed that CRI are much much smarter than you are.)

For the avoidance of doubt, I am not positively claiming that the world would be better with a patent system in which CRI couldn't have got the patents they have. I don't know whether it would. I just don't think your argument supports your claims very well on this point.