Patented Cryptography
Table of Contents
This article is part of the Quantum Snake Oil Dictionary — a series examining terms used in quantum technology marketing. The series is divided into Red Flag Terms (terms with no established technical meaning that almost always signal hype or fraud) and Misused Terms (legitimate concepts routinely stripped of context in marketing). This entry is a Misused Term.
“Patented Cryptography”
A note before we begin. This entry examines “patented cryptography,” along with “patented encryption” and “patent-pending security,” as the phrase appears in product marketing. I am not writing about any specific company, product, or individual. A vendor that holds a cryptographic patent might be selling strong technology or weak technology. The patent itself does not tell you which, and that is the entire point of this entry.
What a Patent Actually Certifies
A patent is a grant from a national patent office. To obtain one, an inventor must show that the claimed invention is new, non-obvious to a skilled practitioner, and useful. An examiner searches prior art to decide whether the idea has been described before and whether it represents an inventive step. That is the whole test.
Notice what is absent. Nowhere in that process does anyone evaluate whether a cryptographic scheme is secure. There is no cryptanalysis stage at the patent office. Examiners are trained to assess novelty, not to mount differential attacks or check whether a key-recovery shortcut exists. A scheme that is trivially breakable can be patented as readily as one that is sound, provided the broken scheme is novel. Novelty and security are unrelated properties, and a patent measures only the first.
This is not a flaw in the patent system. Patents exist to protect commercial rights in an invention, not to certify its fitness for a security purpose. Expecting a patent to vouch for cryptographic strength is like expecting a trademark registration to vouch for a product’s safety.
Security Comes From Analysis, Not a Grant Number
Cryptographers settled this question long ago. A cipher earns trust by being published, attacked, and left standing after sustained effort by people motivated to break it. This is the working meaning of Kerckhoffs’s principle: a system should remain secure even when everything about it except the key is public knowledge. Secrecy of the design is not a security property. It is a liability waiting to be discovered.
The NIST post-quantum cryptography standards show how real assurance accumulates. The algorithms now published as ML-KEM, ML-DSA, and SLH-DSA went through multiple rounds of open competition across several years, during which cryptographers worldwide tried to break every candidate and published what they found. Several submissions died in public during that process. The survivors are trusted precisely because thousands of expert-hours were spent attacking them in the open. None of that assurance came from a patent. As Bruce Schneier has put it, the good cryptography is not the patented cryptography.
Patents Are Orthogonal to Security
The cleanest way to see that a patent says nothing about security is to look at cases on both sides.
RSA was patented (U.S. Patent 4,405,829) and is one of the most analyzed and trusted public-key systems in history. NTRU, a lattice-based scheme whose descendants influenced today’s standardized PQC, was also patented and is well regarded. Patents did not make either one secure, but they did not make them suspect either.
Now the other side. The Algebraic Eraser, a patented key-agreement protocol promoted for low-power devices, was broken by cryptanalysis despite its patent. The patent protected a commercial position; it did nothing to stop the attack. Patent status and security are independent variables. Knowing that a scheme is patented should move your estimate of its strength in neither direction.
When “Patented” Becomes a Red Flag
If a patent is neutral, why include the term in a dictionary of warning signs? Because of how it gets used. The signal flips from neutral to negative when a patent is offered as the security argument itself, and especially when it is paired with a refusal to disclose the design for independent review.
Schneier described the pattern decades ago with a company called TriStrata, which claimed a proprietary security solution it would not explain because the method was patent-pending. The result, he noted, is that the patent and the proprietary control give cryptographers a reason not to analyze the claims at all, leaving customers to simply trust the vendor. He captured the absurdity with an analogy worth keeping: be wary of the doctor who says he has invented and patented a brand-new treatment made of tortilla-chip powder, has never tried it on anyone, but is certain it works better than anything else.
A patent is a public document. If reading the design would let an attacker break the scheme, the scheme was never secure to begin with. So when a vendor leans on “patented” as a reason to trust the security while declining to let anyone examine the cryptography, the patent is functioning as a substitute for scrutiny rather than as protection for a design that has also survived it.
Questions to Ask a Vendor
“Is the underlying algorithm published, and has it been independently cryptanalyzed?” A patent is already public, so there is no secrecy argument against publishing the cryptographic design. If the answer is no, ask why not.
“Which standardized algorithm does the product implement, and what specifically does the patent cover?” A patent on a protocol, a hardware optimization, or an integration method is ordinary and fine. A patent presented as the reason the encryption is unbreakable is the thing to question.
“If the patent is the security argument, what stops an attacker who simply reads it?” This question has no good answer when the design depends on secrecy, which is exactly why it is worth asking.
The Bottom Line
A patent certifies that an idea is new and non-obvious. It says nothing about whether a cryptographic scheme is secure, because the patent office performs no cryptanalysis. Strong cryptography and weak cryptography are both patentable, and real-world examples sit on both sides of the line. Treat “patented” as commercial information, not security information. The cryptography worth trusting is the cryptography that has been published and attacked in the open, whether or not anyone also filed a patent on it.
My company – Applied Quantum – helps governments, enterprises, and investors prepare for both the upside and the risk of quantum technologies. We deliver concise board and investor briefings; demystify quantum computing, sensing, and communications; craft national and corporate strategies to capture advantage; and turn plans into delivery. We help you mitigate the quantum risk by executing crypto-inventory, crypto-agility implementation, PQC migration, and broader defenses against the quantum threat. We run vendor due diligence, proof-of-value pilots, standards and policy alignment, workforce training, and procurement support, then oversee implementation across your organization. Contact me if you want help.