tmsr - Search: ffa

1243 entries in 0.953s

asciilifeform: incidentally ~95% of the work ffa does in modexp, now, is multiplication. which means that there is further 20-25% speedup waiting to be had when i get bernsteinian optimization for karatsuba ( haven't yet figured it out, he buried it deep in a paper , as if he were an alchemist, quite cryptically ) and another 10-20% optimization if we move to unrolled comba ( see august thread. )

trinque: !~later tell apeloyee glad to see someone grinding the ffa forward with asciilifeform. get me that fixed key!

asciilifeform: there are 2 invocations of conventional ffa shift :

asciilifeform: and to make this untrue, you gotta do W (bitness of ffa) shifts by 1, at all times.

mircea_popescu: your ffa does reals modexp ?

asciilifeform: mircea_popescu: 'holes' in arithmetic suck, because they are inescapably branch conditionals. if i could not prove that div0 is impossible in the course of, e.g., modexp intermediate steps, ffa would be a wholly impossible thing.

asciilifeform: going for ordinary arithmetics in ffa, not oddball alt-arithmetic.

a111: Logged on 2017-10-05 16:07 asciilifeform: note that this is a 4097-bit ( in actual ffa, 8192b ) constant.

asciilifeform: in ordinary barretting, x loses its bottom however-many bits, to make the multiplication smaller, depending on the 'bitlength' of x; and then its gets restored with a leftshift . we can't do this, because ffa.

asciilifeform: note that this is a 4097-bit ( in actual ffa, 8192b ) constant. ☟︎

mod6: <+asciilifeform> mod6, diana_coman , whoever else was tuned in for ffa ^^^ latest . << got it, thanks!

asciilifeform: and so does `ffa , `ffa-ism

asciilifeform: so `ffa-tronic resolves to ffa

mircea_popescu: so then `ffa`-tronic not `ffa-tronic`

mircea_popescu: so then is `ffa`-tronic or `ffa-tronic` ?

asciilifeform: `ffa`.

mircea_popescu: so i would say `ffa` ? or `ffa ?

asciilifeform: imho it is much easier on human eye to say, e.g., @ffa

asciilifeform: say i want to 'infect' the line http://btcbase.org/log/2017-10-02#1719816 , now if i include @ffa it will apply likewise to it. ☝︎

asciilifeform: " ffa"

mircea_popescu: ben_vulpes yes, but if you do "ffa" you will get eg hoffa

mircea_popescu: searching for "@ffa" delivers @ffa-tronic, searching for ffa does not.

mircea_popescu: what if youi say ffa-tronic ?

asciilifeform: ( are there any extraneous ffa's ? in the log )

mircea_popescu: say @ffa instead of simply ffa so ppl can !#s "@ffa" and not get junk

mircea_popescu: so what is the idea here, if i wish to review the state of this, other than asking you, i could also what ? !#s ffa ? ☟︎

a111: Logged on 2017-10-02 19:30 asciilifeform: trinque: http://wotpaste.cascadianhacker.com/pastes/lHtia/?raw=true << unofficial ffa.ads ; http://wotpaste.cascadianhacker.com/pastes/MqgKb/?raw=true << ffa.adb

asciilifeform: my main contention is that folks who do not follow the logs, have 0 business with ffa drafts.

asciilifeform: yes, folx can get ffa snippets from archive.is/l0gz but it is clear that they are drafts.

asciilifeform: mod6, diana_coman , whoever else was tuned in for ffa ^^^ latest .

asciilifeform: trinque: http://wotpaste.cascadianhacker.com/pastes/lHtia/?raw=true << unofficial ffa.ads ; http://wotpaste.cascadianhacker.com/pastes/MqgKb/?raw=true << ffa.adb ☟︎☟︎

trinque: is the whole ffa posted anywhere?

asciilifeform: trims down gpg into a quite small (relatively to original, not, e.g. ffa) c lib

asciilifeform: it wouldn't be in any sense a 'build' of ffa.

asciilifeform: diana_coman: ffa arithmetic stack is theoretically available. however until i have barrett reduction going, it's a ~30 second modular exponentiation ( i.e. per rsa op )

mod6: how's it goin with ffa stuff?

a111: Logged on 2017-09-20 19:22 asciilifeform: and incidentally i dun have a nonleaking miller-rabin yet, need nonleaking gcd ( have on paper, but not in ffa yet )

asciilifeform: exactly like my original ffa

asciilifeform: http://btcbase.org/log/2017-09-20#1716403 << by definition monkey business with instruction timings is ~detectable~. but the other idea is, a proper ffa is very easy to fpgaize/siliconize. ☝︎

apeloyee: while loop in secretshift does a number of iterations dependent only on ffa number width and word width, so can be unrolled if those are known

asciilifeform: fortunately we don't actually need any such thing in ffa. none of the algos require shifting by a seekrit bitness.

asciilifeform: if it can't be written down without any conditional (e.g. 'if' ) statements, and also -- for a given bitness -- unrolled into writing without ANY loops -- it is not permissible routine for ffa.

asciilifeform: ( normalization LOOKS AT SECRET BITS and therefore is forbidden anywhere in ffa for any reason )

asciilifeform: ( when ffa width is determined )

asciilifeform: in any ffa routine

apeloyee: asciilifeform: is it intended that ffa doesn't have a shift that doesn't leak the upper bits of shift amount (via access pattern)?

asciilifeform: mircea_popescu: i've been thinking about sending ffa , when finished, as an article into the saecular derps' 'cryptology journals', strictly for the lulz of getting their reject barf , and then posting, a la al schwartz

a111: Logged on 2017-09-20 19:19 ben_vulpes: and as the keccacteams mention, little incentive for cryptoacademia to formalize how ARXceteras might fall over. hard work with little guarantee of payout apparently terrible strategy in a world of publishorperish + everyone pretends to ignore that none of the academics ever bothered to do the hard work of an actual ffa, preferring instead cheap outs like leaky tables

asciilifeform: and incidentally i dun have a nonleaking miller-rabin yet, need nonleaking gcd ( have on paper, but not in ffa yet ) ☟︎

ben_vulpes: and as the keccacteams mention, little incentive for cryptoacademia to formalize how ARXceteras might fall over. hard work with little guarantee of payout apparently terrible strategy in a world of publishorperish + everyone pretends to ignore that none of the academics ever bothered to do the hard work of an actual ffa, preferring instead cheap outs like leaky tables ☟︎

asciilifeform: bonus lul: https://archive.is/tK1o1 << list of public catastrophic bugs in bigint libs . bonus-2 : compiled by the perpetrators of mit's attempt at faux-ffa ( won't link separately, it's a megalith of mechanical 'proof' crapolade )

asciilifeform: barpub: actually i've been having a pretty good time avoiding pointerism in, e.g., ffa, on ordinary pc

asciilifeform: and at any rate the 'f' in ffa -- stays.

asciilifeform: there are no tables in ffa, and an ffa with a table is pointless ( if you access leaklessly, by chugging whole table each time ( we had thread ) you wipe out the time saving. )

a111: Logged on 2017-09-16 15:35 asciilifeform: ( for comparison, a NONmodular exponentiation of same width on same box with same ffa takes 0.26s. )

asciilifeform: ( for comparison, a NONmodular exponentiation of same width on same box with same ffa takes 0.26s. ) ☟︎

asciilifeform: ^ which does mean that i'ma have to a) audit the binary when ffa built for use in the field b) patch gcc/gnat not to emit DIV ☟︎

asciilifeform: this is when i point out that div0 gives maxint in ffa ( at least naked ffa, without checking first )

asciilifeform: ( it is worth remembering that ffa is not built to be a museum piece, 'shortest physically possible rsa', but grudgingly made concessions liek abandoning egyptian mul -- so long as result is still fixedspacetime -- , so that it can actually be fired in anger . )

asciilifeform: that was how my first ffa multer worked

asciilifeform: maker of cpu will almost unavoidably take an interest in 'ffa-style' arithmetizing.

asciilifeform: ffa modular mult MUST produce correct answer for ALL possible inputs a,b,n.

asciilifeform: is it not getting through that once you introduce a 2B-bit item, you are working in ffa of 2B bitness ?

asciilifeform: no ffa basic op will accept operands of unequal bitnesses.

asciilifeform: other thing, apeloyee , is that if ffa does NOT operate on mixed bitnesses. i.e. if your operands are B bits, and you introduced an intermediate of some kind that is 2B bitness, now ALL of your computations with that must be 2B wide (incl. comparisons, nullity checks.)

asciilifeform: ( modulus and both multiplicands have same bit width, and if you read the rest of ffa as has been posted here, you will know that NO such thing as normalization ever takes place, or will ever take place, all operands are assumed to be N-bit )

asciilifeform: incidentally in case it weren't obvious, much bloatier rsatrons than the one contemplated in ffa, fit in asciilifeform's head -- e.g. montgomery mult, barrett, various war crimes in that vein

asciilifeform: which incidentally i am ready and willing to produce for every single piece of ffa to date.

asciilifeform: no 'speshul rsa forms' in ffa.

asciilifeform: ( the thing is widely used in rsatrons which agree to constrain themselves thusly, but is entirely irrelevant in ffa )

asciilifeform: everything you've seen in ffa to date, is unrollable into iron circuit.

a111: Logged on 2017-08-10 19:45 asciilifeform: forn00bz: an, e.g., rsa modexp, in ffa, must be representable by a long roll of paper, on it are ops for ordinary 4function calculator, with very patient slave. and roll ONLY ROLLS FORWARD and has finite # of instructions on it, known in advance when you decide the ffa width.

asciilifeform: whole point of ffa, is this notdoing

asciilifeform: modulus bitness == operand bitness. this is ffa after all.

mircea_popescu: and congrats, you've closed the liar circle on yourself. the only task remaining is to establish whether alf lied when he claimed that mp's distributive-mod algo is already in his ffa since july ; or rather he lied when he claimed distributive mod would actually be useful ; or at some other juncture.

asciilifeform: 1) mircea_popescu describes algo for mod. 2) turns out exactly knuths's, that is in existing ffa 3) describes 'do it to each term of a+b+c in karatsuba' 4) this dun work, if it worked we would be bragging about the new 133337 recursive modular mult algo we've got

asciilifeform: mircea_popescu: the classical ffa exponentiator, for reference, looks like http://wotpaste.cascadianhacker.com/pastes/S4dWM/?raw=true . the ~modular~ exponentiator must look like http://wotpaste.cascadianhacker.com/pastes/AiB9t/?raw=true . however it needs 'first, steal the chicken', i.e. FZ_Mod_Mul and FZ_Mod_Square .

mircea_popescu: asciilifeform do you know how to ffa-base-convert ?

asciilifeform: i am referring, of course, to the standard shift-and-substract knuth division, which is in the previously posted ffa

a111: Logged on 2017-09-08 16:24 asciilifeform: you oughta do this nearly always . ( 1 notable exception is ffa or other 'tight' code where you're testing speed, and correctness already known; there -g will give a 10-15x speed penalty )

asciilifeform: you oughta do this nearly always . ( 1 notable exception is ffa or other 'tight' code where you're testing speed, and correctness already known; there -g will give a 10-15x speed penalty ) ☟︎

asciilifeform: PeterL: use the subset of ada shown in ffa. i.e. no oop, no finalizations, no tasks, no array concatenation, no heap allocation.

mircea_popescu: for one thing, you'd prolly want to run it on the ffa anyway

a111: Logged on 2017-08-31 22:26 asciilifeform: phf: at some point ( and by this i mean when finished ffa / released 'p' ... ) i'ma have a large board made, with, say, 8 ice40-8k's, and row of dimm-holders...

asciilifeform: phf: at some point ( and by this i mean when finished ffa / released 'p' ... ) i'ma have a large board made, with, say, 8 ice40-8k's, and row of dimm-holders... ☟︎

asciilifeform: http://btcbase.org/log/2017-08-31#1707320 << this knife has another edge, ben_vulpes . most commercial ops don't have the budget ( time, mainly , but money also ) for ActuallyWorksAndFitsInHead(tm). ( picture, if you will, ffa as a commercial project at a secular software co ) ☝︎

asciilifeform: or v. or ffa. and what elses.

asciilifeform: there are - by design- no deep maths in ffa.

mod6: Ah, I admit, earlier I didn't have much chance at all to review this. In fact, to wrap my head around the fine points of ffa's more complex routines, takes me some time.

mircea_popescu: which is why we're putting all this crazy effort into proper rsa, ffa etc.

mircea_popescu: heck, ffa ~should~ probably be distributed as literate code.

asciilifeform: http://btcbase.org/log/2017-08-16#1699000 << fwiw ffa is nearly a self-contained crypto textbook in itself ☝︎

mod6 goes off to read the latest ffa update,

asciilifeform: you can generate a 6666-bit key. but you would need a 8192b invocation of ffa.

asciilifeform: but of ffa register width

asciilifeform: and you can't subtract ffa x0 - x1 unless they are same lengh !!

asciilifeform: mod6: to understand ffa, you absolutely gotta grasp how ada array slices ( which Always Do The Right Thing ) work

asciilifeform: ^ for readers who wondered why karatsuba is the 1 routine in ffa ~not~ inlined... think.

asciilifeform: mod6: idea with this item, is that L is a power of 2 always. in 'classical' one, L can be anything (e.g. a 192-bit ffa ends up 3*64 on my box, i.e. L=3 )