tmsr - Search: " T"

152700+ entries in 0.785s

asciilifeform: this is why ultimately entire primality test algo must be constant time, just like the other pieces.

asciilifeform: via the interval it took you to ACCEPT.

asciilifeform: and then if your miller-rabin is variable time, you have leaked key bits.

asciilifeform: for miller rabin you may end up ACCEPTING the test

mircea_popescu: apeloyee no, because as he well points out, the time it takes is not unrelated to the key.

asciilifeform: apeloyee: no, because there is another possibility

mircea_popescu: so this is more a r-m problem altogether. as that's not linear.

asciilifeform: because all you do is get NEXT N bits from rng, they have ( if rng is proper ) 0 relation to previous N

asciilifeform: rejecting rng result that doesn't pass the gcd sieve -- leaks nothing

asciilifeform: ( i linked to a concrete algo for this attack some months ago )

asciilifeform: the time taken by heathen miller-rabin , in fact leaks key bits.

asciilifeform: possibly constantly, depending on the rsa keying system

mircea_popescu: i don't see what the problem is, practically. so you leak ... how many times you had to try to get a prime ?

asciilifeform: otherwise sieve is waste of time.

asciilifeform: apeloyee: i see your point. either we dispense with the sieve, or decide to count from the moment after sieve.

apeloyee: so if the number fails initial sieve, do you proceed to miller-rabin?

asciilifeform: *variability allowed not in the test, but in output

asciilifeform: there must be no variability in the time the ~test~ takes.

asciilifeform: apeloyee: no contradiction. the variability of time is in the ~test~, not the output result , which naturally will vary depending on what rng gave you

a111: Logged on 2017-10-05 19:38 asciilifeform: for the initial sieve ~prior~ to miller-rabin

a111: Logged on 2017-10-08 00:16 asciilifeform: the ONLY correct method of generating cryptoprimes, is to 1) get N bits from FUCKGOATS 2) determine, in fixed spacetime every single time, whether that string of bits constitutes a usable prime.

apeloyee: on a different topic, http://btcbase.org/log/2017-10-08#1722429 and http://btcbase.org/log/2017-10-05#1721484 seem to contradict each other. what's an initial sieve for if the algo must run in fixed time? i've interpreted it as "successful test must run in fixed time, failures can be variable-time", and make proposal accordingly. ☝︎☝︎

asciilifeform: because on pc most of the wait time is for memory access.

asciilifeform: so far almost all of my theoretical predictions re which optimizations will be worth the effort, were wrong

apeloyee: your choice to not implement it. i've come to the conclusion that it's not worth the effort anyway.

asciilifeform: so how do you propose to multiply anything modulo 2^(k+64) ?

asciilifeform: i even threw out ability to have mul operands that are not power of 2.

apeloyee: right, unclear again. the muliply of N and floor(A*R/4^K) can be calculated mod 2^(K+1)

asciilifeform: it isn't clear to me exactly how

apeloyee: i.e. the lower part.

a111: Logged on 2017-10-07 21:25 apeloyee: the multiply-by-approximate quotient in barrett's also needs only the lower part (plus 2 extra bits to the left), and lower part of product can be computed exactly (since rounding is not a problem)

apeloyee: http://btcbase.org/log/2017-10-07#1722397 << I was unclear. Let A be the number to be reduced mod N, R the approximate reciprocal, K the ffa bitness fitting the modulus, then we know that 0<A - N*floor(A*R/4^K) < 2*N <2^(K+1). So might as well calculate A - N*floor(A*R/4^K) modulo 2^(K+1). ☝︎

asciilifeform: if ffa can be made to do 4096b modexp in 0.5s on typical comp, that gives ~1byte/msec purersa payload. which is enough for many purposes, e.g. voice.

apeloyee: thanks trinque

mircea_popescu: i was going to say, the calculated %s rarely match. but theoretically, it should be less than 0.1

asciilifeform: apeloyee: theoretically. but cache locality win from smaller memory segment sometimes gives surprising winning. the example above, for instance, gives 2x speedup rather than my predicted 25%.

trinque: great. obviously when not voiced, will have to pm.

trinque: apeloyee: try upping yourself

apeloyee: do you agree that top-half-mul wins 10% at most for 8192-bit operands?

danielpbarron: trinque, ty

asciilifeform: in the end might even release different variants that have different complexity tradeoffs.

asciilifeform: and then bernsteinian karatsuba, possibly, and whatever else i can think of.

asciilifeform: which i will also make, and decide if it was worth the cost

asciilifeform: it is! but much smaller than, for instance, the secretshift-barrett.

apeloyee: so top-half-multiplier isn't a moving part?

asciilifeform: for instance unrolled comba wins 20-25% speed, but i did not use it in place of the generic because it is longer and harder to read.

asciilifeform: apeloyee: my strategy so far was to introduce moving parts very, very reluctantly ( started with egyptian multiplier, for example ) when there is absolutely no choice.

apeloyee: i'ma try it next<< for less than 15% speedup (or 10% for 8192-bit operands)? converting to classical barrett should be much more productive

asciilifeform: i'ma try it next

apeloyee: so, are you putting off the top-half-multiply

a111: Logged on 2017-10-07 00:38 asciilifeform: mod6: you will notice that the barrett in 'crc handbook' is more complicated : it shrinks the x and then compensates later. this relies on normalization , and constanttimeized incarnation of it would have to work as apeloyee described ( i'ma try it much later, once i see what can be had re speed strictly from having asymmetric karatsuba instead of the current mega-waste )

asciilifeform: currently i'm aiming for <1sec (opteron 3GHz) 4096b modexp, with minimal new moving parts. after that -- releasing.

apeloyee: 2 half products out of 3 on the first level of recursion, 4 of 9 on second, and 8 of 27 on third, assuming 64-bit words and unrealistic 2-fold speedup of comba for half-multiply, and no overhead in karatsuba,

apeloyee: and most products for which the comba is called, are full products, not half products

apeloyee: see, it does three recursive calls, meaning the speedup is wholly dependent on the speedup of comba for half-multiply

asciilifeform: not yet, considering that it dun work yet, lol

apeloyee: are you disappointed by the savings of computing just the higher part yet?

apeloyee: compute the higher part of product X*Y as XHi*YHi+ShiftRight(XLo*YHi+XHi*YLo, K), where K is size of XLo and YLo ☟︎

a111: Logged on 2017-10-07 21:14 apeloyee: http://btcbase.org/log/2017-10-07#1722289 << and the point of doing karatsuba is? you do 2 recursive calls to Mul_Karatsuba_TopOnly and one to Mul_Karatsuba. should've simply calculated upper_part(XLo*YHi), upper_part(YLo*XHi) and XHi*YHi

apeloyee: http://btcbase.org/log/2017-10-07#1722395 << why do karatsuba when you can just shift and add them, like in your W_Mul ☝︎

trinque: plenty of improvements left to make, for sure.

danielpbarron: ah ok, i did read that part

trinque: that'll change, but as part of limiting the thing to this channel only

trinque: it's already in the logs.

danielpbarron: why is the deposit operation a 2-part thing? couldn't it just encrypt an address to my key with the amount to send?

trinque: isn't reflected until I actually credit the account

a111: Logged on 2017-10-05 16:19 trinque: hm no a111 quote?

phf: trinque: i'll fix http://btcbase.org/log/2017-10-05#1721087 in a bit. obviously such a change will require deedbot to not ever quote arbitrary log lines in channel ☝︎

trinque: danielpbarron: give it another try

phf: i was going to say maybe it's hardcoded to mircea_popescu, but lobbes was using it too

mircea_popescu: odd. mayne trinque has something to say

danielpbarron: mircea_popescu, i get no response from the bot

mircea_popescu: I GUESS THE WORLD WILL NEVER KNOW.

mircea_popescu: look at that, and before the archival bot kicked in, even.

mircea_popescu: aww ? they beleeted it already ?

mircea_popescu: even to the degree of http://trilema.com/2017/zuleika-dobson-or-an-proper-love-story/#selection-3413.588-3413.746 ; or rather... starting with.

mircea_popescu: i don't think such a thing as randfomly polarized female wave ever existed or ever could exist.

asciilifeform: well yes but loox like intends to be a coherentwave of gurlz rather than randopolarized, if you will.

a111: Logged on 2017-10-07 22:12 ben_vulpes: danielpbarron: wouldja mind sharing that stage3 you build your eulora gentoos with?

danielpbarron: http://btcbase.org/log/2017-10-07#1722406 << it is in the files.tar.gz linked on my blog, and deeded here http://deedbot.org/deed-482547-1.txt ☝︎

asciilifeform: mircea_popescu: for some reason i can't help but think of the old lul with chinese on footstools synchronously jumping

mircea_popescu: and in entirely other lulz : http://trilema.com/wp-content/uploads/2011/05/jsexnetrwork-soft-on-demand-s.jpg the exhibitionists are those girls who make the obviously deliberate effort of not covering their cunt with their hands.

mircea_popescu: and of course, "Alan Green, named ambassador to Romania by President George Bush [who called him "a good friend", "intransigent", "well introduced to my take on freedom and democracy"], died Friday in his home in Palm Springs, Calif. He was 75. Mr. Bush selected Mr. Green in 1989, and he moved into the American Embassy in Bucharest just two weeks before the dictator, Nicolae Ceausescu, was executed."

mircea_popescu: before that, romania exported oil. after that, imported about 50% of consumption.

mircea_popescu: kinda the model since comunists came to their senses post ww2.

mircea_popescu: overgrown industrial base, romania imported a lot of energy exported a lot of high tech stuff.

mircea_popescu: the important point for romania was that gorby wasn't going to deliver all the oil romania had contracted (and paid for). so ceausescu went to iran ; where he got ~40mn barrels with a further option, to be paid in romanian agricultural machinery.

mircea_popescu: anyway, the whole meeting went in that vein, ceausescu pointed out to soviet troops still at praga, gorby was liek "oh, that is a bilateral matter" "da, stiu, este un acord bilateral incheiat dupa ocuparea cehoslovaciei" (yea, i know... post-occupation bilateral). then gorby says they can't agree in this matter and ceausescu agrees with him.

mircea_popescu: the conclave of cardinals picked the least competent of themselves to sit on throne.

mircea_popescu: "nu-i adevarat (that's not true), romania nu a iesti din aceasta problema (romania didn't exit the matter), romania nu a intrat in cehoslovacia (it never entered) asa ca nu avea de unde sa iasa (had not what to exit)"

asciilifeform: in tito's case , and for that matter kim ir sen's -- 'throne is mine, i won it as partizan commander in the war, took no payola from foreign devils' was tru. but how did the shoemaker get ~his~ throne

mircea_popescu: guy replied "romania exited nothing, romania didn't go in, so it had not what to exit."

mircea_popescu: something. consider actual live events : gorbachev says at the meeting, once they move on past his insistence on having visited the pope as if anyone gave a shit about that "we are all here, who were implicated in the czech affair, except romania, that had exited then".

asciilifeform: possibly fancied himself tito ?

mircea_popescu: guy never saw himself as much more of a su ally than saudis see themselves us allies i dun suspect.

mircea_popescu: but you have to also compare and contrast with romania's declared, and tirelessly promoted official philosophy of pace and "unmingling in internal affairs of sovereign states".

mircea_popescu: no argument there.

asciilifeform: very easy to 3 instead of 30 when you dun gotta do the rocket, n00kz, etc

mircea_popescu: and he also wasn't impressed with gorbachev;s verbiage as to "disarmament", seeing how romania was spending about 3% of pib on arms in the 85-90 5year plan, whereas ussr had never went under 30% yet.

mircea_popescu: in point of fact, ceausescu refused to sign off on some paper establishing 20 years after the fact that the invasion of czechoslovakia was a mistake. for the fucking obvious reason that he condemned the russians at the time, and according to readily forgotten "consensus" at the time, at no small personal risk.