log☇︎
166900+ entries in 0.088s
asciilifeform: of course, arguably if you can actually DO this, you will probably lose interest in the mphf method per se
jhvh1: mircea_popescu: The operation succeeded.
a111: Logged on 2017-08-15 22:52 mircea_popescu: constant-time MPFHF is now an open question for teh interested.
mircea_popescu: !~later tell peterl in case you were looking for more obscure fhf shit to do : http://btcbase.org/log/2017-08-15#1698518 ☝︎
mircea_popescu: constant-time MPFHF is now an open question for teh interested. ☟︎
asciilifeform: ( http://btcbase.org/log/2017-07-04#1679049 was the other . ) ☝︎
asciilifeform: iirc i mentioned this to phf here.
asciilifeform: but instead flipping a single bit that gets xored with the result every time you read from the would-have-been-flipped reg. ☟︎
asciilifeform: by not actually doing the flip-whole-thing bit
mircea_popescu: so unless you're willing to do ALL the alternatives every time, you won't have "true" constantttime.
mircea_popescu: in fact -- thart's all it does.
asciilifeform: and thereby any ~particular~ invocation, can be called bounded.
mircea_popescu: yes. but it DOES fork on secret bits all the time.
asciilifeform: was more of a philosophical observation : that mphf is not turing-complete ( in the same way 'p' is not. deliberately )
mircea_popescu: so, message M takes 105 bits and 114 steps. message M' takes 107 bits and 119 steps. message M'' takes 103 bits and 115 steps.
asciilifeform: why naturally you gave me a 9000 steps, and that's a, e.g., (TMSR!8192*3,50*9000)......
mircea_popescu: yes it always terminates.
asciilifeform: (i.e. if you, yourself, already computed H(x), then you know how many turns of the crank it took. and can pass that number along.)
asciilifeform: if it always terminates, then yes
mircea_popescu: asciilifeform are you proposing to simply "take" bound time every time ? cuz i dunno this can bew done irl.
asciilifeform: http://btcbase.org/log/2017-07-06#1679487 << thread, iirc ☝︎
mircea_popescu: the ONE way to constant-mpfhf is to calculate ALL the tree of possibilities, 2^message length items EVERY TIME
mircea_popescu: you can do that without me speccing it.
mircea_popescu: yes, but you'd have to have writer-with-padder on your isolated machine, move pre-padded shit to the fire machine.
deedbot: http://trilema.com/2017/tmsr-rsa-spec-extremely-early-draft/ << Trilema - TMSR-RSA spec, extremely early draft
asciilifeform: you know ~that one~'s time and space size.
asciilifeform: ~after~ a mphf (or similar) hash is taken, the time and space required are known.
asciilifeform: this means that anything that can happen inside one, happens in fixed time and space
mircea_popescu: it dun have to be mpfhf so much as i'd like a GOOD alt.
asciilifeform: P proggy specifies its time and space requirement , first thing
mircea_popescu: tbh, i'd very much like to have an alternative there. i put in and took out the thing twice before announcing, this is the third.
mircea_popescu: the 1and0 thing ?
asciilifeform: lol just when i thought up of a hypothetical way to save it!111
asciilifeform: but i dun see how they can live together
asciilifeform: well either it, or the constant-spacetime. and i'm quite sold on keeping the latter.
mircea_popescu: dja want to take it out altogether ?
mircea_popescu: now to the graver matter of mpfhf. http://trilema.com/2017/tmsr-rsa-spec-extremely-early-draft/#comment-122645
mircea_popescu: to be sure, i don't think you're making a weak case. im leaving the matter open, at least for a while, can you live with that ?
asciilifeform: mircea_popescu: was thinking of the aerial gun in ww1, before they figured out that the stuff on the nonbusiness end dun have to be same bullet, only same mass
asciilifeform: yes i can think of a contrieved situation that calls for one. but no i don't want it in the rack next to the ordinary ones.
asciilifeform: non-1-to-1 pubkey is as useful as pistol that fires from both ends.
mircea_popescu: i don't carry around all my rifles all the time, to take a leak, etc. i can't.
mircea_popescu: but TO HAVE. when needed. not to always.
asciilifeform: to nail down the unambiguous and concrete.
mircea_popescu: it's cheaper this way than to inline everything.
mircea_popescu: consider : we often use [very!] short forms of ideas in here, and rely on the op to correctly resolve.
asciilifeform: it's like asking for a 17 that can also be referred to as 3.
mircea_popescu: i mean, i call out "hey, slut" and a dozen eyes rise. these are collisions, and what of it.
asciilifeform: and there is no escape.
mircea_popescu: this is not altogether a weak argument. consider the converse though : suppose i wish to refer to my key by using fewer chars than 512 ?
a111: Logged on 2017-04-09 14:45 mircea_popescu: asciilifeform incidentally, the more i think about it the more i'm convinced the ONLY "fingerprint" for rsa key may be... the modulus. 4096 bits and fuck you, if you can't take 32 chars you don't belong here.
a111: Logged on 2016-12-27 05:27 asciilifeform: the only sane 'fingerprint' is the entire modulus+exponent.
asciilifeform: http://btcbase.org/log/2017-06-01#1664352 << see also thread ☝︎
BingoBoingo: But vase shit has phosphorous, for the flowahs!
asciilifeform: i dun see this picture, where we GOTTA take a shit into this here fine vase, 'or empire will'
mircea_popescu: um. you either standardize them to null, standardize them to something sane, or allow the empire to standardize them to something idiotic. this is your trilemma.
asciilifeform: if some d00d wants to go around saying 'my pubkey can also be referred to by the letter z' that's his life to lose.
mircea_popescu: so then what's teh problem.
mircea_popescu: you want to actually forbid them ?
asciilifeform: no hash --- no collision, floating around somewhere in phase space waiting to be found.
asciilifeform: likewise we had the fingerprint thread ☟︎
mircea_popescu: first question, of course, being whether there's value in changing the spec for key primes from "2048" to ">2046" bits.
asciilifeform: ( while also operable on by machine, to demonstrate that the arithmetic in fact comes out as stated )
asciilifeform: in that spirit, other thing asciilifeform aims for with 'p', is to zap the idiocy where pubkey was strictly an item for ~machine~ to read, and make it something primarily for ~man~ to read.
asciilifeform: the duty of the rsatron author is ~to get the fuck out of the way~
asciilifeform: it is a matter strictly between the fella generating the key, and his wot, not for the author of rsatron.
asciilifeform: if i specify a pubkey for myself with 65536-bit public mod, then other people can simply decide that i'm an arse and that verifying my sigs isn't actually +ev for them
asciilifeform: so he can never be surprised by 'd00d's modulus is Too Big!111omfg'
asciilifeform: this means that the reader (READER, long before executing) knows precisely how much time and space the proggy requires.
asciilifeform: p proggy opens up with the breathoflife preamble, e.g., (TMSR!8192*3,50*500) << 8192bit bus, 3 words of stack, 50 bytes of program following the closing ), 500 steps of execution max.
asciilifeform: and this yes means that asciilifeform holds caps on modulus width to be asinine
asciilifeform: and this also means as few 'magic numbers' as it is physically possible to get away with. ☟︎
asciilifeform: asciilifeform's intent with 'p' is to push in the direction of maximum barking anarchy re pubkeys. as it is we have too many 'standards' as it is, ~all of them ill-conceived and smelling of sulfur.
asciilifeform: and no moar pissant smallint exponents, either. let it weigh as much as the modulus.
mircea_popescu: asciilifeform plenty of things, gimme a moment here.
mircea_popescu: pretty much logs only i thought
asciilifeform: for my part, i'm curious re what part of rsa mircea_popescu thinks even needs to be standardized
mircea_popescu: you mean the k,e,N thing ?
asciilifeform: the trilema on 'republican rsa key format'
mircea_popescu: dja mean the early gossip talk ?
mircea_popescu: mod6 yeah. more like a scratchpad than anything yet.
mod6: I think it's fine, we can ratify / ammend it as needed I suppose.
mircea_popescu: there's been too much waffling re keys on my part (which means -- any). i feel bad about it an' i perceive gotta write up
mircea_popescu: which one are you thinking of ?
asciilifeform: the one where 'just store the fucking modulus and exponent'
mircea_popescu: anyway, ima try and pen a pre-rfc on tmsr-rsa, unless anyone has objections ?
asciilifeform: pretty sure that one's stuck at 512 to this day
asciilifeform: which, lulzily, refuses to eat anything above 2048-bit modulus
asciilifeform: tru ( and i linked an rsa-to-nsat generator thing earlier today )
asciilifeform: to briefly revisit upstack, imho a program which weighs more than its output, has a fundamental problem
mircea_popescu: maybe try strapping that thing off sometime. im startying to suspect "gas canister" doesn't say what you thought it said!
mircea_popescu: this is fucking important. managing to go through 500 pages of highly contrived nonsense without flyiong out of my hand, not for everybody.
mircea_popescu: but i would have thrown frege against a wall had he "impossible" something i oculd trivially disprove.
asciilifeform: i bet mircea_popescu had a riot reading russel & whitehead , 'idjits, taking 1500 pgs to prove 1+1=2, which i know to be so'
mircea_popescu: there's no "sporting chance" rules in logic, if your theory is defeated by trivial case your theory is still defeated.
phf: could have a monk of saint ascii life form memorize primes by heart to the 1'000'000th one, referred to by the other monks when primes are required. "please, brother joseph, we need primes #5002 to #5040"
asciilifeform: 'bro do you lift!11' 'hey i lifted myself off the bed today!'
mircea_popescu: it's certainly possible. i know the list "3, 5, 7, 11" is a list of primes through memory.
asciilifeform: this is true. but my original point was that it is impossible to verify the correctness of a list of primes other than by same procedure as generates one.
mircea_popescu: this changes things.