tmsr - Search: " T"

168100+ entries in 0.1s

asciilifeform: it was the most effective optimization i knew, and the one i rejected first and most incurably.

asciilifeform: incidentally various heathen bignumtrons use carry-save form. it is one of the reasons why they are 10,000s of lines, and mine is ~1k.

mircea_popescu: you can add the words in any order you wish and you can keep whichever intermediates you feel like

asciilifeform: we cannot do this. because the simplicity of ffa comes from using strictly ordinary machineword arithmetic.

asciilifeform: by ignoring the carry, and reconstituting later

asciilifeform: understand, that's how he makes the ops independent ( rather than chained )

mircea_popescu: i am telling you, his thing is ripe for rewritting in a more apt notation. he is misrepresenting it because thinking in therms of fucking logic gates

asciilifeform: also his thing uses carry-save form

mircea_popescu: but you don't have to use a table, you should be able to make it work in a matrixc

asciilifeform: ( the infallible litmus for ffability : 'can this be UNROLLED TO DEATH?' if not -- no go )

mircea_popescu: asciilifeform he is doing this D-to-k table thing

mircea_popescu: im still talking of trying to adapt kochanski's thing

asciilifeform: any practical modexp algo has to 'mod as it goes along'

asciilifeform: so that falls out trivially.

asciilifeform: now if you were to try to rsa by exping first and THEN mod, the universe could not hold your intermediates

mircea_popescu: it would take a shitload of memory wouldn't it

asciilifeform: otherwise whole thing is a massive waste.

asciilifeform: it is the only acceptable form for ptron.

asciilifeform: where control flow is SAME regardless of what the exponentiation args are.

mircea_popescu: no but you write it as a full matrix, you get the undo for free

asciilifeform: you can , but still have the 'guessing and undo' thing

mircea_popescu: there's no rule you must do the parts in order or anything

asciilifeform: ( rather than word arithm )

mircea_popescu: http://www.nugae.com/encryption/bin/design.pdf << that

asciilifeform: he's the d00d with the '90s rsa chip

asciilifeform: or, more formally, no way to prove the absence of arbitary number of classes of 'easy case'

asciilifeform: (no way to prevent 'easy case')

mircea_popescu: i think we even spoke of it back in the day

mircea_popescu: and a possible candidate for "alt cryptosystem" at that.

asciilifeform: knuth has one with 'addition chains', but it requires the exponent to be welded into place for all time

asciilifeform: ^ if asciilifeform is wrong here, folx, plz to write in !!

asciilifeform: ( every single motherfucking modexp in the open lit, branches on seekrit )

asciilifeform: anyway this is the easy bit. hard bit apparently is the final crown, coughing up a sane modexp

mircea_popescu: tell me 13% of 50 years somehow comes out to less than a week ?

mircea_popescu: i am all for keepiong the unrolled version at the ready ; but i really see no problem with having and using the unrolled loops version. you read it once, over a weekend or a week, and you use it ten billion times over fifty years.

asciilifeform: currently i lean to unrolling them ~in the proof doc~ and leaving proggy as is.

asciilifeform: we definitely don't need any case of comba above 8 tho

mircea_popescu: will get used to it (tm)

mircea_popescu: anyway, re the unrolls : it's really not that bad, because of the patterns. it's only "unreadable" because alien because too much time spent reading code written by idiots.

asciilifeform: did i miss a whole thread

asciilifeform: ( a ptron is permitted to be invoked with any bitness that is multiple of 64 )

mircea_popescu: anyway. i think the point re : fathers are worthless , siblings are severely retarded is well vindicated

asciilifeform: mircea_popescu: it'd be many moar , to correctly handle cases of 1-7 word too

mircea_popescu: honestly i don't believe the somewhat more cl is such a problem.

mircea_popescu: asciilifeform yeah, i guess. depends though, good to have both variants.

asciilifeform: 'sorry you can't have multiplication in algebraic - branch-free - form ! That Would Be Wrong'

asciilifeform: srsly this entire exercise has been a brainmelting tour of the sheer unfathomable worthlessness of 'the litarature', 'the cryptography komyoonity', et al

asciilifeform: ( nobody seems to have produced a branch-free montgomery-reduction algo. or any other division-free modexp. )

asciilifeform: and then we can play.

asciilifeform: aite, nao all asciilifeform needs is a constantspacetime MODULAR exp algo that can be expressed with the mux primitive

asciilifeform: ( i'ma keep the general case, for nao, because it is always very easy to turn it into the above later. but not vice-versa. )

asciilifeform: so currently it is not obvious to me, which variant is Moar Right Thing

asciilifeform: the unrolled-8word thing is 1 ) less general 2) harder to read with naked eye but 3 ) easier to prove correct

asciilifeform: there's still a dilemma tho :

mod6: yeah, worth the hunting trip

asciilifeform: but apparently branch predictor dun matter so much when your entire thing is ~guaranteed to fit in cache

asciilifeform: itched to find, what if another 2x vrooom is possible.

asciilifeform: had to.

mod6: hmm, nice test though

asciilifeform: HOWEVER the actual result is : ~13% cut in execution time.

asciilifeform: so theoretically x86 branch predictor oughta be very very happy;

asciilifeform: for simplicity, tested the case that actually happens in practice: on a 64bit box, any ffa width over 512 bits gives a strictly 8-wide comba mult ocurrence ☟︎

a111: Logged on 2017-08-08 23:51 asciilifeform: it thereby follows that i could unroll comba into explicit cases from 1 to 8 words

asciilifeform: soooo ACHTUNG PANZERS , asciilifeform went and actually tried http://btcbase.org/log/2017-08-08#1695511 : ☝︎

mod6: <+erlehmann> something involving a goedelized perl script that builds all build rules that don't build themselves. drugs were probably involved. << dafaq is this dude on about?

mircea_popescu: and finally re crc : given a string S of any length, the probability of a string S' where less than 32 bits have been altered in a "burst" passiong crc32 is 0. if you go over 32 bit long bursts the probability is ~ proportional to the burst length / 32.

mircea_popescu: these two are are not the same thing.

a111: Logged on 2017-08-09 15:58 mircea_popescu: anyway, let it be said that there's nothing wrong with oaep as far as we know, but for the sake of argument a mpfhf based padding scheme would conceivably work like this : 1. given message m, of length l, generate r = random bits, of length l' up to l but not less than 256 bits. 2. compose m' = r + m + c (in that order), where c is l - l` (and its bitness is always same as the bitness of len(m')-256). 3. compose Pm = R + S +

mircea_popescu: reversing mpfhf is required for the padding scheme originally described, whereby you simply mpfhf the plaintext message and then encrypt the S + R, see http://btcbase.org/log/2017-08-09#1695856 ☝︎

mircea_popescu: reversing MPFHF is not required for the above quoted version, as the fhf is used there as a hash function not as a padder. (and alf's objection is valid, not a very good option, a settable size output sponge would be much better).

jhvh1: mircea_popescu: The operation succeeded.

mircea_popescu: !~later tell peterl the hash-xor thing is oadp, which is a provedly strong padding scheme for rsa.

PeterL: csc32 that is

PeterL: Is there a way to calculate the probabilty that a random string of 256 bytes will pass a csc check?

PeterL: and wouldn't you also need to know S if you are going to reverse the MPFHF from a given R?

a111: Logged on 2017-08-09 22:09 mircea_popescu: to encrypt : take plaintext message M, no longer than 250 bytes, and zero-pad it to 250 bytes. take pile of random bits R 250 bytes long. calculate X = M xor R. calculate Y = R xor MPFHF(X) set for R.len = 250 bytes. RSA the 500 byte pile of X || Y. done. to decrypt : de-RSA the 500 byte pile. cut it in two halves. calculate R = Y xor X. calculate M as X xor R. done.

PeterL: http://btcbase.org/log/2017-08-09#1696147 << I don't think we need to do a hash on the data, it is already xored with the random string ☝︎

a111: Logged on 2017-08-09 17:10 PeterL: I will check in later once I am back at my computer with my key to verify this conversation has been with the real PeterL

PeterL: just wanted to verify that http://btcbase.org/log/2017-08-09#1695864 was indeed me ☝︎

a111: Logged on 2017-07-18 18:23 mircea_popescu: asciilifeform understand this bit of GT : the knowledge of all the things you don't know thereby constructs a sybil of you.

pa1atine: http://btcbase.org/log/2017-07-18#1686026 <this one was the one that got me occupied the last couple days ☝︎

pa1atine: much catch up to do

pa1atine: just back reading all the stuff

trinque: sorry, we're past our quip quota for the day. what else you got?

a111: Logged on 2017-08-09 23:00 mircea_popescu: the herd is lazy, the aparatchicks are scared, and the intelligent are lost in the soup, interacting with cattle and criminals as if they were people.

pa1atine: hi all, great reads I had those days. logs are a trove of wisdom

mircea_popescu: the herd is lazy, the aparatchicks are scared, and the intelligent are lost in the soup, interacting with cattle and criminals as if they were people. ☟︎

asciilifeform: srsly wtf, oughta have been written in 1993 at the latest

asciilifeform: but this being said , i am not even ready yet to barf re ref-keccak, i aint even yet done barfing re ffa not having already existed

mircea_popescu: ftr, we both talking http://keccak.noekeon.org/KeccakReferenceAndOptimized-3.0.zip ?

asciilifeform: mircea_popescu: amusingly that was almost whole point of keccak

mircea_popescu: but yes, i agree that in principle something-like-keccak could be made to spit arbitrary len digests ; and perhaps also in fixed space. the latter will require actual impl to settle.

mircea_popescu: are we talking the keccak reference code here ?

a111: Logged on 2017-08-09 22:14 mircea_popescu: but afaik keccak isn't that fix-space-able either.

mircea_popescu: but isn't it great that all mgm needs to do is to put on a coupla hats and suddenly the turnips think themselves human fucking beings ?

mircea_popescu: independent" "free" bla bla made by amdocs employees. which YES, is that thing made by the israeli golden pages, and YES is that thing involved in the espionage scandals. and so on.

mircea_popescu: in other lulz : obviously there's a "foundation" and a "code of conduct" (the usgistani nonsense copy/pasted) and a freenode chan, why not. ~600 accounts logged in (specifically : http://p.bvulpes.com/pastes/yDU6G/?raw=true ) , ZERO anyone has to say at all whatsoever. most are related to matrix.org, which is a pile of nonsensical lulz which you're more than welcome to try and make sense of by yourself. in any case, it's an " ☟︎

mircea_popescu: hanging out with any other troop of stoners would be a better use of your time, in the sense of variety.

mircea_popescu: nobody knows what the fuck "sha 2017" is. nobody cares. even the people paid to fucking care stopped giving a shit in the 90s, as that nsa goon at "crypto conferences" piece amply attests.

mircea_popescu: "tell that to some guy a little younger than you, who just fell off the turnip truck. there is no publicity value in my talk being at your conference. what, if you sell 2000 of them it'll be a miracle. and what, what are people going to say, uuuuuu i like how that erlehmann talks, i wonder if he's got a blog or anything".