log☇︎
230900+ entries in 0.154s
mircea_popescu: this may well be true yes.
asciilifeform: (and not merely by the obvious lobotomist)
asciilifeform: i suspect that a good bit of crypto research was lobotomized by historic rng poverty.
asciilifeform: rivest wss afaik the first to ask for this. but he and afaik everybody since him, used hashes.
asciilifeform: informally stated , it is 'spread out k bits over j bits, j>k, such that the bitness of k that can be learned from knowing any 1 bit of j is minimized, and such that knowledge of a
asciilifeform: that was actually where i stopped last time. to properly and rigorously define the problem
asciilifeform: i suspect that one could even prove that it cannot.
asciilifeform: and yes, the cost is high. but i remain unconvinced that a better method exists.
asciilifeform: but that was anally calculated. i have not tried with trng yet.
a111: Logged on 2016-12-24 01:15 asciilifeform: the useful envelope of operation comes when you have at least ~16x the bottom limit.
asciilifeform: http://btcbase.org/log/2016-12-24#1589914 << there ☝︎
mircea_popescu: specifically 256kb does not even remotely promise for 64kb to be walked. you get a third untouched more than half the time.
mircea_popescu: moreover, to be 99% sure 100% of 64kb were walked, you need millions of steps.
mircea_popescu: this resolves the part where "all have been walked" though not the part where there's structure intrinsic in the method.
asciilifeform: you naturally gotta run long enough for p(walked all many times) to ~= 1
mircea_popescu: yes. a point n distance from origin has more chances of being walked over than a point 2n distance from origin by a factor of about 1.4
a111: Logged on 2016-12-24 14:17 mircea_popescu: asciilifeform thinking about it, the walker scheme doesn't seem too great. the theoretical objection is that it ~does~ introduce structure, through the convention that the walker moves from where it last moved. in practice though, run a few simulations over a 16bit message which you can then print as a 256x256 bitmap. your walker makes anthills basically.
asciilifeform: http://btcbase.org/log/2016-12-24#1590091 << didja try it? and, importantly, was it with a physical trng?? because noshit , ~prng~ will structurize ... ☝︎
mircea_popescu: "we have always been at war with fake news such as any item that is politically inconvenient today."
mircea_popescu: in other lulz : http://www.forbes.com/sites/nataliesportelli/2015/08/24/meet-the-millennials-crowdfunding-their-college-tuition no longer exists. do you suppose this is because a) it turned out that no idiot millenials tried this or b) because the scamsites pretending to be offering a service involved complained to the usg dept of scamsites which then passed a hitler note to the usg dept of scamnews ? ☟︎
mircea_popescu: ben_vulpes lol that leclerc dude is visiting your blog on a weekly basis ? 2, 9, then nobody gave a shit so he skipped 16 and i guess 23, we see him on the 30th ?
shinohai would love to see Ver successfully do Unlimited fork, lose all BTC on phorked side
mircea_popescu: good thing there's reddit. now that yahoo "finance" closed the public boards, where'd all the scum go.
mircea_popescu: asciilifeform thinking about it, the walker scheme doesn't seem too great. the theoretical objection is that it ~does~ introduce structure, through the convention that the walker moves from where it last moved. in practice though, run a few simulations over a 16bit message which you can then print as a 256x256 bitmap. your walker makes anthills basically. ☟︎
deedbot: http://phuctor.nosuchlabs.com/gpgkey/2603E5793CB991AA1E823AA9593E4B505D1B151FCA4968D98F5AB1A2C19EA342 << Recent Phuctorings. - Phuctored: 1619...1397 divides RSA Moduli belonging to '84.39.102.163 (ssh-rsa key from 84.39.102.163 (13-14 June 2016 extraction) for Phuctor import. Ask asciilifeform or framedragger on Freenode, or email fd at mkj dot lt) <ssh...lt>; ' (lvps62-112-143-163.my-maxxserver.de. DE)
deedbot: http://phuctor.nosuchlabs.com/gpgkey/FD162B31879C672C96D73E23BAB02B76FF039BA477742ACF9809A289FE396DFD << Recent Phuctorings. - Phuctored: 1653...6469 divides RSA Moduli belonging to '81.23.231.50 (ssh-rsa key from 81.23.231.50 (13-14 June 2016 extraction) for Phuctor import. Ask asciilifeform or framedragger on Freenode, or email fd at mkj dot lt) <ssh...lt>; ' (Unknown NL)
asciilifeform: http://btcbase.org/log/2016-12-24#1590078 << holy FUCK the ugly beast ☝︎
deedbot: http://phuctor.nosuchlabs.com/gpgkey/92A7E26365A4E78117B70413092A6D862BD142830399C4B355FCEEC0DC1EBDF7 << Recent Phuctorings. - Phuctored: 1386...2553 divides RSA Moduli belonging to '217.72.98.119 (ssh-rsa key from 217.72.98.119 (13-14 June 2016 extraction) for Phuctor import. Ask asciilifeform or framedragger on Freenode, or email fd at mkj dot lt) <ssh...lt>; ' (217-72-98-119.uni.it. IT)
deedbot: http://phuctor.nosuchlabs.com/gpgkey/0E23ACB45163FCB09E94E5C734E0460A168FA05290C8C9FFA05F92571621F502 << Recent Phuctorings. - Phuctored: 1554...9267 divides RSA Moduli belonging to '83.220.143.10 (ssh-rsa key from 83.220.143.10 (13-14 June 2016 extraction) for Phuctor import. Ask asciilifeform or framedragger on Freenode, or email fd at mkj dot lt) <ssh...lt>; ' (Unknown DE)
BingoBoingo: Well, they don't know radical honesty is best served nekkid
asciilifeform: i'ma bbl, off to play with pet.
asciilifeform: say that the first bit of every tape pair means 'left or right', and the second 'flip or noflip.'
mircea_popescu: this prolly needs more thinking.
deedbot: http://phuctor.nosuchlabs.com/gpgkey/92A7E26365A4E78117B70413092A6D862BD142830399C4B355FCEEC0DC1EBDF7 << Recent Phuctorings. - Phuctored: 1400...2083 divides RSA Moduli belonging to '217.72.98.119 (ssh-rsa key from 217.72.98.119 (13-14 June 2016 extraction) for Phuctor import. Ask asciilifeform or framedragger on Freenode, or email fd at mkj dot lt) <ssh...lt>; ' (217-72-98-119.uni.it. IT)
deedbot: http://phuctor.nosuchlabs.com/gpgkey/0E23ACB45163FCB09E94E5C734E0460A168FA05290C8C9FFA05F92571621F502 << Recent Phuctorings. - Phuctored: 1687...5687 divides RSA Moduli belonging to '83.220.143.10 (ssh-rsa key from 83.220.143.10 (13-14 June 2016 extraction) for Phuctor import. Ask asciilifeform or framedragger on Freenode, or email fd at mkj dot lt) <ssh...lt>; ' (Unknown DE)
asciilifeform: btw the '00'--> stop thing is unnecessary and harmful, you stop when you run out of feed tape.
asciilifeform: but it takes up space, and if even 1 of the bits gets flipped (misguessed), you get an avalanche of rubbish.
asciilifeform: so, yes, e.g., '1010101001010101' does ~absolutely~ nothing to the waltz tape
asciilifeform: whole point is to minimize the information conveyed to enemy by knowing about the, e.g., 'To: mircea_popescu' inside; and to maximize the consequences of a misguessed plaintext bit in a cryptoanalysis.
asciilifeform: it has a net effect in that it a) takes up space between non-'neutral' strings b) if enemy misguesses even 1 bit inside it, it becomes quite non-neutral, and cumulatively
asciilifeform: because it is defined as simply the furthestmost '1' explored.
mircea_popescu: another problem is the observation that 1011011011 is neutral.
asciilifeform: so now mircea_popescu sees why i wanted a noncircular tape -- then the enemy knows nothing about the ultimate length of the output
asciilifeform: i will point out that if your privkey is n bits, you are already talking in n/2-sized chunks.
asciilifeform: you're stuck having such a thing if you have circular tape
asciilifeform: the size of the largest permitted message, yes.
mircea_popescu: you prolly want circular tape the size of message tbh.
asciilifeform: there, you are stepping on the input regardless of where you go.
asciilifeform: at any rate it is not a concern if using circular tape.
asciilifeform: sorta like 'hang by the neck until dead' spec.
mircea_popescu: doesn't that introduce structure ?
asciilifeform: (because there is a nonzero probability that the whole thing is left alone, for instance. or large segments thereof, more likely.)
asciilifeform: btw you probably would want to mechanically ensure that every bit of the input got stepped on at least once.
asciilifeform: (a tape is just as likely to go left as right , if fed from rng )
asciilifeform: end, start, are topologically same
mircea_popescu: if you make the waltzer start from ~the end~ of the message, even sqrt(n) steps improves rsa enough.
asciilifeform: aha, the closer you go to the floor (3x length of input) , the lower.
asciilifeform: the beauty is that you can dial the strength up if you have a great deal of space and a short message .
asciilifeform: cheap entropy makes several interesting things possible, this is only 1 of'em.
mircea_popescu: this is not terribru.
asciilifeform: so mircea_popescu's exercise might add up to an entire ~minute~...
asciilifeform: a 4096b exponentiation takes about 10msec on my (dusty, old) box here.
mircea_popescu: i mean 1kB throughout.
asciilifeform: 4kB is about half a second of goat fuck. 4kb is 1/8 that.
mircea_popescu: so no, i wasn't counting a) for more than a few mins.
asciilifeform: sorta was the point of FUCKGOATS.
mircea_popescu: i now have to a) generate 4kb of entropy (roughly enough for 8 4096bit rsa keys) ; b) complete 16k operations to pad ; c) execute a 5kb rsa exponentiation. so i'm looking at what, about an hour ?
mircea_popescu: let's consider the case where i want to exchange a 1kb letter. i won't actually use 1mb to feed the tape, but i will use 4kb.
asciilifeform: you gotta have the actual entropy.
asciilifeform: as in, if i have a good idea as to what is the plaintext, i can verify my guess.
asciilifeform: mircea_popescu: all schemes where the transform is of 'payload itself' and 0 entropy, suffer from immediate 'penguin problem', https://blog.filippo.io/content/images/2015/11/Tux_ecb.jpg . ☟︎☟︎☟︎
mircea_popescu: the thing here however is, that incremental improvement may actually be useful. ie, a ~better~ encryption scheme, even if not ~provably the best~.
mircea_popescu: no, we're clear on the part where it's pretty expensive.
asciilifeform: as in, the cost.
asciilifeform: and yes, you get elongated message. the job imho here is to show precisely how much elongation buys you ~exactly~ what strength.
mircea_popescu: suppose you actually use the payload itself sqrt(payloadsize) times.
asciilifeform: as in, it comes from a trng.
asciilifeform: the added entropy has to be ~genuine~ to do the job.
asciilifeform: considering that 1 step of the crank eats 2 bits.
asciilifeform: that won't even waltz over the whole message
mircea_popescu: ok, let's go at it another insane way. suppose you pad the message by using... the message as the tape.
asciilifeform: is to take away the algebraic relation.
mircea_popescu: this is also true. problem with it is that it's so damned long.
asciilifeform: sorta was whole point of this notion.
asciilifeform: whereas an arbitrary tape is nonalgebraic.
mircea_popescu: this is true.
asciilifeform: fundamental problem here, is that the operation can be written as an equation
asciilifeform: but i know that the number of passes is related to the payload.
asciilifeform: this cannot be ruled out, because hash -- yes, all of them -- is voodoo.
asciilifeform: say i discover that sha output is 'heavy' on 1s (in the von neumann coin sense) if the input was a sha output of a sha output of a string containing word 'nuke'. etc
asciilifeform: costs you, under some entirely possible scenarios, all of the strength.
mircea_popescu: how much - i know not how to say.
mircea_popescu: evidently this costs in strength.
mircea_popescu: well, because this way T.p is slightly but not much longer than T.
asciilifeform: why make them related to the payload.
asciilifeform: but why do you want to constrain the possible tapes thusly
mircea_popescu: i will now proceed to create a string S += hash(S+1011101011) three times. << i mean.
mircea_popescu: i concatenate T.p with 101110101110 and encrypt it
mircea_popescu: this gives me T.p
mircea_popescu: i will now use S as a tape for the automaton to be applied to T.