asciilifeform: diana_coman: laugh, but it's nearly come; most of the users already have the 'subscription', they break'em regularly and get mailed new

asciilifeform: diana_coman: moar like plasti-car, quasi-mandatory 'installment plan' chump-artifact

asciilifeform: diana_coman: they aint; recall that the square-bracketed items on right hand side are constants

asciilifeform: diana_coman: i would not use phrase 'very fine' but it ~isn't~ elementarily botched, is all. there's 2^256 outs, 1 per in.

asciilifeform: diana_coman: yw

asciilifeform: ^ diana_coman , mircea_popescu -- conclusion of series.

asciilifeform: diana_coman: unlike, e.g., haskellists, we only do things if they make sense : as you pointed out, 'bit-vectorized' keccak aint constant time, no matter what, so no particular reason to bother with the massage

asciilifeform: unlike the massive pile of pgpgrams-cum-aes we've collectively shat out all over the net, nobody's even ciphered anyffing with serpent of yet, aside from diana_coman's tests

asciilifeform: diana_coman et al ^

asciilifeform: diana_coman: loox pretty grim, imho

asciilifeform: in other lulz, mircea_popescu , diana_coman , http://www.loper-os.org/pub/holyshit.png << guess what. ☟︎☟︎

asciilifeform: but i'ma stop picking on diana_coman's item for nao

asciilifeform: diana_coman: ideally you want to at least know why halted.

asciilifeform: diana_coman: metoo, i had to breathe ada for yrs before working all the c sad out of my follicles

asciilifeform: diana_coman: rng.adb / Get_Octets -- you'll prolly want a timeout there

asciilifeform: diana_coman: re: ToOctets / ToBitstream / etc -- do you know that ada has 'variant records' (similar to ye olde C 'unions' , but with typechecking ) , you could in principle use'em and avoid the conversions, for slightly cleaner proggy

asciilifeform: diana_coman: https://archive.is/RzmUN#selection-24409.0-24423.146 << found

asciilifeform: diana_coman: there's a gnat flag that actually gives you all permissible constraints, whether you knew about them or not, that can be then thrown straight into restrict.adc

asciilifeform: diana_coman: aha, i use same method

asciilifeform: diana_coman: so you aint gotta mod; an integer mod 64 is simply same as & 63 .

asciilifeform: diana_coman: the caveat re my method, is that i do not presently know how to ~portably~ 'lock' the thing ( so >1 process dun eat from it )

asciilifeform: diana_coman: serpent lulz make sense thus far ?

asciilifeform: ohai diana_coman

asciilifeform: lessee if mircea_popescu or diana_coman beat me to the pill, i'ma not spoil the exact algo just yet.

asciilifeform: diana_coman: later tonight i'ma post the version with reduction

asciilifeform: diana_coman: yay

asciilifeform: diana_coman: is wai i posted

asciilifeform: mircea_popescu, diana_coman ^ still needs the elementary reduction massage, but i went ahead an' posted, in case somebody wants.

asciilifeform: diana_coman: correct, i haven't found the item i was looking for, thus far

asciilifeform: diana_coman, mircea_popescu : i'ma feed the thing into an algebratron later tonight

asciilifeform: diana_coman: http://p.bvulpes.com/pastes/aZuZQ/?raw=true << example of term elimination. but tbf i'm still working from the hypothesis that i must be mistaken, somewhere, and all of the keybits are conserved, and could prove this somehow...

asciilifeform: diana_coman: i'm baking a proggy that shits out sister keys, if it still dun make sense, you can wait till its birthed and try yourself.

asciilifeform: diana_coman: errywhere else, it appears strictly as a copy of w(0)

asciilifeform: diana_coman: look at the recurrence, term a appears directly only once, in w(0)

asciilifeform: diana_coman et al : http://p.bvulpes.com/pastes/kH2Av/?raw=true << proper.

asciilifeform: diana_coman et al : http://p.bvulpes.com/pastes/uX1BM/?raw=true << for convenience, the recurrence eqs rewritten 1) as sexpr 2) with the orig constant-xors included

asciilifeform: diana_coman: can substitute with search-and-replace

asciilifeform: diana_coman: http://p.bvulpes.com/pastes/94fgv/?raw=true << the raw emacs-sewed recurrence equations, if it helps

asciilifeform: diana_coman: i'm still boggled re the sheer wtf of it all.

asciilifeform: diana_coman: that's exactly what i remembered.

asciilifeform: btw i seem to recall that the original mircea_popescu & diana_coman thread where 'let's try serpent' turned up that the current 'paper' is not in fact the original, and the orig has evaporated. nao gotta wonder what was in it.

asciilifeform: diana_coman: aha

asciilifeform: mebbe i'm thick and it's a trivial provable ? ( diana_coman ? mircea_popescu

asciilifeform: mircea_popescu, diana_coman , el al -- what am i missing ?

asciilifeform: iirc diana_coman asked a similar q, but cant currently turn up the thrd

asciilifeform: if i were baking asic ( not sure why anybody would blow 'orbit' moneys on serpent asic, but for the sake of arg ) would unroll the sbox invocation the way it is unrolled in the pc serpent diana_coman is using, there'd be no reason not to have 128 or what, independent copies. but in the tight space of ice40 this is out of the question.

asciilifeform: it was a terrifing thing, i ran away from it. and buggy, also, per diana_coman's dig, and i'm not even convinced that we know the full extent of the buggism.

asciilifeform: diana_coman: until you wrote the recent piece, i actually forgot that mpi ~didnt~ shit out ordinary octet arrays as-supplied

asciilifeform: diana_coman: out of curiosity -- given what mircea_popescu said the other day re necessary speed of rsa ops, could potentially use the current (11) ffa ?

asciilifeform: diana_coman: i happen to know that i'm not the only one who swore off secondarystack -- the 1990s space probes folx did also. but unsurprisingly they never published anyffing re how they filled the resulting cavity in functionality. ( at least they did not have to deal with linux kernel, afaik, ran on bare iron , so no To_C etc horrors )

asciilifeform: 1 obvious solution, that iirc diana_coman at one point resorted to somewhere, is to discard the 'librariness' and make the thing a 'put this in your src' type of lib, rather than linkable one. but i ~like~ linkable/separately-compilable static libs.

asciilifeform: diana_coman, phf , et al ^ invited to think/comment...

asciilifeform: diana_coman, phf , et al ^

asciilifeform: diana_coman: the 1 crackpottery i've considered adding to FG-2, is an 'authenticated' mode, where userland proggy gets ability to verify that rng bits actually came from a particular FG. the way to do it would be to have a keccak salt, printed on the board, and have the thing send , instead of naked bytes, packets, of b0,b1,...bN bytes, followed by keccak(salt, b0,b1,...bn) . could be enabled by jumper setting, conceivably.

asciilifeform: diana_coman: the redesign

asciilifeform: diana_coman: given as you're the leading industrial FG user, perhaps share your pov on the above ?

asciilifeform: diana_coman: i actually have 0 objections to 'octet', tho i confess i never suffered from 'bit'-'byte' conflation ( never worked on a box with 7 or 9 bit bytes, e.g. the CDC described in 1st ed k&r -- tho i did work on boxes with odd word lengths, e.g. pic16, where 14bit nonbreakable word... )

asciilifeform: mircea_popescu, diana_coman : '6.3. The server will issue type 5.2 messages encrypted to the corresponding client RSA key in response to any client messages for as long as it doesn't have a preferred client Serpent key set. The client is responsible for either maintaining or explicitly burning ~all~ of these, and will pay for them in any case' means that if a serpent key is currently set, serv won't issue another unless client explic

asciilifeform: diana_coman: conceivably could get expensive if derps start spamming crapola user regs

asciilifeform: diana_coman: ikr? it's the last thing i'd think of pitching to dar-al-islam ☟︎

asciilifeform: diana_coman: hmm, from my reading seems that they won't pay anybody for 'which screw' , gotta also supply a physical talisman they can hang on wall

asciilifeform: diana_coman: which item in your 'shelf' contains the most recent keccak , to go from ?