asciilifeform: |\n: haven't seen, but if it actually worx, will be hilarious
asciilifeform: hang straight off the yardarm of dirigible, wainot
asciilifeform: mircea_popescu: i view block ciphertrons as a 'slightly better than nuffin' kind of tech -- would slightly rather lose a serpented disk to enemy than naked one; but that's about it
asciilifeform: mircea_popescu: grr, typo, ~65~ not 25
asciilifeform: ( the orig author, to be fair, did write it algebraically, but in imho somewhat cryptic form )
asciilifeform: i admit, the seekrit reason asciilifeform could even be arsed to pick the thing up, is that to write serpent in maximally algebraic form might tell us sumthing useful re the weakness.
asciilifeform: so from that point it becomes a q of the actual gate delays. in principle a serpentron that does coupla 100MB/s is physically possible. ( just not on my desk, lol )
asciilifeform: if i were baking asic ( not sure why anybody would blow 'orbit' moneys on serpent asic, but for the sake of arg ) would unroll the sbox invocation the way it is unrolled in the pc serpent diana_coman is using, there'd be no reason not to have 128 or what, independent copies. but in the tight space of ice40 this is out of the question.
asciilifeform: i've gathered afaik all of the commercial demo boards with ice40, they all have 1 ea.
asciilifeform: believe or not, seems like nobody has ever publicly baked a board with >1
asciilifeform: ( and conceivably, worth sumthing even if it takes having ~two~ on the board; problem is that i dun presently have a board with 2 , to actually try )
asciilifeform: imho, if an ice40 can be coaxed into serpenting at , say, 1MB/s, it's worth sumthing, otherwise iffy
asciilifeform: those are blocking, i.e. take multiple clocks ea.
asciilifeform: rather, it'll be the rotational transforms.
asciilifeform: i expect the sbox won't actually be the bottleneck in a full serpentron tho
asciilifeform: mircea_popescu: as in, whether it actually sboxates at the stated 25MHz ? notyet, gotta write a serial i/o thing for it, to do this. possibly later today.
asciilifeform: 'yosys' ( 'icestorm'-'s synthesizer, suggests a max clock rate of ~25Mhz for the posted form. )
asciilifeform: in other minutiae, the terms i left in xor-containing form, can of course be expressed in not/and/or , but this resulted in seven-term ORs , which i assumed is a greater delay than to let it use a xor LUT; but this is not experimentally confirmed, and one might conceivably get better throughput if all of the terms were rewritten in the and/or/not form.
asciilifeform: btw, spoiler : i put the thing in an ice40-8k , simply did not have time to write up yet, and the fwd sbox in fact eats roughly 1/4 of the gates . which leaves the orig question wide open...
asciilifeform: it is also possible that the equations can be simplified further, i did a fairly surface job of it, mostly by hand
asciilifeform: mircea_popescu: observe also that the sbox mechanism is 'bitsliced' (i.e. the bits move only 'vertically' there ) so potentially it can be shrunk at expense of speed . so the real puzzler isn't 'does serpent fit', it can almost certainly be shoehorned, but 'with how little/much unrollage' i.e. what resulting eating bitrate.
asciilifeform: approx, yes ( tho keep in mind that said chip, in order to do useful work, gotta have at least a bit of room for other things, unless one were to equip board with >1 ( not end of the world, they're, what, 8bux ) )
asciilifeform: the very notion of heapism in a crypto lib, gives me hives
asciilifeform: esp. in re routines not used in ye olde gpg, or used with various constraints
asciilifeform: it was a terrifing thing, i ran away from it. and buggy, also, per diana_coman's dig, and i'm not even convinced that we know the full extent of the buggism.
asciilifeform: the conversions are O(bitness) tho, i dun expect they will be major dent in performance. simply ugly aesthetically.
asciilifeform: but yes, i forgot that the comparison happens after oaep
asciilifeform: relatedly, asciilifeform is writing a sane paths-handling lib, and it's an uphill climb, tricky to get to/from c representations without pointerism
asciilifeform: idea being, c-isms stop at the spackling layer and propagate no further
asciilifeform: yea but you wouldn't want the idjicy to leak upstream ( per e.g. last night's 'spackling' thread )
asciilifeform: the front end aint gonna change, so potentially could, as i understand
asciilifeform: diana_coman: out of curiosity -- given what mircea_popescu said the other day re necessary speed of rsa ops, could potentially use the current (11) ffa ?
asciilifeform: possibly moar variants than i ever saw, who even knows how many
asciilifeform: in later years asciilifeform's folx got a 'rocket' , long streamlined sucker that looked kinda like naval torpedo. after 5yo asciilifeform visited naval museum, then eyed thing with suspicion..
asciilifeform: came in gold- and silvery- tint. ( who said sov konsoomer sector knew no decoration!11 )
asciilifeform: it did! with the brushed coating. there was a whole story re the d00d who came up with that, but i've sadly misplaced.
asciilifeform: i have a vaguely buran-like chinese thing, with 2 holes, but it eats paper filters, typical modern sad
asciilifeform: picture, ~60 y.o. vaccuum cleaners that still work, just like when new, and where filter washable and ~indestructible.
asciilifeform: when sov engineers knew how to make a konsoomer item 'eternal' -- they did. ( e.g. famous 'buran' vacuum cleaner, still shows up now and again on lulzbay, when i finally move my arse to 220v country, i'ma buy it ) . when they didn't know, they made eternally maintainable .
asciilifeform: was a sort of 'first swallow of spring' re asciilifeform's third eye opening .
asciilifeform: brittle stuff, and after coupla 100 'clicks', turns 'unclickable'
asciilifeform: BingoBoingo: funnily enuff, when i moved to usa, i briefly got hold of the 'genuine' lego, and was somewhat disappoint
asciilifeform: then, 'surprise', falls into pieces, crushes
asciilifeform: folx just pick up an' build , build pyramid
asciilifeform: mircea_popescu: even the fundamental shit-into-toilet-not-pants of 'run gedankenexperiment before actually building' seems to be going away in heathendom
asciilifeform not a great luvvver of symmetricipherism in general, as amply illustrated in the l0gz, for this and other reasons -- there is no known approach to bake symmetricism from any sort of rational angle
asciilifeform: mircea_popescu: classical serpent eats 256bit key. but ( as illustrated in http://ossasepia.com/2018/02/22/eucrypt-chapter-11-serpent/ ) eats/shits 16 byte payload blox as it goes; a 4096 byte flash sector would need 8 of these, plus i suspect a 9th for the block # ( see earlier re 'known plaintext'ism etc )
asciilifeform: ( pill against 'known plaintext'ism )
