log☇︎
53400+ entries in 0.032s
asciilifeform: ( apeloyee originally proposed it as substitute for primality testing per se; where it elementarily constricts the domain of possible primes, and is unacceptable per my lights )
asciilifeform: mircea_popescu: the 'lose variety of primes' was my objection to using wholly-constructed primes. rather than in prelude to m-r .
asciilifeform: rather than 'watch out, be sure that you constructed right inputs, or you might get soup'
asciilifeform: so , my spec was 'all operators do The Right Thing arithmetically, and program stops if you demand div0' , like yer cpu does.
asciilifeform: mircea_popescu: barrett is the 1 that actually works for all integers without restricted domain.
mircea_popescu: since you're doing this "general purpose", there's no crime if user can call montgomery.
mircea_popescu: i dunno why you barfed ; but i barfed because it's fucking stupid, you lose a lot of variety in your primes for no gains worth the mention.
asciilifeform: ( and if you montgomery, then you gotta either test whether gcd(N, modulus) == 1 , or ~assume~ , the latter is a mine that user will step on. unlike div0ism , it is not an inexpensive test . )
a111: Logged on 2019-01-06 00:08 mircea_popescu: nobody is going to hate your ffa if it includes montgomery, with the proper warning.
asciilifeform: http://btcbase.org/log/2019-01-06#1884935 << i actually considered to have 'if low bit is 0 - i.e. N is even -- then montgomery, otherwise barrett' but what this does is break constanttimeism of modexp -- nao you broadcast the parity of N for whole planet, cuz entirely diff execution profiles for the 2 algos. and montgomery is at the very most a 10% revvup over barrett. ☝︎
asciilifeform: not particularly relevant to the problem of general-purpose isPrime() tho, so i'ma put it back on shelf for nao.
a111: Logged on 2017-10-07 21:48 apeloyee: http://btcbase.org/log/2017-10-05#1721485 << alternatively, can *construct* numbers which don't have very small factors. pick a nonzero remainder mod 2, mod 3, ... mod largest-prime-fit-in-your-primorial and find what number of primorial is congruent to it using chinese remainder theorem
mircea_popescu: well this was entertaining, bbl.
asciilifeform: ok this dunwork, i'ma have to pull out the orig item
mircea_popescu: and this is... an even number.
asciilifeform: grr nao i gotta find the orig statement, which wasn't obv. broken
mircea_popescu: i don't get it how you expect to multiply some value by a (product of primes +1) and not get an even number.
asciilifeform: ( why this is, is because for certain types of pubkeycrypto, you want to test adjacent nums for primality. rsa in particular. )
asciilifeform: oh hm i recall nao. ( it was because operator 'P' wants to be a general-purpose primality test, valid for any input whatsoever that fits in the ffawidth, rather than simply 'generate prime' )
asciilifeform: i can't recall why i barfed tho, nao i gotta dig out the notes...
asciilifeform: btw iirc apeloyee had a comment re 'why do you want to gcd(x, primorial), why dontcha generate a random x and multiply it by primorial + 1 '
asciilifeform: anyway i suspect that i'm overmassaging this particular piece, most of cost of primegen will be in m-r regardless of how i bake gcd.
mircea_popescu: (whole thing already comes with a "nozero" rule anyways)
mircea_popescu: nobody is going to hate your ffa if it includes montgomery, with the proper warning. ☟︎
asciilifeform: so happens that it is needed as a general-purpose knob tho.
asciilifeform: yes , you can do this is if all you want gcd for is primegen.
mircea_popescu: i thought this entire discussion was a) specifiucally as to daykin (not to stein) and b) specifically as to primegen for rsa secret key baking, (not "in general math functions).
asciilifeform: this is the montgomery thread replayed
asciilifeform: simply so happens that it is also needed for rsa primegen.
mircea_popescu: cuz im not going to have non-2048 factors in my 4086 bit rsa key, wtf.
asciilifeform: why, cuz you pegged the high bit ?
mircea_popescu: the "unknown integer" being tested IS ALWAYS 2048 BITS.
asciilifeform: of the unknown integer being tested.
asciilifeform: not of the primorial ( 'Y' if you will )
asciilifeform: bitness in the FZ_Measure sense of the word.
asciilifeform: and yes it is possible to daykin with a hardcoded list of primorials, 1 for each possib bitness. the issue aint even that you gotta keep around e.g. 8192 primorials; ( you do, they can't be sliced ) , but that it leaks the bitness of X .
mircea_popescu: it all depends on the quadratic and parameters etc.
mircea_popescu: possibly. that's not clear, nor was it ever discussed before now. it MAY BE that a dozen calls of gdc-daykin(x, daykin-primorial) are in fact cheaper than 1 call to gdc-stein(x, primorial(currentwidth)).
asciilifeform: whole point is that it tests for divisibility by million small primes in 1 pull of trigger.
asciilifeform: mircea_popescu: if you gotta do multiple calls to gcd to take gcd(x, primorial) you lose the win from using gcd.
asciilifeform: it is used to take gcd(x, primorial(currentwidth)) , and if it dun equal 1 or x , then x is 'cheaply known composite' .
mircea_popescu: the whole discussion was re daykin, specifically that for our particular usecase, it's not the end of the world that it wants "napkin numbers" : we enjopy the luxury whereby we can construct them to measure.
asciilifeform: orig q was whether it is possible to improve the constant factor of stein.
asciilifeform: this much is correct, and why i have gcd to begin with. right nao i have a modified stein that goes in constanttime.
mircea_popescu: then test against them.
mircea_popescu: since your best gcd algo seems to be one that expects x and 6 be same bitness, there's nothing wrong with making a buncha prefab such products-of-primes.
mircea_popescu: dude, why is every little thing such a fucking uphill struggle with you. suppose you wish to see if x is coprime with the number 2. you run gcd (x, 2). suppose then you wish to also see if x is coprime with the number 3. you run gcd(x, 3). all this is EXACTLY EQUIVALENT to running gcd (x, 6) : if this returns 2, it was not coprime with 2, and if it returns 3, it was not coprime with 3.
asciilifeform: on top of this, if you actually carry out a diff stream of instructions for 2047 and 2048, you leak the bitness of the integer under test.
asciilifeform: ( would be nifty if it were, tho... )
asciilifeform: primorial that fits in, e.g., 2047 bits, is not equal to '1st 2047 bits of primorial that fits in 2048'
asciilifeform: ( storing e.g. 8192 primorials, ~would~ work, tho ugly, but ~would~ leak the bitness when fired )
asciilifeform: 'product but up to bitness' dun do the same job
mircea_popescu: (i suppose if indeed you want to test MORE small primes than fit in one 8kb, you'll have a number of such composite numbers to test about. however many it takes. and yes, you can clever the knobs so they're not in strict order so that the composites are each exactly 8192 bits)
mircea_popescu: it's a one-shot thing, and it eliminates however many dozen small primes.
mircea_popescu: you simply gcd each candidate prime with the same "product of primes in order up to bitness"
mircea_popescu: just a 8192 bit number, equal to their product.
asciilifeform: soo hm, what's the idea, 8192 stored primorials ?
mircea_popescu: had you instead used 32 bit rsa, you'd have had two 16 bit primes you'd have daykin'd with 2×3×4×7×11×13 aka 0x5DD8
mircea_popescu: consider the simpler case of 16 bit rsa. you thus make two 8 bit primes. you daykin each of these with 210, which happens to be the 8 bit primorial, aka 11010010.
asciilifeform: ( i suspect btw that if there were , you could nail rsa, thinkaboutit )
asciilifeform: mircea_popescu: magic # primorials are unavoidable. but i dun immediately see how to make it go with daykin, there aint a bailey-borwein-plouffe-style algo for gcd
feedbot: http://bimbo.club/2019/01/philosophical-transactions-for-the-months-of-september-and-october-1715-part-ii/ << Bimbo.Club -- Philosophical Transactions. For the months of September and October, 1715 - Part II.
mircea_popescu: ~that~ is one of the exceedingly rare justifications for magic number. "what is this 2048 bit strange ?" "the product of the first as-many-primes-as-their-product-fits-in-2048-bits"
mircea_popescu: test as many small primes as their product is as many digits as your proposed large prime and be done with it, daykin will work ok for same bitness
mircea_popescu: one simple solution would be to just keep digit-appropriate primorial.
asciilifeform: and even a dog-slow gcd is still faster than knuth-division by each of million smallprimes.
asciilifeform: this isnt catastrophic (or surprising, apeloyee warned about it yr+ ago) , and the only place where need gcd is the pre-millerrabin primorial 'divisible by small primes?' litmus. but would still be good to cut the constant down.
asciilifeform: so anyffin we do for gcd is gonna be quadratic, q is strictly re the constant factor.
asciilifeform: it is interesting to note, i did an exhaustive dig re gcd algos; and found that there are half a dozen sub-quadratic ones, but none of those can be made constant-time.
asciilifeform: ( and then shifting out the 2^k )
asciilifeform: i suspect that it's possible to cure it by adding 2^k-multiples of the small Q instead of Q itself, tho
mircea_popescu: works well for the example he gave -- numbers with same digit count.
asciilifeform: ( e.g. 64 bits worth of 'increment this 4096-bit fz by 1' is roughly 400 years... )
asciilifeform: you get a potentially 'geological' number of steps that increment by 1.
asciilifeform: mircea_popescu: in moar pedestrian matters : daykin's algo , turns out, aint good for much -- at least, not in anyffin like orig form. consider the case where P is large ( but not at all close to complement(P) ) and Q is 1.
lobbes: this is encouraging. And if it occurs in 2020, then by that time I'll hopefully have built the solid foundation upon which to launch back into lordship in 2021.
mircea_popescu: lobbes on the positive side, at least now you know that should that occur, it won't occur in 2019.
mircea_popescu: asciilifeform yeah, give the phone thing a year or two, whynot.
mircea_popescu: asciilifeform no idea re esthlos . maths dude who did summaries, then fell behind, then caught on and wanted to put more effort into it, then fell behind again. maybe he re-emerges.
lobbes: possibly the bar to lordship will raise above me while I rebuild, but regardless I'ma keep rebuilding as it seems the only sane move for me. Ultimately, I just want to continue to be +ev for the republic and no way to do that without paying my technological debts
a111: Logged on 2019-01-05 14:28 mircea_popescu: lobbes recently unveiled actionbot, which works fine, and is evidently putting all time he can into paying off technological debt he's responsible for if not necessarily guilty of. nothing wrong with this, and it can stand as such.
lobbes: http://btcbase.org/log/2019-01-05#1884616 << imo, this is a perfect summary of my current state. I walked through the tmsr doors in ~2014 at roughly epsilon and 'learned as I went'. As a result, many of my projects here were built on unsteady scaffolding, and I have been slowly going back and pouring in proper foundations where needed ☝︎
BingoBoingo: <asciilifeform> and without pizarro, it will be very very cold and dark and we'll be drifting in the unforgiving vacuum of interstellar space. << Today crunching monthly numbers. Followed on the agenda by reviewing 2018/putting forth tentative plan based on those lessons 2018
asciilifeform: this concludes the 'state of asciilifeform' broadcast for nao -- plox to lemme know if i missed sumthing.
asciilifeform: to entirely round off the chalkboard, mircea_popescu may be interested to know that no one has called the 1-800 since we last spoke of it. the current summed cost stands at 12 orcbux, and is set to increment by 22 orcbux/mo ( we've spent the vendor's 'test drive' bait). i'ma cover the lunch money cost of this item until given to know that it aint wanted.
asciilifeform: ( there is also a 'giant ice40' that amberglint dug up recently, that gotta be tested, but i dun even physically have 1 yet, and deliberately not bought so as not to distract from moar urgent matters )
asciilifeform: there is also a serpent-on-ice40 thing, with similar level of unfinishitude; and a ice40-powered 'FG2', ditto.
asciilifeform: to round out the 'loose ends' thread -- asciilifeform also has a ~90% built node-walker and www front end for same. but it is in refrigerator, no one is direly starving for the lack of the thing, i expect i'll come back and finish it off strictly after ffa is fielded .
a111: 2018-10-23 <esthlos> http://btcbase.org/log/2018-10-19#1864316 << apologies alf, I'm running behind! trying to gather time to get caught up in the next week or two
asciilifeform: mircea_popescu: any idea what happened to esthlos ?
asciilifeform: and without pizarro, it will be very very cold and dark and we'll be drifting in the unforgiving vacuum of interstellar space.
a111: Logged on 2019-01-05 14:13 mircea_popescu: so : as far as i know, bingoBoingo is working on qntra and on pizarro. he's doing a very fine job with the former ; i'm nonplussed with recently discovering just how broken the latter's mp-wp offering actually was ; moreover it seems to me from a distance pizarro's still financially and customer-wise entirely dependent, ie as close to failure as you can possibly get without spelling it out.
asciilifeform: http://btcbase.org/log/2019-01-05#1884603 << BingoBoingo i'd ~really~ like to hear what is current plan for gettin' heathen custom, so as to finally get the hell out of the red. asciilifeform dun have a massive treasure chest that can run pizarro 'on battery' 4evah (hopefully not surprising, this) ☝︎☟︎
asciilifeform: i admit that i'm at least a little curious how phf finally managed escape velocity from the bigzone, but if he doesn't feel like spilling re subj, also won't cry. ☟︎
asciilifeform: hopefully he comes back soonish ( i'ma not even pester him re bolix, bolix is asciilifeform's personal war, learned not to expect help from anyone, and currently in refrigerator, i dun expect to spend much time on it while ffa undone )
a111: Logged on 2019-01-05 14:38 mircea_popescu: so, phf : how about you start clearly communicating yourself, beginning with a complete, correct and true to life adnotation of said discussion in your own hand, because this "ima go meditate on things until everyone involved forgot what i was meditating on" isn't a workable approach to intellectual life.
asciilifeform: http://btcbase.org/log/2019-01-05#1884626 << i suspect phf is hunting elk in kamchatka, or similar , atm ( i.e. still waiting for http://btcbase.org/patches?patchset=ffa refresh , so i dun think he's been at console much recently ) ☝︎☟︎
asciilifeform: ( already hats off to ave1 , who did year+ of gnat cleanup that asciilifeform was solidly convinced he'd have to do with own hands; and the fixed inlining gave us a ~2x ffa speedup 'for phree' ! )
asciilifeform: also at some point it'd be great to have a mips gnat, so i can plant ffa on pocket-sized irons. but that's for muchlaters.
a111: Logged on 2019-01-05 14:32 mircea_popescu: ave1 is, i suspect, silently working on gnating things -- which is fine and valuable except for the silently part. there's this tendency of lone wolf scientist to not properly report failures, out of an imaginary saving of time and resources this permits. it must be said that NOTHING could be further from the truth, nothing at all -- there's more to be gained from a properly reported failure to find than out of ten shiny succ