log☇︎
64300+ entries in 0.034s
asciilifeform: it's a problem common to pretty much all folx who experiment regularly with techno-crapolade
asciilifeform: at any rate not proposing that i single-handedly uncalibrate mircea_popescu , i suspect that other folx contribute, lol
asciilifeform: i aint got so much else than spade.
mircea_popescu: and very good that you did it, and yes for some-incomprehensible-reason "people" dun seem to be ever doing it, but it's still what it fucking is -- self evident and systematically applicable to any and all other ciphers.
mircea_popescu: yes, well, i'm not calibrated by you wth. srsly, what you did to serpent wasn't stroke of genius, but simply spade work. you dispute this ?!
asciilifeform: ( as it is asciilifeform floods the l0gz )
asciilifeform: sometimes i suspect that i threw mircea_popescu's 'how hard is $problem' meter out of all possible calibration, given as very often when asciilifeform posts a thing, it is result of year or two of experimentation; and on other hand if i put ~all~ of the intermediates and dead ends into the l0gz, there'd scarcely be any room for anyffing else
asciilifeform: it's approx 10 lines on top of ch11 .
asciilifeform: back upstack, this is why i even suggested rabinism, it's a less-expensive rsa that actually plugs into this hole.
asciilifeform: ( you want exponentiation, tho, i.e. actual rsa op, or snoop can get n2 by gcd of successive msgs )
mircea_popescu: in which case yes, it'd seem at least one workable method is for parties to declare F=RSA-n1n2(x) and then use its spew as otp pad for all their stuff.
mircea_popescu: asciilifeform in fact, as eulora comms mandate the parties know at least one rsa key of each other, it becomes eminently possible to use (session-based!) n1*n2 for this purpose.
asciilifeform: 'rsa as expander' imho is easier to reduce to 'known difficulty' than 'find roots of ~randomly-picked polynomial' is
mircea_popescu: nothing wrong with using the RSA as the f, but idea remains.
a111: Logged on 2018-10-30 19:50 mircea_popescu: asciilifeform ok, how about this : let K being the key n bits long (say 512), and let f(x) = 2 * K[0] * x ^ n + 3 * K[1] * x ^ n-1 + 5 * K[2] * x ^ n-2 + 7 * K[3] * x ^ n-3 + 11 * K[4] * x ^ n-4 +...+ 3643 * K[n-2] * x ^ 2 + 3659 * K[n-1] * x + 3659. f(x) will produce a pile of bits, this pile is cut in half and xored together, the result is cut in half again. one such half is returned as the prng output ; the other such half
mircea_popescu: (the whole idea behind eg http://btcbase.org/log/2018-10-30#1867780 is that the only way for this to work is to have both a key AND an input. which... it is.) ☝︎
asciilifeform: (cult of 'fast on pc' is how we ended up with all kindsa rubbish. if you want sumthing to be fast, folx, bake iron around it! like civilized folx! )
mircea_popescu: imo very good key expander, other than the fact it's kinda slow.
asciilifeform: right, took me a few sec to see that it aint
mircea_popescu: asciilifeform i dunno this is exotic.
asciilifeform: the 'nobody has priv' is not even a necessary condition, if you can make it so that only the parties who are actually party to the link, have it.
asciilifeform: it smacks of the nonsense the z-whateveritwascalled people, did
asciilifeform: promisetronic, tho, i dun like it.
asciilifeform: nao i'd still rather have 'the key is the fucking key', but gotta point out for the l0gz that the problem contemplated earlier, is in principle solvable.
asciilifeform: afaik the only way to approximate this object is to take, e.g., all of l1, and multiply their public mods together.
asciilifeform: mircea_popescu: btw here, if we must, is an example of an injective key expander that is physically possible, but requires an exotic object : a rsa pub that nobody has the priv to. then can 'hash-expand' by rsa-enciphering message to it.
asciilifeform: none of this 'key is 256b but REAL key is 528 bytes' strange
asciilifeform: design the cipher around the bitness of the key you actually want to use.
asciilifeform: why this whitening sadness.
asciilifeform: the other point, is that i dun see why even have key-inflaters. use rng for the fucking key, all of it
mircea_popescu: anyway, back to it : "blockcipher takes 10 bits of P and no more ; spits out 16 bits of E exactly" a) needs entropy and b) probably reduces to rsa-with-oaep.
asciilifeform: ( if mircea_popescu can, i promise to read )
asciilifeform: err, nope. can't presently think of one.
asciilifeform: it is possible to have a hash like this. simplest example,
mircea_popescu: imo there's a difference between "the hash for this plaintext is undefined" and "we've divided the space of possible plaintexts in synonimy rings for your convenience (which we separated packagely)."
asciilifeform: ( or >1, nothing in re rejecting some inputs, guarantees that there aint )
asciilifeform: there'd still be 1 possible output for erry valid input tho
asciilifeform: it's essentially what serpent's ( and afaik errybody's ) key inflater already does. except that it doesn't bother to tell you, simply shits out a colliding output.
mircea_popescu: something like that.
asciilifeform: i.e. 'sorry, this won't output a hash' ?
asciilifeform: 1 is that you lose bits somewhere ; what's the other ?
mircea_popescu: nfi what anglo terminology is, but -- obviously all bijective functions are reversible ; however there's TWO ways in which to not be bijective.
asciilifeform: ( e.g. multiplication of primes, is a ~conjectured~ trapdoor, we dun have any provable trapdoors, nobody ever discovered such afaik )
asciilifeform: the only way to guarantee non-reversibility , is to lose sumthing
asciilifeform: if there's 1 possible output for each input, then it's an 'sbox' , and reversible ( potentially )
mircea_popescu: no, cuz could be non-bijective the other way!
asciilifeform: but! if it is not injective! then you have collisions waiting for you.
asciilifeform: but if a transform is injective, it is necessarily reversible.
mircea_popescu: yes! hence the shredder!
asciilifeform: there is btw a deeper point re key-expanders -- there is a fundamental contradiction between two of the things that folx both want from 'cryptographic hash'. one one hand, they demand 'not reversible', but on other hand they ~also~ demand 'conserves key space'
mircea_popescu: entirely possibly ; wouldn't even be the first time, at that.
asciilifeform: i simply cannot rule out the hypothesis of 'quimby laughs' entirely, is all.
asciilifeform: mircea_popescu: i'm actually ready to believe that we're finders of actual find, rather than 'quimby is laughing'
mircea_popescu: it does ~seem~ to be weaker than my own intel indicates, but fuck that spot. ☟︎
mircea_popescu: anyway, no, i'm not married to serpent. i don't even fucking like it that much. i even said so!
asciilifeform: 'don't cross that road' 'don't get on that plane'
mircea_popescu: "why did you not see this spot here"
asciilifeform: mircea_popescu: i'm moar of a coroner than oncologist.
mircea_popescu: comes up in eg expert oncologist training lots more than anyone'd like.
asciilifeform: ( and from-whom. in e.g. 2009 i did not have any friends with coin, and loathed to use 'exchanges' )
mircea_popescu: hey, "why didn't you see the goat" is in the end a boundless question, "i just fucking didn't. i don';t know why, obviously it's there, but i did not see it"
BingoBoingo: mircea_popescu: No, thank you for the liquidity
asciilifeform: to this day i take erry possible chance to buy some up, when i got with what.
asciilifeform: mircea_popescu: dunno about this. even 3y ago i saw 10coin as a fortune.
mircea_popescu: BingoBoingo ty. will proceed forthwith, shall keep you posted.
mircea_popescu: but this aside -- i suspect you also don't work... how shall i put this... everyone's eval-er that keeps them from making coffin liners works on some heuristics. and i suspect your heuristics are out of whack with the insanity that is bitcoin. ie, the important and the unimportant don't get all that clearly separated.
asciilifeform: mircea_popescu: point being, i actually take the 'causes, not purposes' thing seriously. even have a poster ver. of it, for pet.
BingoBoingo: mircea_popescu mod6: Here's the data center's info to get the wire to them http://p.bvulpes.com/pastes/WH2Fe/?raw=true
mircea_popescu: why, our medals are way the fuck cooler.
asciilifeform: if i worked for medals, would work in derpistan academy of sciences, rather than with mircea_popescu et al
asciilifeform: i dun work for prizes, medals, mircea_popescu knows this. ☟︎
mircea_popescu: but the manager in me wouldn't never buy it, because management goes a certain way, and distrusts a certain way.
asciilifeform: in fact i still dig for 'winner' even tho nobody offers prize !
asciilifeform: so i dun see from where this .
asciilifeform: mircea_popescu: i ( and afaik nobody else ) actually put substantial effort into playing in yer tourney
mircea_popescu: dimes from 2015 are millions in 2020, this sort of thing.
mircea_popescu: BECAUSE, bitcoin, and ~everything else in the republic this bitcoin is the currency of, ~~~EVERYTHING ELSE~~~~ has a very unlinear time function.
mircea_popescu: here's the one point i am making, overarchingly and i should hope as loudly as humanly possible : ~THERE IS MAJOR BREAKAGE IN THE EVAL FUNCTION~, whereby man looks at 10btc in 2015, thinks "$500" or w/e it was, and then goes "the amt of anti-superficial $500 buys me is one hour, not one day nor one week".
asciilifeform: if tomorrow i tell mircea_popescu how to build death ray, will rage, 'why didntcha back in '98' ?
asciilifeform: mircea_popescu: from your pov, find is obvious ? ( if obvious, why are we the first to find it ? )
mircea_popescu: so a review of extant candidates is not a self-obvious first step in attempting to sit down for such a competition ?
asciilifeform: but they did not .
asciilifeform: i suppose if the gods had whispered into my ear 'go algebraize the scheduler, even tho it is not actually needed for any implementation, and you'll find buried treasure', would've dug
mircea_popescu: which branch we keep of this contradictory 1=0 ?
mircea_popescu: "<mircea_popescu> as much as you have now, could have been had then! for, literally, 1-2 man-days, at teh most. you dispute this ?" "<asciilifeform> mircea_popescu: nope. couldn't" "<mircea_popescu> sooo! what portion of this do you dispute ?" "<asciilifeform> that 'could have then' "
asciilifeform: that 'could have then'
mircea_popescu: sooo! what portion of this do you dispute ?
mircea_popescu: as much as you have now, could have been had then! for, literally, 1-2 man-days, at teh most. you dispute this ?
asciilifeform: i have a 'i want to find out what it loox like in algebraic form , let's fpga it'
mircea_popescu: yes, but wrong approach to it all! "here's why serpent's no good, here's why i don't like dea-aes etc, here's rabin method, imo best" IS something.
asciilifeform: or whether rsa reduces to factoring.
asciilifeform: ferfuxxsake we still don't know the complexity class factoring falls into.
asciilifeform: i still dun have a proper 'winner' for that tourney ! and neither does anybody else
mircea_popescu: and i have like a strong suspicion that nothing else you did hence had the same btc/hour return, either.
mircea_popescu: it's healthy, let alone necessary, to rage in certain circumstances. this here being a fine fucking example -- because i still not for a second believe had you earnestly sat ass down in 2015 you couldn't have earned that 10 coin.
asciilifeform: mircea_popescu: you have my word that i did not sit on 'ceiling tiles', posted immediately when got'em.
asciilifeform: rage, it's good for circulation. but then come back an' think.
asciilifeform: say tomorrow mircea_popescu finds out that factoring is in P . will rage ? at whom ? what if he finds it himself, without any help ?
asciilifeform: so that aint news
asciilifeform: we already ~did~ know that it has no proof of nonretardation, when picked it up