asciilifeform: oh hey it's a clock item

asciilifeform: d00d has perfectly working pgpkey.

asciilifeform: gpg1.4.10

asciilifeform: it imports here

asciilifeform: indeed

asciilifeform: lolk

asciilifeform: he means bitness-of-wordsize - number of shifts

asciilifeform: and i suspect that he is right that it would beat doublewide-x variant.

asciilifeform: nonleaking variant of apeloyee's algo.

asciilifeform: is what i described above neh

asciilifeform: apeloyee: Shift(A, S mod W) leaks S mod W on machines without a barrel shifter.

asciilifeform: not only an idea, but afaik the only practical method that isn't W-shifts-by-1-with-mux

asciilifeform: this is in fact cheaper than knuth div.

asciilifeform: you shift by all possible whole word shifts, and mux-keep the correct one; then shift by all wordsize-1 possible subword shifts, and muxkeep the right one.

asciilifeform: hm i think i finally see what algo apeloyee was trying to implement ( the pseudocode doesn't actually do it )

asciilifeform: second, ~any~ wholeword shift leaks info re the shift amount, because different address sequence .

asciilifeform: first of all, didja ever say how to dispose of the 'while' statement ?

asciilifeform: ln 41: Scratch2 := Shift(A, S1);

asciilifeform: ln 36 : A := Shift(A, S mod W);

asciilifeform: there are 2 invocations of conventional ffa shift :

asciilifeform: let's do it in detail

asciilifeform: https://archive.is/2zA45 << apeloyee's 'secret shift'

asciilifeform: apeloyee: it ain't log(bitness) ! not if you don't want to leak any info re the shift amount.

asciilifeform: http://btcbase.org/log/2017-09-21#1716617 << see also ☝︎

asciilifeform: the one posted by apeloyee -- leaks

asciilifeform: which is same work as knuthdivide.

asciilifeform: and to make this untrue, you gotta do W (bitness of ffa) shifts by 1, at all times.

asciilifeform: a shift by multiple of the wordsize takes considerably less time than by not

asciilifeform: your secret shift leaks timing, apeloyee

asciilifeform: apeloyee: didja deliberately ignore my observation where multiword shift is intrinsically different timing than subword ?

asciilifeform: apeloyee was right in that c is always 2^oneplusbitnessofx / m .

asciilifeform: i'ma stop trying to talk in 2 terminals nao, brb

asciilifeform: actually apeloyee http://btcbase.org/log/2017-10-05#1721256 << strike that, 8192 is correct ☝︎

asciilifeform: http://wotpaste.cascadianhacker.com/pastes/3AEPB/?raw=true

asciilifeform: we have knuthian division, it gives quotient and remainder

asciilifeform: 2 ^ 4096 is a 4097-bit number

asciilifeform: c cannot equal 1 !

asciilifeform: ( just like in ordinary barrett . )

asciilifeform: from the actual quotient.

asciilifeform: meant to say that it differs by from 0 to 4 multiple of m .

asciilifeform: ^ also misprint, good catch

asciilifeform: of r, consequently, same as of m .

asciilifeform: of x is 0 .. (2^8192) - 1 .

asciilifeform: range of m is 1 .. (2^4096) - 1 in this example.

asciilifeform: but yes, misprint, the 'p' oughta read 'm'

asciilifeform: work it out on paper.

asciilifeform: 4096. ☟︎

asciilifeform: nope

asciilifeform: modulus

asciilifeform: oughta be self-powered

asciilifeform: !!rated apeloyee

asciilifeform: '...identifying the files through the contractor’s use of a popular antivirus software made by Russia-based Kaspersky Lab, these people said.' << lol re http://btcbase.org/log/2017-08-18#1700468 smear ☝︎

asciilifeform: meanwhile : https://archive.is/lTyAW >> 'Russian Hackers Stole NSA Data' lolz

asciilifeform: i'ma leave this as exercise, and if it stays unobvious, demonstrate laters.

asciilifeform: quite nearly.

asciilifeform: there is no way around this, if you proceed after div0, you are in neverneverland. fortunately writing pcode where div0 demonstrably never happens, is not difficult.

asciilifeform: a div0 does not have a defined result, and any program that attempts it is resultingly nonsense. the ancients got this right.

asciilifeform: terminates the program.

asciilifeform: however div0 trap cannot leak timing, because it is a fatal condition

asciilifeform: ( as is 0, and this costs us, because you gotta have the div0 trap )

asciilifeform: 1 is a possible output of a - b. or whatever other combinatorics.

asciilifeform: aha, integers. not integers-with-thesehere-holes.

asciilifeform: reals dun exist on a comp

asciilifeform: as in, i get to , e.g., r = x mod ( a - b ) for some a, b

asciilifeform: it is if defined over integers.

asciilifeform: mircea_popescu: 'holes' in arithmetic suck, because they are inescapably branch conditionals. if i could not prove that div0 is impossible in the course of, e.g., modexp intermediate steps, ffa would be a wholly impossible thing.

asciilifeform: bad enuff that we gotta check every single motherfucking unknown integer for equality to 0, before feeding it into division or modulo

asciilifeform: ( modulo 0 is disallowed, it is same as a div0 )

asciilifeform: yields 0.

asciilifeform: modulo 1 is a permitted op

asciilifeform: mno

asciilifeform: ( can you prove that cramer-shoup, or whatever we go with next yr, worx in yer alt-arithmetic, lol )

asciilifeform: going for ordinary arithmetics in ffa, not oddball alt-arithmetic.

asciilifeform: ( i actually did consider, 'special case for x = 1 ' but now you've broken the constanttimealwaysandforeverness )

asciilifeform: otherwise we'd use montgomerization and call it a day

asciilifeform: recall, whole point is to make modexp that worx for all inputs

asciilifeform: nogood

asciilifeform: continuing http://btcbase.org/log/2017-10-05#1721063 , this is not an ordinary mult, we only want the upper half of the bits . ☝︎

asciilifeform: will need asymmetric comba, too...

asciilifeform: ( we're talking about a 3fold speed difference )

asciilifeform: revisiting upstack, http://btcbase.org/log/2017-10-05#1721061 suggests that i'ma have to go back to the old karatsubatron, which did not insist on powers-of-two bitnesses ☝︎

asciilifeform: it dun sow or reap

asciilifeform: from where else does crown get resources, lol

asciilifeform: ( sores: https://archive.is/EIZJC and elsewhere )

asciilifeform: flow...'

asciilifeform: btw re nypd, oct. 23 2014 : 'Thanks to a massive $160 million investment, the New York City Police Department is on its way to receive a combination of up to 41,000 smartphones and tablets. Known as the NYPD Mobility Initiative, which will be mostly financed by criminal asset funds provided by the Manhattan DA's Office, the goal is to provide the the city's law enforcement with tools that can improve and streamline their overall work

asciilifeform: iirc state officials, even including governor, dun get crypto.

asciilifeform: nah that one's in usg proper

asciilifeform: ( issued to nomenklatura )

asciilifeform: mircea_popescu: iirc 'sectera' nsa-issued pnoje, is quoted at 7k ea.

asciilifeform: toilet seat in 1980s in pentagon, famously, 5k usd ea.

asciilifeform: overhead!11

asciilifeform: meanwhile, in today's 'reality winnings', http://wotpaste.cascadianhacker.com/pastes/AwtB5/?raw=true

asciilifeform: mircea_popescu: http://btcbase.org/log/2017-09-05#1710827 ☝︎

asciilifeform: then allbetsareoff and i've nfi

asciilifeform: nah, simply for same reason street sweepers don't -- if you give'em terminals, ~0 packages will get stamped

asciilifeform: i dun think customs monkeys get terminals

asciilifeform: mircea_popescu: could easily be a matter of weight. iirc each of the prev. uk purchasers, got >1

asciilifeform: cruciform: https://archive.is/CGQkR << 26 sept.

asciilifeform: plunder focuses on the human ones.