log☇︎
78600+ entries in 0.022s
asciilifeform: aa
asciilifeform: did i miss a whole thread
asciilifeform: waiwat
asciilifeform: ( a ptron is permitted to be invoked with any bitness that is multiple of 64 )
asciilifeform: mircea_popescu: it'd be many moar , to correctly handle cases of 1-7 word too
asciilifeform: 'sorry you can't have multiplication in algebraic - branch-free - form ! That Would Be Wrong'
asciilifeform: srsly this entire exercise has been a brainmelting tour of the sheer unfathomable worthlessness of 'the litarature', 'the cryptography komyoonity', et al
asciilifeform: ( nobody seems to have produced a branch-free montgomery-reduction algo. or any other division-free modexp. )
asciilifeform: and then we can play.
asciilifeform: aite, nao all asciilifeform needs is a constantspacetime MODULAR exp algo that can be expressed with the mux primitive
asciilifeform: ( i'ma keep the general case, for nao, because it is always very easy to turn it into the above later. but not vice-versa. )
asciilifeform: so currently it is not obvious to me, which variant is Moar Right Thing
asciilifeform: you can reduce it algebraically
asciilifeform: 3 of course because no branching
asciilifeform: the unrolled-8word thing is 1 ) less general 2) harder to read with naked eye but 3 ) easier to prove correct
asciilifeform: there's still a dilemma tho :
asciilifeform: but apparently branch predictor dun matter so much when your entire thing is ~guaranteed to fit in cache
asciilifeform: itched to find, what if another 2x vrooom is possible.
asciilifeform: had to.
asciilifeform: mircea_popescu, phf , mod6 , et al ^^
asciilifeform: so imho it is not worth it.
asciilifeform: HOWEVER the actual result is : ~13% cut in execution time.
asciilifeform: so theoretically x86 branch predictor oughta be very very happy;
asciilifeform: it is loop- (and any other jump) - free
asciilifeform: ( yielding 16 word result )
asciilifeform: and so here http://wotpaste.cascadianhacker.com/pastes/hoM4U/?raw=true we have a combasquareatron explicitly unrolled for 8-word operand
asciilifeform: for simplicity, tested the case that actually happens in practice: on a 64bit box, any ffa width over 512 bits gives a strictly 8-wide comba mult ocurrence ☟︎
asciilifeform: soooo ACHTUNG PANZERS , asciilifeform went and actually tried http://btcbase.org/log/2017-08-08#1695511 : ☝︎
asciilifeform: srsly wtf, oughta have been written in 1993 at the latest
asciilifeform: but this being said , i am not even ready yet to barf re ref-keccak, i aint even yet done barfing re ffa not having already existed
asciilifeform: that and killing length extension attack idiocy
asciilifeform: mircea_popescu: amusingly that was almost whole point of keccak
asciilifeform: fwiw i have a half-built one here. on hold until p.
asciilifeform: the 'reference' is sad
asciilifeform: the algo strictly
asciilifeform: http://btcbase.org/log/2017-08-09#1696171 << it dun branch-on-secrets if correctly made. so yes fixed. ☝︎
asciilifeform bbl, meat
asciilifeform: sponge goes from any-input to desired-width-out
asciilifeform: mircea_popescu: nope that'd be classisal hashes
asciilifeform: or any other sponge
asciilifeform: keccak?
asciilifeform: mircea_popescu: mphf in a fixedtime fixedspace system is insane
asciilifeform brb
asciilifeform: http://btcbase.org/log/2014-11-26#934853 << thread ☝︎
asciilifeform: !#s martian problem
asciilifeform: erlehmann: you seem to be fixated on a problem that simply doesn't exist in sane contexts
asciilifeform: no program has any business being a billion line build.
asciilifeform: cut it. like procrustes, or into independent subsystems, i don't care how
asciilifeform: erlehmann: the building-clean thing is sanity. we had this thread. if your program is 'too big to always build clean', IT IS TOO BIG
asciilifeform: erlehmann: if it is present in whatever you are using instead -- your process is broken
asciilifeform: erlehmann: the problem you describe is absent in v
asciilifeform: erlehmann: are you familiar with how v works ?
asciilifeform: erlehmann: the problem however is not where you seem to put it
asciilifeform: no third.
asciilifeform: systems are to be fixed - i.e. brought into conformance with vtronics -- or discarded.
asciilifeform: they correspond to a vgraph with contradictory inputs.
asciilifeform: multiple include paths are retarded.
asciilifeform: flush the toilet.
asciilifeform: clean the fucking chalkboard
asciilifeform: didn't we do the STOP FUCKING PARTIALMAKING thread ?
asciilifeform: in erlehmann's context
asciilifeform: granted, but when would this come into play ?
asciilifeform: erlehmann: incidentally what exactly is a 'nonexistence dependency' ?
asciilifeform: you can do more or less whatever variations on whichever theme, you feel like, all it costs is a few extra chars in pubkey
asciilifeform: ( yet another reason for pmach )
asciilifeform: incidentally you get best attributes of both if you harness them as i described, via otpxor
asciilifeform: correct.
asciilifeform: i know of no others worth bothering with.
asciilifeform: aha.
asciilifeform: ( dun require any new primitives )
asciilifeform: at any rate it is just as easily implemented on pmachine as rsa. ☟︎
asciilifeform: i don't know of any hard, tangible reason to avoid it.
asciilifeform: but for above reasons i prefer rsa.
asciilifeform: possibly distaste is wrong word
asciilifeform: ( my distaste for it comes largely from it not being rsa, and from a suspicion that enemy has a partial pill against discrete logarithm problem , given that dsa was based on same )
asciilifeform: now if you want a pubkeycrypto where this proof actually exists, i know of exactly one : cramer-shoup
asciilifeform: thing ~assumes~ own conclusion ! acquinas-style.
asciilifeform: see problem ?
asciilifeform: ''When RSA is the underlying primitive, something even more is known: that the ability to forge with resources R in an attack which does not exploit some structural characteristic of the MGF implies the ability to invert RSA on random strings using computational resources only slightly greater than R.''
asciilifeform: here's a gem :
asciilifeform: mno, i did go & read
asciilifeform: replete with magicnumbers, 'random oracle' assumptions, 'perfect hash', and other maculae
asciilifeform: mircea_popescu: i looked at the pss thing, seems like simply yet another obfuscatorily-complex nsaological artifact
asciilifeform: ( if message dun match the prescribed structure -> forgery )
asciilifeform: whole point of the M+H(M) or no-go combo is to prevent forgery.
asciilifeform: waiwat
asciilifeform: ( if anyone recalls my sageprobe crack ? that was as simple as it was because the thing used crc as hash... )
asciilifeform: this problems was how we even ended up with cryptological hash functs
asciilifeform: you wouldn't want to use a checksum ( e.g. crc ) for decryptable-legit vs random rubbish distinguisher
asciilifeform: lol that's probably the worst conceivable
asciilifeform: ( i will also note, the problem with allowing packet fragging is that frag reassembly is a Something-To-Allcomers operation . )
asciilifeform: not necessarily
asciilifeform: ergo if you want to use the xor padding algo, you are stuck with payloads of half the size.
asciilifeform: you don't ~have~ 1024 bytes
asciilifeform: PeterL: think carefully, this is flawed logic
asciilifeform: !!up PeterL
asciilifeform: empirically
asciilifeform: PeterL: 512 is really top limit of 'guaranteed nonfragment no matter what'
asciilifeform: aite, i'ma let mircea_popescu handle pedagogical thread, brb
asciilifeform: ( while otherwise quality hash. my current favourite for this is keccak's hash )