asciilifeform: requirement for H is more or less the opposite of mircea_popescu's hash exercise -- it gotta compute in fixed time.

asciilifeform: ( importantly, the fact of said discard must not be discernible through timing side channel )

asciilifeform: you have a substring S in every packet, that gotta equal H(rest of the packet) or whole thing discarded.

asciilifeform: this is not to continue .

asciilifeform: where there is a ready-made 'shoot yourself in the head' button, conveniently under everywhere you might ever put your elbow

asciilifeform: PeterL: one of the most comical failure modes, ubiquitous in usg crypto, is the null cipher

asciilifeform: that's the more typical solution aha

asciilifeform: so why on earth would you permit anything like a 1 or 0 byte string ?!

asciilifeform: PeterL: so what was this : http://btcbase.org/log/2017-08-09#1695794 about ? ☝︎

asciilifeform: !!up PeterL

asciilifeform: not 1 byte more, not 1 less.

asciilifeform: L is e.g. 512.

asciilifeform: PeterL: don't permit messages of any length but L.

asciilifeform: ( but it will be rubbish if either of the 3 values is not the expected one)

asciilifeform: this produces a solution always.

asciilifeform: http://btcbase.org/log/2017-08-09#1695799 << of course it does. rsa decrypt is c^d(mod n) , where c is ciphertext , n is public modulus, d is private exponent. ☝︎

asciilifeform: aite, i'm walking the l0gz still

asciilifeform: use fixed size.

asciilifeform: http://btcbase.org/log/2017-08-09#1695792 << variably-sized packets are the mistake here. ☝︎

asciilifeform: in other quiteolds, http://werner-heisenberg.unh.edu/diary.htm

asciilifeform: ( 1.5s -- opteron 3Ghz )

asciilifeform: oh before i fughet, http://btcbase.org/log/2017-08-08#1695461 benchmark is 0.8s on crapple shitbook, and 2.52s on ye olde workhorse x60 ☝︎

asciilifeform: ( pixel blob instead of subj )

asciilifeform: but... censored nao

asciilifeform: nm loads from direct link

asciilifeform: 'this video is unavailable'

asciilifeform: gold

asciilifeform: '

asciilifeform: No one else did. Not theymos, not knighmb, not pirate, not silbert, not Jihan Wu. Not satoshi or asciilifeform. ☟︎

asciilifeform: '...he didn't rip people off.

asciilifeform: aahyes.

asciilifeform: gotta make sure to scoop from the right bathtub tho. wouldn't want to drink benjies from benjie tub

asciilifeform: solve national debt...

asciilifeform: while we're at it, why not yet a trillion $ / per peg on obummer's used knickers

asciilifeform: ( why not usg peg of trillion $ per gavincoin ! why think so small. )

asciilifeform: but also didjaknow, 'but what they can do is, after a hardfork happens, they could buy all the coins that the MP and the rest of whales dump into the market to try to kill the fork, and not only that, but they could pump it even higher by simply printing more money and pumping the price of "gavincoin" above legacy chain. what then'

asciilifeform: they oughta sell tickets, to watch this

asciilifeform: 'could you please explain (in detail) how they plan to scale bitcoin' ahahahaha

asciilifeform: not in monkeystan

asciilifeform: ( every single inline pragma in ffa is there because without it, stat. signif. uptick in run time on all of my iron )

asciilifeform: they also apparently never bother to actually profile

asciilifeform: no but oughta be.

asciilifeform: means pierced-pederast

asciilifeform: eh there's also that one they put near the arse, devil stoking a furnace

asciilifeform: evident

asciilifeform: also i thought mention of mp/trb/et al were a hangin' offense at tardstalk

asciilifeform: srsly comedy gold. betcha there's more of these, somewhere deep in the sewers

asciilifeform: 'They are diversified in eth already.' << didjaknow !

asciilifeform: intel found these ?

asciilifeform: pretty great

asciilifeform: ( thing still runs in constant time: N always walks the range of 1 to last digit of the width of our ffa )

asciilifeform: if anybody thinks he can -- plox to write in.

asciilifeform: however it does not seem possible to do without it. but i have not proven this impossibility.

asciilifeform: but the branch blows the lookahead and slows

asciilifeform: N isn't a secret nor does it vary with payload, it is the digit iterator,

asciilifeform: now wouldja believe i spent 3 wks trying to eliminate the if N mod 2 = 0 ... condition in Square_Comba

asciilifeform: mircea_popescu: very bare naked things, like bounds

asciilifeform: mircea_popescu: even the simpler, the former

asciilifeform: ( items published previously, omitted for clarity )

asciilifeform: http://wotpaste.cascadianhacker.com/pastes/PjGRp/?raw=true << current multers and squarers, for illustration

asciilifeform: hence why i went for man-provables.

asciilifeform: that anything at all is, is a marvel.

asciilifeform: veeeeery little is actually machine-provable.

asciilifeform: sadly nope

asciilifeform: rather than 1.

asciilifeform: however this would lengthen the program, and introduce 7 new algos to prove correctness of

asciilifeform: it thereby follows that i could unroll comba into explicit cases from 1 to 8 words ☟︎

asciilifeform: http://btcbase.org/log/2017-08-08#1695463 << i realized that this might not be true : the (empirically found, but seems to hold on all of my iron) threshhold for karatsuba +ev is > 8 words : ☝︎

asciilifeform bbl

asciilifeform: currently i suspect that this thing is at the theoretical limit of performance you can get without doing something nonportable.

asciilifeform: the O(N^2) algos cost moar then.

asciilifeform: aha.

asciilifeform: in particular msdos.

asciilifeform: (i.e. on archs with smaller bitness)

asciilifeform: however, the difference becomes more serious when operating with smaller words

asciilifeform: for only 25% shave off the run time, it would not be worth it: ☟︎

asciilifeform: given as the special square thing costs 143 lines

asciilifeform: mod6: i almost decided to throw it all out and use generic multiply-by-self for squaring again

asciilifeform: grr

asciilifeform: *karatsuba

asciilifeform: this is as good as it's gonna get without committing atrocities ( asm , parallelism, etc ) ☟︎

asciilifeform: in other noose, mod6 , phf , et al : http://btcbase.org/log/2017-07-10#1681208 nao 1.5s . ( this with karasbuba-squaring used in exp, and comba-squaring used as base case in the former. ) ☝︎☟︎

asciilifeform: ( dun mean it is useless - but it is in the class of homework imho )

asciilifeform: i.e. PeterL put in a great deal of sweat, it shows; but the result does not make my work any easier, unfortunately

asciilifeform: ( see thread. )

asciilifeform: still same thing as of the last one

asciilifeform: for the thick : a large portion of keys generated by the linked code, will phuctor immediately.

asciilifeform: it will kill the user.

asciilifeform: i understand what is meant by 'prototype', but an rsatron (ignoring for a moment the constant-time thing) that uses fermat's primality test as the sole probe, is analogous to a grenade with a half second fuse

asciilifeform: PeterL: http://btcbase.org/log/2017-07-08#1680382 << thread ☝︎

asciilifeform: at the same time i dun wanna discourage PeterL or other folks, from their exercises.

asciilifeform: because unfortunately all of it applies to this one

asciilifeform: i'ma save log space, and invite PeterL to read what i observed re the last d00d's gossipd prototype.

asciilifeform: PeterL: are you aware of the limitations of this test ?

asciilifeform: it dun look like miller-rabin

asciilifeform: also what is that primality test supposed to be

asciilifeform: nor even constantspace.

asciilifeform: PeterL: i have to rain on the parade, but i dun see what you win from writing own rsa in this one. py arithmetic is not constanttime

asciilifeform puts on conveyor

asciilifeform: i'm doomed to actually read this, arenti