asciilifeform: code that is built with awareness of the pipeline ~cannot~ leave any room for ht to have any useful effect - elementarily

asciilifeform: it does 0 to well-written code -- other than slow down, and -- behold -- sometimes breaks semantics entirely

asciilifeform: http://btcbase.org/log/2017-06-27#1674906 << ht is not a legitimate concept, like, e.g., pipelining, but instead an ill-conceived attempt to speed up 'winblows as it existed at the time' ☝︎

asciilifeform: http://btcbase.org/log/2017-06-27#1674899 << lol it takes time to generate commentz, i not long got back from long lulztrip ☝︎

asciilifeform: hard to picture such exquisite torture implement arising through mere happenstance

asciilifeform: the latter must've been designed as an active fuckyou to people who actually enter text

asciilifeform: mod6: even rubbish membrane kbd that came with my 486 -- beats crapple lappy

asciilifeform: mod6: which is this

asciilifeform: all day long...

asciilifeform: crapple kbd is egregiously, insidiously deadly, has ~0 'give', is rather like pounding a table

asciilifeform: mircea_popescu: which is why i said to d00d, 'don't be disheartened '

asciilifeform: sorta like 'shit stuck to bottom of shoe' is 'shit', and never snack

asciilifeform: 'a discovered peer' == 'a sybil'

asciilifeform: more of a case of finely evolved nose. we can smell it at nearly ppb.

asciilifeform: 'auschwitz belly'

asciilifeform: ah so you meant dystrophy, not dysentery, neh

asciilifeform: which detail then

asciilifeform: shit where-they-stood a la africa ?

asciilifeform: or notyet

asciilifeform: did the kidz also droop salivate

asciilifeform: lol!!

asciilifeform: wb mircea_popescu !

asciilifeform bbl.

asciilifeform: this is like the perpetuum mobile. you cannot argue your way out of fundamental constraint.

asciilifeform: if you're sending bits from one to another, and using crypto that branches-on-secret-bits -- you are vulnerable.

asciilifeform: it doesn't matter what they are connected with.

asciilifeform: elementarily

asciilifeform: if they are connected, and communicate, they are not time-independent

asciilifeform: describe what they do, and how connected

asciilifeform: on any and all cpu cores.

asciilifeform: and memory accesses will take variant time based on recent operations, by any and all threads.

asciilifeform: 3) cache exists.

asciilifeform: 2) you might have a box with 2+ cpu where the scheduler puts both of your processes on 1

asciilifeform: 1 ) you might have a box with 1 cpu

asciilifeform: on a pc

asciilifeform: it is not possible to make guaranteed-independent-timewise processes

asciilifeform: already you have made an assumption that is false on all extant hardware

asciilifeform: illustrated in the earlier link.

asciilifeform: and the way to provably do this, is method called 'constant time arithmetic'

asciilifeform: you gotta say 'it will return answer in EXACTLY t units of time, no less AND NO MORE'

asciilifeform: UPPER as well as LOWER, that is

asciilifeform: sina: making 'constant time rsa' by trying to bury the rsa in a fixed 'box' of time, only works if you can guarantee LOWER bound of how long the rsa ops (ALL of them, till the end of time) take, as well as UPPER

asciilifeform: certainly not on a pc.

asciilifeform: arbitrary 'don't report the answer for T units of time' doesn't work, because you have no hard assurance of no spill. ☟︎

asciilifeform: if i have this knowledge.

asciilifeform: and it is == as not having the box.

asciilifeform: now i know that a certain % of the time your 'box' is spilled out of.

asciilifeform: now at some point your smm bios kicks in and spends 700ms adjusting fan speed. and i happen to know that this happens every whatever many seconds.

asciilifeform: while your rsa, for sake of argument, is 200-300ms long.

asciilifeform: say your time box is 1s

asciilifeform: understand: if your scheme cannot be proven to work : it does not work.

asciilifeform: not probably, lol

asciilifeform: *provably

asciilifeform: i.e. no-branches-on-secret-bits.

asciilifeform: and the only way to make it so that i can't -- and ~probably~ so -- is to do your arithmetic in constant time.

asciilifeform: because if i can make your thing spill out of the time 'box' which you made for it, i get >0 info re your key. again.

asciilifeform: the only way to make guaranteed time bound is... constant-time arithmetic

asciilifeform: answer: no

asciilifeform: re rsa

asciilifeform: EVERYONE eventually asks this ☟︎

asciilifeform: ( asciilifeform or whoever else. )

asciilifeform: sina: don't hesitate to ask

asciilifeform: (if i can unglue the auth from the payloads, because the latter are plaintext -- IT IS HOMEOPATHIC)

asciilifeform: and don't need irc-with-homeopathic-sprinkling-of-rsa for anything.

asciilifeform: WE ALREADY HAVE IRC!!

asciilifeform: this is elementary, and the fact that i have to, apparently, explain this, beggars the imagination

asciilifeform: or you have irc.

asciilifeform: but INSIDE - must have integrity.

asciilifeform: ^ see also mega-thread re subj more recently

asciilifeform: !#s opposable

asciilifeform: but instead ~decrypts~

asciilifeform: for gossipd auth

asciilifeform: sina: in the linked thread, mircea_popescu described why he did not want to use rsa ~signatures~

asciilifeform: you gain NOTHING from the crypto unless it is applied correctly - i.e. to whole channel.

asciilifeform: irc is exactly 'gossipd without crypto'. ☟︎

asciilifeform: as in fact using now.

asciilifeform: if i want this -- i will use irc.

asciilifeform: there is NO reason why enemy should be able to read and alter at will traffic b/w 2 nodes.

asciilifeform: 'ohai i authenticated and now lemme say [NSA INSERTS TEXT HERE] sincerely yours, mr.chump'

asciilifeform: no, it'd be a nickserv, sina

asciilifeform: wtf is the point of writing a proggy that leads to this.

asciilifeform: if enemy can ALTER PLAINTEXT EN ROUTE AT WILL AND LIKEWISE READ ALL OF IT

asciilifeform: wtf is the point of even having the challenge then !

asciilifeform: sina: why do you think mircea_popescu mentioned rsa in his spec ? to keep the room warm with cpu heat ?

asciilifeform: sina: yes. and it is not a far assumption, nobody will send plaintext wtf omfg

asciilifeform: unless it sends only 1 message and then both sides call it quits and never speak again.

asciilifeform: now your homework : prove that an rsa-only channel MUST re-use every key at least once

asciilifeform: if this is a surprise to you -- i recommend getting familiar with the basic arithmetic

asciilifeform: i can trivially tell when you've switched keys, strictly by looking at ciphertext ( is how rsa works. )

asciilifeform: long-term key.

asciilifeform: and if i can break 1, can break any and all. ☟︎

asciilifeform: ( by timing decrypts of session establish )

asciilifeform: 1 ephemeral key. say i break the station key.

asciilifeform: that's if i break 1

asciilifeform: and in particular http://btcbase.org/log/2017-06-17#1671581 . ☝︎

asciilifeform: http://btcbase.org/log/2017-06-17#1671568 << see also thread ☝︎

asciilifeform: ~no~ practical amount of noise adding is enough.

asciilifeform: sina: and the answer is, interestingly: no

asciilifeform: sina: this is a good q

asciilifeform: sina: http://wotpaste.cascadianhacker.com/pastes/Zy27g/?raw=true << current ffa.