log
234 entries in 0.43s
mircea_popescu: ad interim the draft is, that the client stores all the keys (rsa, serpent, whatever) one per line, the rsa ones in republican format, the rest unspecified as of yet, in a file called keys.tmsr encrypted by the rsa key of the client.
mircea_popescu: just note that eucrypt having rsa does in no manner hurt your serpent-only-phonecrypto putative app ; just like it having serpent dun hurt a "this is my pgp implementation" usecase, and so on.
asciilifeform: there is also a serpent-on-ice40 thing, with similar level of unfinishitude; and a ice40-powered 'FG2', ditto.
mircea_popescu: asciilifeform it doesn't ; nor will it, because what truly brings serpent in is the ~space~ not the time problem. ie, because of padding, straight rsa doubles message bulk, which is a major problem for online game.
mircea_popescu: the more i think about this whole serpent business, the more it becomes evident that the ~only~ way to have a cipher (not encryption, ie, asym keys, but enciphering, ie, simmetric keys) stronger than serpent is to ~mix rng bits~. ie, the weakest cipher is the one where len(E) = len(P), and they're all equally week, and 1 serpent worth. to go stronger, you must have something that has len(E) = a len(P) + b sorta thing. the key
mircea_popescu: but "here's the 256 serpent keys i want you to pick amongst" is not.
mircea_popescu: eg, client can (and well behaved client is expected to) send multiple serpent keys upon first connection.
mircea_popescu: well, serpent processor wants a serpent item to process.
mircea_popescu: but re your q : these 6 workers pick rsa from queuer ; and these 3 pick serpent from queue.
mircea_popescu: this machine for serpent, this machine for rsa, is the model here.
asciilifeform: mircea_popescu: how wouldja, e.g., 'these 6 cpus for serpent, these 3 -- for rsa' if yer packets are in 1 queue ?
mircea_popescu: "this is needed for the same reason as the generic at UDP lib previously - to allow one to store Serpent messages or RSA messages while maintaining them clearly differentiated" << why are you putting ducks and geese in the same line though ?
diana_coman: mircea_popescu, that was my current idea: 2 sockets, one for rsa and one for serpent, with different ports too
mircea_popescu: diana_coman does it then make sense to have a process that has a socket open and handles the serpent queue, and one proces with a different socket open handling the rsa queue (with a view that these :6666 and :6667 ports then get moved to separate machines if need be) ?
diana_coman: asciilifeform, I don't follow - 1mn clients can send 1mn datagrams to server, what has serpent to do ?
asciilifeform: diana_coman: you're cpu bound ( serpent ) so you likely will never hit the bandwidth bound. so the udpgrams will go in ~realtime.
mircea_popescu: so, i hear from cto the comms spec's mostly implemented. now, we're at the point where we wanna make a rsa and a serpent sender.
asciilifeform: there is also the 'install base pressure'. recall mircea_popescu's serpent thread, when looked like it may have to be scrapped, 'motherfucker, i built battleship on this thing and NOW you say to scrap'
mircea_popescu: we made our own keccak, we made our own serpent, you made / are making our own rsa -- time for our own ecc.
asciilifeform: in the end ragnarok anyway, yggdrasil topples, serpent nidhogg will eat world. why worry.
asciilifeform after the serpent thing has turned to a moar 'measure 7 times, cut 1' direction
asciilifeform: ( and even the serpent disk thing, even, if we ever get around to baking it )
asciilifeform: mircea_popescu: serpent's constanttime tho
mircea_popescu: asciilifeform my problem with "trying" is that you're stuck trying your serpent keys on stuff.
diana_coman: you're asking me? lol; look at implementation that it becomes exactly that: http://ossasepia.com/2018/11/10/smg-comms-chapter-7-readwrite-serpent-keysets-tofrom-serpent-messages/#selection-71.1721-71.1777
a111: Logged on 2018-11-10 16:52 asciilifeform: diana_coman: and while we're nitpicking, Serpent message types can be an enumeration (see barnes)
asciilifeform: diana_coman: and while we're nitpicking, Serpent message types can be an enumeration (see barnes)
deedbot: http://ossasepia.com/2018/11/10/smg-comms-chapter-7-readwrite-serpent-keysets-tofrom-serpent-messages/ << Ossasepia - SMG Comms Chapter 7: Read/Write Serpent Keysets to/from Serpent Messages
asciilifeform: mircea_popescu: re 'sad serpent hole', a d00d like shinohai could easily take my proggy and determine whether e.g. aes's, key expander is injective (afaik nobody ever bothered)
a111: Logged on 2018-10-29 05:07 asciilifeform: relatedly, asciilifeform tried to bake a proof that the lamehash keyinflater function of serpent is one-to-one ( i.e. actually carries 256bit of the key register's entropy into the 528 bytes of whiteolade ) and not only didnt , but realized that afaik no such proof exists for any 'troo' hash also ( incl keccak.. )
a111: Logged on 2018-11-02 14:27 deedbot: http://www.loper-os.org/?p=2675 << Loper OS - The Serpent Ciphers Key Schedule Transform is Injective.
deedbot: http://www.loper-os.org/?p=2675 << Loper OS - The Serpent Ciphers Key Schedule Transform is Injective.
asciilifeform: mircea_popescu: soo asciilifeform had a bit of sleep and wakes up and turns out the serpent thing has a twist ending
mircea_popescu: the point you make re serpent is solid -- discussions, by the dumptruck. of anything and everything BUT. went there, yielded within the week.
mircea_popescu: yes, well, the entirety of the morning's discussion reduces to "what the fuck've you been spading, i only hear about serpent-this nao".
mircea_popescu: yes, well, i'm not calibrated by you wth. srsly, what you did to serpent wasn't stroke of genius, but simply spade work. you dispute this ?!
asciilifeform: it's essentially what serpent's ( and afaik errybody's ) key inflater already does. except that it doesn't bother to tell you, simply shits out a colliding output.
mircea_popescu: anyway, no, i'm not married to serpent. i don't even fucking like it that much. i even said so!
asciilifeform: it's how even ended up with serpent.
mircea_popescu: yes, but wrong approach to it all! "here's why serpent's no good, here's why i don't like dea-aes etc, here's rabin method, imo best" IS something.
mircea_popescu: asciilifeform it's obvious, we don't even know serpent is in fact no good, hence "you persuasively suggest may not be good (but not actually done the work to turn that suggestive theory in practice)"
mircea_popescu: good thing we have strong entreopy, to run serpent off it.
mircea_popescu: why is s.mg better off with republican stack than with java stack ? it's still using serpent!
mircea_popescu: the only different element is that today, unlike in 2015 (and not even RIGHT NOW, today as in this year) diana_coman published serpent code.
asciilifeform: ( and , recall, mircea_popescu almost talked me out of it, 'nobody needs iron disk crypter with questionable serpent' )
asciilifeform: mircea_popescu: fwiw i tried all kinds of approaches to breaking serpent in '16
mircea_popescu: i said to diana_coman "implement serpent". that's it.
asciilifeform: unlike the massive pile of pgpgrams-cum-aes we've collectively shat out all over the net, nobody's even ciphered anyffing with serpent of yet, aside from diana_coman's tests
asciilifeform: mircea_popescu: you haven't launched $billion mars probe with serpent in silicon. so you have option ( not proposing 'let's rabin! right nao!' , it's naturally a measure-7-times-cut-1ce subj )
mircea_popescu: i foresaw this need, in 2015. i put 10 btc behind encouraging people to fix the problem. it died an ignominous death, what i have is serpent, that's what it is.
mircea_popescu: so the way this is going now -- serpent is going to be perfectly good (tm) for the republic, because the republic is the republic of slow moving, mentally confused morons that miss their opportunities to speak usefully.
mircea_popescu: not for his crime of "being smart" and "figuring out the true truth". but for his crime of saying things out of time. because there was a fucking time for this discussion, and it was strictly BEFORE s.mg paid money for people to work their ass off in preference of playing with their kids to get it a serpent.
mircea_popescu: im not attached to serpent in any way other than in the following sense you're well fucking advised to pay attention to : 1. s.mg is a corporation, meaning ith's here to make money. 2. s.mg is also trying, but as a fucking distant second, to be a "good" corporation, however that is politically defined. it doesn't give a fuck about this, not in any deep sense, if the money's good it'll go against policy, and CHANGE policy as i
asciilifeform: ( pretty lulzy, btw, i had nfi mircea_popescu were so attached to serpent, nao i feel sad, it's almost like i killed his dog or wat )
deedbot: http://www.loper-os.org/?p=2661 << Loper OS - The Serpent Ciphers Key Schedule Equation System, in Graphical Form.
asciilifeform: i'm almost curious nao, just which nadia will be getting professorship from 'discovering' the serpent lul.
a111: Logged on 2018-10-31 20:41 asciilifeform: ( no prizes for guessing why holyshit.png doesn't appear in the orig 'serpent' paper, or the mountain of 'analysis' ... )
mircea_popescu: in other news, this rapidly deteriorating day (it fucking rained on me at the beach, on TOP of serpent being as tight as hilary's ass) was saved by my ... 404 mn ecu pop in Eulora. very high % valuyable shit, too!
asciilifeform: mircea_popescu: the bigger saddity, is that i dun have anything to offer to plug-in replace 'serpent', nao just as in '16 when mircea_popescu was offering prizes
diana_coman: well, we'll have at least serpent-tiles for interior design
asciilifeform: ( no prizes for guessing why holyshit.png doesn't appear in the orig 'serpent' paper, or the mountain of 'analysis' ... )
asciilifeform: it's a matrix of http://www.loper-os.org/pub/serpent/serpent_with_reduction.txt , prepped for gaussian row-reduction ( xor-sat is in p! motherfuckers ) with horiz. axis -- key bitz, vertical -- expansion bits...
asciilifeform: diana_coman: serpent lulz make sense thus far ?
a111: Logged on 2018-10-30 21:36 asciilifeform: if all (a0..a31, b0..b31, ...) appear in the expansion, then serpent aint actually braindamaged in the sense originally contemplated by asciilifeform .
asciilifeform: http://www.loper-os.org/pub/serpent/serpent_with_reduction.txt << for the impatient.
deedbot: http://www.loper-os.org/?p=2645 << Loper OS - Serpent Ciphers Key Schedule in Algebraic Form: with Reduction.
asciilifeform: if all (a0..a31, b0..b31, ...) appear in the expansion, then serpent aint actually braindamaged in the sense originally contemplated by asciilifeform .
asciilifeform: and, if we feel like it, can apply the sboxes of http://ossasepia.com/2018/02/22/eucrypt-chapter-11-serpent/#selection-87.13307-87.14692 and produce a 100%-algebraic statement of the entire key inflater.
deedbot: http://www.loper-os.org/?p=2632 << Loper OS - Terms -88 of the Serpent Ciphers Key Schedule in Algebraic Form.
asciilifeform: gotta point out, serpent aint dead yet
mircea_popescu: i suppose that could be the backup alternative then : if we end up ditching serpent, we use a rsa packet to move ~1.4kb of entropy for initializing the mt, and then use mt generated pads for a cipher.
mircea_popescu: as best i can tell -- the only options are either keep using serpent or else use some kind of recursive hash otp
asciilifeform: test is straightforward, you take yer vintage serpent and feed in k1,string, get ciphertext1, k2,string, get ciphertext2, and observe that the ciphertexts are same (cuz key expanded to same thing)
a111: Logged on 2018-10-29 19:39 asciilifeform: pretty handy proof , however, that the xor liquishit on the right hand side of those serpent eqs, doesn't conserve entropy !
asciilifeform: http://btcbase.org/log/2018-10-29#1867215 << dun feel sad, serpent had to hang on asciilifeform's wall for 2yrs before this. ☝︎
asciilifeform: pretty handy proof , however, that the xor liquishit on the right hand side of those serpent eqs, doesn't conserve entropy !
asciilifeform: pretty tired from curing serpent.
mircea_popescu: weaker than serpent.
asciilifeform: for lulz, would be interesting to dig up the list of 'luminaries' who voted for serpent. ( last i recall, it was public )
asciilifeform: btw i seem to recall that the original mircea_popescu & diana_coman thread where 'let's try serpent' turned up that the current 'paper' is not in fact the original, and the orig has evaporated. nao gotta wonder what was in it.
asciilifeform: hilariously, i have a tall pile of academiliquishit re serpent right here on desk, and it ALL without exception dwells on the sboxes & lineartransform, 0 discussion of key schedule.
a111: Logged on 2018-10-26 17:04 mircea_popescu: in short, because this winding discussion risks overwhelming buffers, the salient points are a) that i'm not ready to go to war over serpent, it's a meh-maybe item ; b) that building our spearheads around items we're not willing to die for may be how the converse of http://btcbase.org/log-search?q=bitcoin+corrupts altogether.
a111: Logged on 2018-10-26 16:48 mircea_popescu: i am experimenting with serpent, and yes it's borne of that ancient discussion of ours, but i'm nowhere near-ready to bake it into "this is tmsr secure disk"
asciilifeform: relatedly, for shits & giggles asciilifeform has been reading a 'digital evidence' law school textbook, for entomological/ameritardological studies, and it goes out of its way to mention 'serpent sank an fbi case'
asciilifeform: thus far, afaik, we already know that there aint 2**256 possible 528-byte serpent expandedkeys. nor 2**128. and as i currently suspect, not even 2**64 .
asciilifeform: the actual bitness of serpent , seems like, is so small as to be iterable on pc.
asciilifeform: logic : take the key inflator http://ossasepia.com/2018/02/22/eucrypt-chapter-11-serpent/#selection-87.13060-87.13306 ;
asciilifeform: mircea_popescu: not only were you right, but i just about have a handle on deriving the factual key bitness of serpent..
diana_coman: asciilifeform, no proof that I'm aware of, as per earlier http://www.dianacoman.com/2017/11/22/taming-of-the-serpent-in-ada/#selection-49.0-49.393
asciilifeform: ( in serpent inflator, the only ops are xor, rotate, and sboxation, all 3 conserve entropy )
asciilifeform: actually, funnily enuff , i nao see a proof for serpent's, but not keccak
asciilifeform: relatedly, asciilifeform tried to bake a proof that the lamehash keyinflater function of serpent is one-to-one ( i.e. actually carries 256bit of the key register's entropy into the 528 bytes of whiteolade ) and not only didnt , but realized that afaik no such proof exists for any 'troo' hash also ( incl keccak.. )
asciilifeform: ^ summary of serial i/o processor thing asciilifeform baked. will be applicable even if we come up with sumthing less sad than serpent, in fyootoor.
asciilifeform: http://btcbase.org/log/2018-10-29#1866964 << specifically in the context of the 'crypto contest' where serpent was trotted out, there was a loud and pompous 'here's ciphers, with jusfifications!' circus. so imho the excuse of 'not knew to wash hands yet' is not available ☝︎
asciilifeform: https://www.cl.cam.ac.uk/~rja14/Papers/serpent.pdf ( pdfturd! ) << near as i can tell, is the 'full paper' referred to in the 'short'
asciilifeform: mircea_popescu: i have a serious wtf re serpent, and neither the s.mg/classic ada, nor the orig paper, has helped me to make sense of it, and i'm suspecting that i'm thick... so here it is:
deedbot: http://www.loper-os.org/?p=2627 << Loper OS - Serpent in ICE40, Part 2.
mircea_popescu: i certainly see the point re "explore the space" ; and yes a serpent implemented as both eulora workhorse and verilog is better studied than just former.
a111: Logged on 2018-10-26 16:08 asciilifeform: mircea_popescu: in re these lulz, at one point asciilifeform dug for 'anybody ever verilog-ified serpent?' and found a stack of 'papers'. any src ? mno. but plenty of 'discussion' of supposed 'implementation', in the traditional nadia henninger style .
asciilifeform: i admit, the seekrit reason asciilifeform could even be arsed to pick the thing up, is that to write serpent in maximally algebraic form might tell us sumthing useful re the weakness.