Forum logs for 09 Aug 2017
asciilifeform: | in other quiteolds, http://werner-heisenberg.unh.edu/diary.htm | [00:10] |
BingoBoingo: | "The chickens on the lower floor bother me a little, though their usefulness makes sense to me in every way." << What redditard would accept this compromise! | [00:17] |
BingoBoingo: | "In Urfeld it turns out that over night the garden was trampled by deer." << Who could have predicted free food would just walk by and make a mess of your labor food. | [00:19] |
shinohai: | Venison + Salad .... mmmmmmm | [00:24] |
mod6: | <+mircea_popescu> meanwhile in lulz for alf, https://bitcointalk.org/index.php?topic=1959633.msg19501495#msg19501495 << HEH | [00:44] |
deedbot: | http://qntra.net/2017/08/a-list-of-known-bitcoin-ransom-cases/ << Qntra - A List Of Known Bitcoin Ransom Cases | [00:48] |
BingoBoingo: | !~later tell cazalla ty | [00:48] |
jhvh1: | BingoBoingo: The operation succeeded. | [00:48] |
BingoBoingo: | !!up edivad | [02:14] |
deedbot: | edivad voiced for 30 minutes. | [02:14] |
edivad: | hallo | [02:15] |
edivad: | i'm a junior sysadmin trying to install trb on my VPS without success | [02:15] |
mircea_popescu: | specifically ? | [02:15] |
edivad: | https://thepasteb.in/p/P1hvEKZkQp3Sl | [02:15] |
edivad: | fwiv it seems that V download seals and patches but then the bitcoin source code is not included, and i should gather it on my own? | [02:17] |
mircea_popescu: | are you using what, mod6 's recipe ? | [02:17] |
edivad: | yes, following these instructions since the beginning: http://thebitcoin.foundation/trb-howto.html | [02:18] |
edivad: | tried both online and offline mode, with zero luck | [02:18] |
mircea_popescu: | did you do 0x09, gathered vpatches ? | [02:19] |
edivad: | yes | [02:19] |
mircea_popescu: | mod6 did a u160 test item end up stranded in there ? | [02:21] |
mircea_popescu: | edivad this is somewhat odd as i recently had a new node configured, came out just fine. | [02:21] |
edivad: | tried also yestereday to troubleshoot with mod6, (there was another issue related to the locale of my OS, then fixed with him), but now i'm stuck at 0x0B | [02:21] |
mircea_popescu: | seems you're missing a file for some reason. | [02:22] |
edivad: | i'm on ubuntu 16.04, fresh installation | [02:22] |
mircea_popescu: | that wouldn't do anything. | [02:23] |
trinque: | > patch: not found | [02:23] |
edivad: | maybe it's just a permission problem? | [02:23] |
trinque: | no, you're missing the utility patch. | [02:24] |
mircea_popescu: | doh. | [02:24] |
mircea_popescu: | edivad sudo apt get patch eh. | [02:24] |
edivad: | was an assumption in the tutorial? | [02:24] |
mircea_popescu: | well, it's technically part of core linux, but apparently they ship systems without. | [02:25] |
mircea_popescu: | will prolly have to add patch to the pile at the end eh. | [02:25] |
edivad: | patch is already the newest version (2.7.5-1). | [02:25] |
mircea_popescu: | i have 2.6 | [02:26] |
mircea_popescu: | edivad can you run it from command line ? | [02:26] |
edivad: | yes | [02:26] |
mircea_popescu: | this is bizarre. try the actual line from the .sh that fails ? (prolly the first one to string match "patch") ? | [02:27] |
edivad: | guys, i'm gonna having asap my usual generous amount of morning coffee, since i was typing in the wrong VPS | [02:28] |
mircea_popescu: | lol! | [02:29] |
edivad: | now just installed patch on the right vps | [02:29] |
trinque: | loller | [02:29] |
mircea_popescu: | ah so okay. that makes more sense then. | [02:29] |
* mircea_popescu | was bracing self for "o look, new version of patch, breaks downstream" lulz. | [02:29] |
edivad: | gonna report even in case of success | [02:29] |
mircea_popescu: | a sound policy. | [02:29] |
* trinque | to bed, to dream of tomorrow's generous amount of morning coffee | [02:33] |
mircea_popescu: | enjoy. | [02:33] |
* BingoBoingo | wishes trinque a night with no strange knocks on door | [02:37] |
edivad: | may I take advantage of my troubleshooting sign up into the channel to ask about tmsr? | [02:41] |
mircea_popescu: | ask away | [02:41] |
edivad: | thanks, basically i was reading the universal plan for wealth | [02:41] |
mircea_popescu: | !!key edivad | [02:41] |
deedbot: | Not registered. | [02:41] |
mircea_popescu: | you can just register a key you know. | [02:41] |
edivad: | !!key edivad | [02:42] |
deedbot: | Not registered. | [02:42] |
mircea_popescu: | !!help | [02:42] |
deedbot: | http://deedbot.org/help.html | [02:42] |
edivad: | thanks | [02:42] |
edivad: | nice | [02:42] |
BingoBoingo: | !!up edivad | [02:45] |
deedbot: | edivad voiced for 30 minutes. | [02:45] |
edivad: | I know bitcoin since a couple of years and learned the hard way how to protect my funds and stay away from scams. Now I finally got into the sweet spot where I realized how many orders of magnitude my savings are safer in bitcoins | [02:45] |
edivad: | Then after this "sweet spot", also the universal plan for wealth makes sense to me | [02:46] |
mircea_popescu: | so good for you. | [02:46] |
BingoBoingo: | edivad: Ah, so at this point reading into TMSR history will be very beneficial for girding yourself against long cons and other social engineering attempts against your wealth and your self. | [02:47] |
edivad: | but my question is: as a student without a regular jub, should I need to a aim at a minimum wage job, to possibly apply for credit and then fly away to a second/third word country, get a decent house, marry and reproduce? | [02:50] |
mircea_popescu: | how is another man going to answer that question for you ? | [02:50] |
edivad: | or there is a better way to get credit, without harming finance of my family (so not asking to them to put collaterals for my loans) | [02:51] |
mircea_popescu: | this is how growing up goes : you take stock of situation, you make a plan, you implement it. | [02:53] |
BingoBoingo: | edivad: Which socialist hellhole do you reside in now? | [02:54] |
edivad: | mircea_popescu: because the universal plan for wealth makes some great guidelines, but then since every situation is different, I'm trying to understand if there is a better approach for who hasn't already a job and is studying | [02:54] |
edivad: | BingoBoingo: italy | [02:55] |
BingoBoingo: | Have you considered working construction? | [02:55] |
mircea_popescu: | what are they to build in italy ? | [02:56] |
BingoBoingo: | STADIUMS! | [02:56] |
BingoBoingo: | For the latest wave of Vandals! | [02:57] |
edivad: | in this summer holidays aside of ruinous altcoin trading I've done some painter job paid 5 euros/hour | [02:58] |
edivad: | since it was the first work experience, I was even able to enjoy it | [02:59] |
edivad: | but then after a month i realized that I was needing a better plan | [03:00] |
mircea_popescu: | i can see that heh | [03:00] |
BingoBoingo: | Painting done well is a perfectly respectable trade. | [03:01] |
BingoBoingo: | And it's a rather portable skill | [03:01] |
edivad: | well, I have a spare brazilian passport in the drawer, so when I've read the universal plan, I instantly got some very powerful energy for a future exit plan | [03:02] |
deedbot: | http://qntra.net/2017/08/y-combinator-startups-begin-overt-political-discrimination/ << Qntra - Y Combinator Startups Begin Overt Political Discrimination | [03:04] |
edivad: | now that i've registered my pgp key, should i be able to authenticate signing something? | [03:08] |
BingoBoingo: | edivad: Just remember that hunger can be the most devious thief of all as evidenced by kakobrekla's 500 BTC car. Every situation is different, but many of them rhyme. | [03:08] |
BingoBoingo: | edivad: You authenticate by decrypting something. | [03:09] |
edivad: | OK | [03:09] |
mircea_popescu: | and in random other lulz : it's funny how the libertards worshipping at the watergate shrine usually omit to mention that by then washington post had been a libel tabloid for years. somehow dillard stokes' name never comes up. somehow they don't seem to notice it always was simply us sturmer. | [03:10] |
edivad: | make[3]: c: Command not found | [03:10] |
edivad: | in this case what is missing? | [03:11] |
mircea_popescu: | gcc ? | [03:11] |
edivad: | gcc is already the newest version (4:5.3.1-1ubuntu1). | [03:11] |
BingoBoingo: | http://qntra.net/2017/08/a-list-of-known-bitcoin-ransom-cases/#comment-107260 | [03:12] |
BingoBoingo: | !!up bounce | [03:12] |
deedbot: | bounce voiced for 30 minutes. | [03:12] |
mircea_popescu: | edivad your makefile is getting mangled somewhere. | [03:12] |
edivad: | let me copy the entire error log | [03:13] |
edivad: | https://thepasteb.in/p/BghP57zQGWycY | [03:14] |
BingoBoingo: | !!up edivad | [03:16] |
deedbot: | edivad voiced for 30 minutes. | [03:16] |
edivad: | tried now to install the common bitcoin core dependencies with apt | [03:16] |
edivad: | but no luck | [03:16] |
edivad: | when i'll login again in IRC, what command should i use to authenticate? | [03:17] |
mircea_popescu: | !!key edivad | [03:18] |
deedbot: | http://wot.deedbot.org/2774E3A42199C93B528647ECD19963F9A5C443AC.asc | [03:18] |
mircea_popescu: | use !!v in pm to deedbot. | [03:18] |
mircea_popescu: | !!rate edivad 1 painter/student | [03:18] |
deedbot: | Get your OTP: http://p.bvulpes.com/pastes/brgvw/?raw=true | [03:18] |
edivad: | let me try | [03:19] |
mircea_popescu: | and in other civilised behaviours : always remember to hold pinky elevated! http://68.media.tumblr.com/e0686d449baf8a8d73a2199a83f7780c/tumblr_o1f357D0Zh1sr105eo1_1280.jpg | [03:19] |
BingoBoingo: | !!up edivad | [03:21] |
deedbot: | edivad voiced for 30 minutes. | [03:21] |
BingoBoingo: | !!key edivad | [03:21] |
deedbot: | http://wot.deedbot.org/2774E3A42199C93B528647ECD19963F9A5C443AC.asc | [03:21] |
mircea_popescu: | lol nothing works for this guy does it. | [03:21] |
BingoBoingo: | !~later tell trinque maybe look into the edivad deedbot registration thing? Guy is having a hard time | [03:23] |
jhvh1: | BingoBoingo: The operation succeeded. | [03:23] |
mircea_popescu: | edivad do it here. | [03:23] |
edivad: | ok | [03:24] |
edivad: | !!v | [03:24] |
mircea_popescu: | ... | [03:24] |
mircea_popescu: | read the help would you. | [03:24] |
edivad: | !!up | [03:25] |
deedbot: | Get your OTP: http://p.bvulpes.com/pastes/WQBqO/?raw=true | [03:25] |
edivad: | !!v 47E94847E0937D49A0D0EBF20F880C396B416F19177CCDCF756E42A74558A76B | [03:28] |
deedbot: | You are now voiced in #trilema | [03:28] |
edivad: | wow :) | [03:28] |
edivad: | thanks BingoBoingo for the help | [03:29] |
BingoBoingo: | you are welcome | [03:32] |
edivad: | a thing that i've not asked and now i remembered | [03:32] |
edivad: | is allowed/polite to scrape all the btcbase.org/log website? | [03:32] |
mircea_popescu: | you could just make your own logger. | [03:33] |
edivad: | I've done it yesterday for a friend that asked me a dvd with the logs inside, to read them when on holiday with no internet access | [03:33] |
mircea_popescu: | nothing wrong with it. | [03:34] |
mircea_popescu: | they also end up on archive.is, because the bot archives links and the odds of a whole day going by without a single log reference are small. | [03:34] |
edivad: | ok thanks, intially i thought that maybe doing 400-500 mb of http traffic could be seen as a bad thing | [03:35] |
mircea_popescu: | well so if you thought that you could have asked before rather than after eh. | [03:36] |
mircea_popescu: | anyway, forward your thanks to phf for allowing your exericse. | [03:36] |
edivad: | i know, it wasn't a smart move, but if you see a spike of traffic now you know that it wasn't a ddos attempt | [03:37] |
mircea_popescu: | i don't maintain btcbase phf does. | [03:37] |
* mircea_popescu | bbl | [03:38] |
edivad: | phf: so, sorry for not having asked before | [03:38] |
* BingoBoingo | unsure phf really will notice one complete scrape | [03:40] |
edivad: | it was about 250 mb iirc | [03:41] |
edivad: | but i've done two times becouse the first has gone wrongly to the standard output | [03:42] |
deedbot: | http://phuctor.nosuchlabs.com/gpgkey/B47B72AF088972BB3797D9E788CB4552536D6536CAB9BD720FAC499CC89527BF << Recent Phuctorings. - Phuctored: 1537...4537 divides RSA Moduli belonging to '210.48.108.183 (ssh-rsa key from 210.48.108.183 (13-14 June 2016 extraction) for Phuctor import. Ask asciilifeform or framedragger on Freenode, or email fd at mkj dot lt) <ssh...lt> ' (gordon.mostfm.com. NZ AUK) | [03:54] |
deedbot: | http://phuctor.nosuchlabs.com/gpgkey/B47B72AF088972BB3797D9E788CB4552536D6536CAB9BD720FAC499CC89527BF << Recent Phuctorings. - Phuctored: 1781...1313 divides RSA Moduli belonging to '210.48.108.183 (ssh-rsa key from 210.48.108.183 (13-14 June 2016 extraction) for Phuctor import. Ask asciilifeform or framedragger on Freenode, or email fd at mkj dot lt) <ssh...lt> ' (gordon.mostfm.com. NZ AUK) | [03:54] |
mircea_popescu: | !!up PeterL | [10:06] |
deedbot: | PeterL voiced for 30 minutes. | [10:06] |
mircea_popescu: | what happened to your key ? | [10:06] |
PeterL: | hi, thanks for the !!up, my key is on another computer | [10:06] |
mircea_popescu: | aite | [10:07] |
PeterL: | http://btcbase.org/log/2017-08-08#1695498 << this is completely unrelated to sina's item | [10:07] |
a111: | Logged on 2017-08-08 23:26 mircea_popescu: PeterL http://btcbase.org/log/2017-08-08#1695421 << is this supposed to interface with sina's item ? | [10:07] |
mircea_popescu: | alright | [10:07] |
PeterL: | I looked at miller-rabin, and switching over to that algorithim is quite simple | [10:08] |
mircea_popescu: | found a c impl somewhere ? | [10:08] |
PeterL: | I tested the fermat test, and with 100 numbers of 1024 bits deemed prime by the fermat test, 50 were found to be composite by miller-rabin | [10:09] |
mircea_popescu: | aha. | [10:09] |
PeterL: | so yes, using the fermat test would be bad | [10:09] |
mircea_popescu: | and mind that m-r is a ~probabilistic~ test. | [10:10] |
mircea_popescu: | you gotta have the params set correctly | [10:10] |
PeterL: | http://btcbase.org/log/2017-08-08#1695504 << so the program goes through the keys and checks the decryption against each challenge-string | [10:11] |
a111: | Logged on 2017-08-08 23:33 mircea_popescu: PeterL +# IMPORTANT NOTE: if the cs is too small, messages have a chance to get decrypted by the wrong key << what is the logic behind this ? | [10:11] |
PeterL: | if you have a 0 byte cs, then every message looks good | [10:11] |
mircea_popescu: | um. | [10:11] |
PeterL: | using the wrong key will result in a random byte string, so with a cs of 1 byte, you have 1/256 chance of looking like it was the right key | [10:12] |
mircea_popescu: | 0 length isn't usually what one thinks of when seeing "too small". same istrue if 1 byte string ? | [10:12] |
mircea_popescu: | uh. | [10:12] |
PeterL: | so I guess "too small" would be something like two or less? | [10:12] |
PeterL: | not that using the wrong key will give you the plaintext message, but that if it uses the wrong key and happens to match the cs for that key, it will pass the pile of garbage on to all the peers | [10:14] |
mircea_popescu: | so you are telling me that m ^ e ^ d mod n always has an integer solution for randomly chosen parameters. | [10:14] |
PeterL: | well, won't that calculation always result in an integer? | [10:14] |
mircea_popescu: | yes, but would that integer then also be m ? | [10:15] |
PeterL: | oh, wait, no, I didn't see the extra ^ e in there | [10:16] |
mircea_popescu: | this is the basis of rsa : m ^ e ^ d = m mod n | [10:16] |
mircea_popescu: | or how shall i best put it, that's not equality but modulo congruence. whereby 7 = 5 mod 2 | [10:16] |
PeterL: | if you have an encrypted text c, then c ^ d mod n will give an integer, without previously knowing m, how will you check for congruence? | [10:17] |
mircea_popescu: | PeterL the logical approach would be to include a checksum neh ? | [10:23] |
mircea_popescu: | https://www.ti89.com/cryptotut/rsa3.htm << very handy rsa tutorial in that it uses base 10 and alphabet-indexing for letters. so one can actually rsa by hand and get a good model of what's going on. | [10:24] |
PeterL: | aha, that seems like a logical solution. | [10:24] |
mircea_popescu: | PeterL the broader point here being that you can't warn the user about things he can't control. you gotta provide for it yourself. | [10:25] |
mircea_popescu: | PeterL the other problem this discussion reveals, of course, is that you aren't using any padding ? | [10:29] |
PeterL: | this is the padding algorithm described by alf: take random bits r and message x, encrypt r to key A and encrypt (r XOR x) to key B | [10:31] |
mod6: | edivad's environment is indeed some sort of non-developer version of linux that has almost no tools pre-installed. also, had some non-english version, which my V does not work with. Yesterday asked him to remove gpg v2, and install v1.4.10. | [10:32] |
mircea_popescu: | PeterL and then you add key A and B to the message at the end so recipient can un-pad ? | [10:32] |
mod6: | These problems should be resolved once sane environment is achieved. | [10:32] |
PeterL: | no, recipient goes through his list of keys A and B until he finds the one that decrypts it | [10:32] |
mircea_popescu: | ... | [10:32] |
mircea_popescu: | i think you misconstrue alf's padding algo. | [10:32] |
PeterL: | that is also possible | [10:33] |
mod6: | meanwwhile, I'll add a preface to the HOWTO doc on the minimum requirements. thanks to diana_coman for gathering them up once upon a time. | [10:33] |
mircea_popescu: | now : textbook rsa (the sort of thing you seem to be discussing, above) has no semantic security and on top of that is malleable. | [10:33] |
mircea_popescu: | it's not useful in the field. | [10:33] |
PeterL: | that is what we were trying to fix, no? | [10:34] |
mircea_popescu: | long fixed problem, so not really. | [10:34] |
mircea_popescu: | now, alf's scheme is probably valid padding, though it is very expensive. it works like so : to encrypt a message m to key X, you : a) generate two one-time keys, A and B. you encrypt some bits of m to A and some to B, randomly chosen. you pile together : the bits of m encrypted with A, the bits of m encrypted with B, the schedule of which is which, and the keys A and B into one large m' | [10:35] |
mircea_popescu: | and THAT you then encrypt to key X and send ove.r | [10:35] |
mircea_popescu: | what gpg normally uses is called OAEP | [10:36] |
mircea_popescu: | !!up PeterL | [10:36] |
deedbot: | PeterL voiced for 30 minutes. | [10:36] |
mircea_popescu: | it's a sort of two-box permutation thing. | [10:37] |
mircea_popescu: | basically it takes a random string, jumbles it with the original message, and spits out two halves. the hope with it is that it provides all-or-nothing security, in the sense that to recover any bit of the message you need to correctly process the entire pair of jumbled strings. | [10:38] |
PeterL: | this thing? http://btcbase.org/log/2017-02-14#1613906 | [10:40] |
a111: | Logged on 2017-02-14 19:19 asciilifeform: specifically, for every byte you intend to send, you instead send two: x, y. which you generate by obtaining rng byte r, and payload byte b, and x := b xor r, y := r | [10:40] |
mircea_popescu: | similar, but not exactly. | [10:41] |
mircea_popescu: | oaep works like this : given hash and hash' hash functions, calculate X as hash(m00) xor G(r) and Y = r xor hash'(X). | [10:42] |
mircea_popescu: | because hash and hash' are used to stretch/reduce the bitlength of their parameters, something like mpfhf (which permits arbitrary sized outputs/inputs) could work well but is also slow. | [10:44] |
mircea_popescu: | and besides, not muchly tested yet. | [10:45] |
mircea_popescu: | and upstream, to make clear what "semantic security" means : rsa is deterministic, if i wish to see if your "encrypted" string really was message m, all i have to do is encrypt m myself. if the results match i have cryptographic confirmation. | [10:46] |
PeterL: | is that a good thing? | [10:47] |
mircea_popescu: | (and, of course, for short messages ie shorter than n i can just compute the e-root). | [10:47] |
mircea_popescu: | PeterL terrible, terrible thing, which is why irl rsa is always padded. | [10:47] |
mircea_popescu: | and since we're apparently doing rsa likbez : if r used in padding above contributes less than n / e^2 bits of entropy to the final, padded message, coppersmith has a few words to tell you. | [10:49] |
mircea_popescu: | (and they are http://www.di.ens.fr/~fouque/ens-rennes/coppersmith.pdf ) | [10:50] |
PeterL: | mircea_popescu linking to a pdf, what is the world coming to!? | [10:52] |
mircea_popescu: | i know right ? | [10:52] |
PeterL: | in " n / e^2 bits of entropy ", what are n and e, the key modulus and exponent? | [10:55] |
mircea_popescu: | yes. | [10:55] |
PeterL: | do you mean the bitsize of n and e, or the actual numbers? | [11:04] |
mircea_popescu: | !!up PeterL | [11:07] |
deedbot: | PeterL voiced for 30 minutes. | [11:07] |
mircea_popescu: | i mean the bitsize it's not just that though, partially known secrets, low exponents etc all conspire to empwer the latice reduction. | [11:08] |
PeterL: | how low is low for an exponent? | [11:08] |
PeterL: | and what partially known secrets here? | [11:09] |
PeterL: | is 65537 big enough for an exponent? | [11:10] |
mircea_popescu: | 3, generally. that, you never know. yeah. | [11:12] |
deedbot: | http://trilema.com/2017/se-vende-joyeria-fina/ << Trilema - Se Vende Joyeria Fina | [11:49] |
mircea_popescu: | anyway, let it be said that there's nothing wrong with oaep as far as we know, but for the sake of argument a mpfhf based padding scheme would conceivably work like this : 1. given message m, of length l, generate r = random bits, of length l' up to l but not less than 256 bits. 2. compose m' = r + m + c (in that order), where c is l - l` (and its bitness is always same as the bitness of len(m')-256). 3. compose Pm = R + S + | [11:58] |
mircea_popescu: | c (in that order), where R and S are produced by mpfhf(m') with R len set to c (bitness same as bitness of len(Pm). Pm will be the padded message sent to RSA. The recipient will have to undo mpfhf with known R and S to obtain m. | [11:58] |
mircea_popescu: | this scheme is both slow and bulky. it is not likely useful for gossipd-style comms. it is certainly valuable for signing material, especially because rsa signature is much more padding-vulnerable than encryption and perhaps for some limited encryption work. | [11:59] |
mircea_popescu: | !!up PeterL | [12:14] |
deedbot: | PeterL voiced for 30 minutes. | [12:14] |
mircea_popescu: | PeterL so if you feel like writing a mpfhf reverser... afaik nobody has to date. | [12:14] |
BingoBoingo: | !!up PeterL | [13:07] |
deedbot: | PeterL voiced for 30 minutes. | [13:07] |
PeterL: | I will check in later once I am back at my computer with my key to verify this conversation has been with the real PeterL | [13:10] |
PeterL: | I will have a look at making a reversing function for the mpfhf | [13:11] |
BingoBoingo: | !~ticker --market all | [13:22] |
jhvh1: | BingoBoingo: Bitstamp BTCUSD last: 3298.67, vol: 13040.95962783 | Bitfinex BTCUSD last: 3294.8, vol: 30614.16409473 | BTCChina BTCUSD last: 3325.733768, vol: 12852.97540000 | Kraken BTCUSD last: 3337.978, vol: 6685.96834593 | Volume-weighted last average: 3306.45847118 | [13:22] |
mircea_popescu: | works | [13:27] |
PeterL: | mircea_popescu: if l is less than 256, then l' = 256? | [13:30] |
PeterL: | for your padding scheme above ^ | [13:31] |
mircea_popescu: | no. l' = rnd(0, l) if l' < 256 l' = 256. | [13:31] |
mircea_popescu: | and rnd(256, l) is not equivalent because who the fuck knows what rnd does when a > b. | [13:32] |
PeterL: | so not more than rather than not less than 256 | [13:32] |
asciilifeform: | http://btcbase.org/log/2017-08-09#1695792 << variably-sized packets are the mistake here. | [13:32] |
a111: | Logged on 2017-08-09 14:11 PeterL: if you have a 0 byte cs, then every message looks good | [13:32] |
mircea_popescu: | huh ? | [13:32] |
asciilifeform: | use fixed size. | [13:32] |
mircea_popescu: | asciilifeform i was discussing a more general rsa scheme, not gossipd specifically. | [13:32] |
asciilifeform: | aite, i'm walking the l0gz still | [13:33] |
mircea_popescu: | but yes, for unrelated reasons fixed size is the right choice for gossipd. | [13:33] |
PeterL: | asciilifeform, I am not sure I understand what you are getting at here | [13:36] |
asciilifeform: | http://btcbase.org/log/2017-08-09#1695799 << of course it does. rsa decrypt is c^d(mod n) , where c is ciphertext , n is public modulus, d is private exponent. | [13:36] |
a111: | Logged on 2017-08-09 14:14 mircea_popescu: so you are telling me that m ^ e ^ d mod n always has an integer solution for randomly chosen parameters. | [13:36] |
asciilifeform: | this produces a solution always. | [13:36] |
asciilifeform: | ( but it will be rubbish if either of the 3 values is not the expected one) | [13:36] |
asciilifeform: | PeterL: don't permit messages of any length but L. | [13:37] |
asciilifeform: | L is e.g. 512. | [13:37] |
asciilifeform: | not 1 byte more, not 1 less. | [13:37] |
asciilifeform: | !!up PeterL | [13:37] |
deedbot: | PeterL voiced for 30 minutes. | [13:37] |
PeterL: | right, my scheme was doing that | [13:38] |
asciilifeform: | PeterL: so what was this : http://btcbase.org/log/2017-08-09#1695794 about ? | [13:38] |
a111: | Logged on 2017-08-09 14:12 PeterL: using the wrong key will result in a random byte string, so with a cs of 1 byte, you have 1/256 chance of looking like it was the right key | [13:38] |
PeterL: | It checks to see if it is using the right key by comparing the decrypted text agains a pre-known challeng-string (cs) | [13:39] |
asciilifeform: | so why on earth would you permit anything like a 1 or 0 byte string ?! | [13:39] |
PeterL: | mircea_popescu suggested instead using a checksum | [13:39] |
asciilifeform: | that's the more typical solution aha | [13:40] |
PeterL: | who am I to stop people from sabotaging themselves? | [13:40] |
asciilifeform: | PeterL: one of the most comical failure modes, ubiquitous in usg crypto, is the null cipher | [13:40] |
asciilifeform: | where there is a ready-made 'shoot yourself in the head' button, conveniently under everywhere you might ever put your elbow | [13:40] |
asciilifeform: | this is not to continue . | [13:40] |
PeterL: | I see. | [13:41] |
PeterL: | I am still learning here, the last time I came and said "how do I know if I have used the right key to decrypt it?" nobody suggested a checksum, now I will try to figure out how that would fit into the program | [13:43] |
asciilifeform: | you have a substring S in every packet, that gotta equal H(rest of the packet) or whole thing discarded. | [13:44] |
asciilifeform: | ( importantly, the fact of said discard must not be discernible through timing side channel ) | [13:45] |
asciilifeform: | requirement for H is more or less the opposite of mircea_popescu's hash exercise -- it gotta compute in fixed time. | [13:45] |
asciilifeform: | ( while otherwise quality hash. my current favourite for this is keccak's hash ) | [13:45] |
mircea_popescu: | asciilifeform man, you're mixing industrial process into educative discourse without any sort of rhyme or reason, resultin in some very confuysed and eventually frustrated people. | [13:45] |
erlehmann: | PeterL 1. write grammar 2. ??? 3. never correct invalid input, nuke it from orbit instead | [13:46] |
asciilifeform: | aite, i'ma let mircea_popescu handle pedagogical thread, brb | [13:46] |
mircea_popescu: | don't even have to, but consider the context. yes "it's what rsa is", that's what i'm checking, that he knows. | [13:47] |
mircea_popescu: | erlehmann wanna do that ? | [13:47] |
erlehmann: | mircea_popescu nope. | [13:47] |
mircea_popescu: | how come ? | [13:47] |
PeterL: | so for longer messages, they will get cut into chunks. It it better to check the first chunk until you find the right key and then use it to dercypt the whole message, or do you want to decrypt the whole message with every key (to hide the fact you found a match)? | [13:47] |
mircea_popescu: | PeterL the cutting into chunks should happen prior at some client level. it's ok if your think accepts no messagtes lonmger than x. irc doesn't either. | [13:48] |
mircea_popescu: | your thing* | [13:48] |
PeterL: | but I want to make longer messages possible | [13:49] |
mircea_popescu: | why ? | [13:49] |
PeterL: | why not? | [13:49] |
erlehmann: | mircea_popescu it feels like work. i had that experience a few minutes ago, when i explained to a rando on the train the concept of non-existence dependencies. | [13:49] |
mircea_popescu: | because udp packets if nothing else besides "longer" is not the same as endless. | [13:49] |
mircea_popescu: | erlehmann so what, you're of a firm "will only work for evil empires" persuasion ? | [13:50] |
erlehmann: | no, just tired | [13:51] |
mircea_popescu: | in other lulz, /me went to open bank account today. you can not BELIEVE how fucking pussy whipped these people are. a) bank's only wire intermediary is bank of america. why ? uh... that's what the other banks do too. but... why ? umm... is it because you schmucks are a us colony, in the sense you don't get medicare and they still get all your shit anyway ? uhhhh | [13:52] |
PeterL: | well, udp packet is alot bigger than the 512bytes that fit in a rsa packet, why waste all the space? | [13:52] |
mircea_popescu: | b) they want to... "know your customers". bitch, it's none of your fucking business ? uh no, because ley so and so say so. | [13:53] |
asciilifeform: | PeterL: 512 is really top limit of 'guaranteed nonfragment no matter what' | [13:53] |
mircea_popescu: | im guessing i'll be taking ads in the local newspaper, "looking for lawyers willing to sue the government, apply within". | [13:53] |
mircea_popescu: | PeterL how did you come uop with the 512 value ? | [13:53] |
asciilifeform: | empirically | [13:53] |
mircea_popescu: | asciilifeform damn. listen you! | [13:53] |
PeterL: | do we need guarentee non-fragment ? | [13:53] |
PeterL: | and if we are sending to key A and B, we will need 1024 bits for each segment anyway | [13:54] |
mircea_popescu: | PeterL let's get back to cogency here. how did you come to the "512 rsa packet limit" ? | [13:55] |
PeterL: | 4096 bit key n, message needs to be smaller than that, right? | [13:55] |
mircea_popescu: | nope. | [13:55] |
PeterL: | well, shoot, I must be confused somewhere | [13:56] |
mircea_popescu: | how did you get that idea ? | [13:56] |
mircea_popescu: | pro tip : it is always a very useful thing to be able to reflect your own mental process, which starts with being able to answer "where i got this from". makes error handling much faster and infinitely more efficient. | [13:56] |
PeterL: | c^d mod n = m, therefore m must be smaller than n? | [13:56] |
mircea_popescu: | PeterL can you tell me anything about what the greeks used for encryption ? | [13:57] |
PeterL: | not really, the ceasar cipher or something? | [13:57] |
mircea_popescu: | well cesar was a roman, wasn't he ? the "technologically advanced" dorks that took the sail tech of the people who sailed from sweden to south africa and made some square sailed tubs that sunk in the mediterranean half the time. | [13:58] |
mircea_popescu: | i mean actual strategoi of the ancient greece. | [13:58] |
mircea_popescu: | !#s scytale | [13:58] |
a111: | 6 results for "scytale", http://btcbase.org/log-search?q=scytale | [13:58] |
mircea_popescu: | basically they had this early elliptic curve crypto, implemented as an arbitrary cone on which they wrapped a string. because the string is fixed length see, whereas the section of cone is not. | [13:59] |
mircea_popescu: | make sense to you ? | [13:59] |
PeterL: | alright, so the decryption relied on having an identical physical object? | [14:00] |
mircea_popescu: | yeah. | [14:00] |
mircea_popescu: | now, intuitively, would you imagine this worked at all if the string was so short it never fully wrapped ? | [14:00] |
PeterL: | ok | [14:00] |
PeterL: | hmm, no, it would have nothing to transpose to | [14:00] |
mircea_popescu: | short messages are a problem for rsa, not a boon. this is generally fixed by padding. | [14:01] |
PeterL: | ok, but how short is short? | [14:01] |
mircea_popescu: | shorter than size of n, here. | [14:02] |
PeterL: | I thought it was only bad if m^e was less than n? | [14:02] |
mircea_popescu: | that's what i meant earlier with the e-root. if say your key is 1024 bits, and your exponent is 3, and your "encrypted" message is, numerically, 1404928, i can readily extract the cube root and find the original as 112. | [14:02] |
mircea_popescu: | had there been a wrap, i couldn't have extracted the cube root [quite so easily] | [14:03] |
PeterL: | right, I understand that part | [14:03] |
mircea_popescu: | PeterL yes, there is that. larger e provides some protection agaisnt this issue. | [14:04] |
mircea_popescu: | but in any case, the point is -- rsa is not better for shorter messages. for really short messages it can be really shitty. which is why my 256 minimum bits in the padding scheme. | [14:04] |
PeterL: | alright, so my scheme pads everything to the length of the key, but as I understand it still has to be smaller than the key n? | [14:05] |
mircea_popescu: | what it and why ? | [14:06] |
PeterL: | because you are calculating a number mod n, so the result will therefore be smaller than n | [14:06] |
mircea_popescu: | so ? | [14:06] |
mircea_popescu: | that the result is smaller than n is of no consequence to you is it. | [14:06] |
PeterL: | so you can't use a number larger than n | [14:06] |
mircea_popescu: | why not ? | [14:07] |
PeterL: | because the decryption is also a calculation mod n | [14:07] |
mircea_popescu: | really, use that item i linked earlier. | [14:07] |
mircea_popescu: | http://btcbase.org/log/2017-08-09#1695807 < | [14:07] |
a111: | Logged on 2017-08-09 14:24 mircea_popescu: https://www.ti89.com/cryptotut/rsa3.htm << very handy rsa tutorial in that it uses base 10 and alphabet-indexing for letters. so one can actually rsa by hand and get a good model of what's going on. | [14:07] |
asciilifeform: | !!up PeterL | [14:08] |
deedbot: | PeterL voiced for 30 minutes. | [14:08] |
mircea_popescu: | do an example once, it's instructive. easy to follow because small numbers. | [14:08] |
PeterL: | it looks like this thing is encrypting each character individually? | [14:08] |
mircea_popescu: | it is. | [14:08] |
PeterL: | so each character must have a value less than the n it is using, right? | [14:09] |
mircea_popescu: | you mean, the modulus, p * q ? | [14:11] |
PeterL: | yes | [14:13] |
mircea_popescu: | right, solving will only find the lowest anyway. | [14:13] |
PeterL: | so the message is larger than the key modulus, part of it will be lost when it is decrypted | [14:15] |
PeterL: | so if ^ | [14:15] |
mircea_popescu: | and so thereby a 4096 bit key can handle chunks of up to 512 bytes of message. | [14:16] |
PeterL: | yes | [14:16] |
mircea_popescu: | slightly less even. but anyway. | [14:16] |
deedbot: | http://qntra.net/2017/08/bitcoin-network-mining-diffficulty-up-7-32-to-another-all-time-high-in-first-adjustment-after-roger-ver-ified-fork/ << Qntra - Bitcoin Network Mining Diffficulty Up ~7.32% To Another All Time High In First Adjustment After Roger Ver-ified Fork | [14:16] |
mircea_popescu: | PeterL and as asciilifeform aptly points out, this happens to be convenient, because it's right around the size of the nonfragmenting udp packet. | [14:17] |
mircea_popescu: | (the precediny line was 146 characters, which is less trhan 146 bytes, especially if you do a lzw or something like sane people first) | [14:18] |
PeterL: | and my scheme splits messages into r and m xor r, so I need 1024 bytes to pass the smallest message, which is already larger than the UDP "unfragmentation limit" of 512 bytes, so why stop there and not just let the message get longer by adding in some more chunks? | [14:18] |
PeterL: | up to the limit of the size of a udp packet? | [14:19] |
asciilifeform: | PeterL: think carefully, this is flawed logic | [14:19] |
asciilifeform: | you don't ~have~ 1024 bytes | [14:19] |
PeterL: | please, help me see the flaw? | [14:19] |
asciilifeform: | ergo if you want to use the xor padding algo, you are stuck with payloads of half the size. | [14:20] |
PeterL: | which would mean using keys of half the size, right? | [14:20] |
asciilifeform: | not necessarily | [14:20] |
mircea_popescu: | PeterL what is the scheme contemplated here, that you take a say 8 byte message, generate an 8 byte r, then create a 16 byte padded message by appending the r and the r xor m and then rsa that ? | [14:20] |
asciilifeform: | ( i will also note, the problem with allowing packet fragging is that frag reassembly is a Something-To-Allcomers operation . ) | [14:21] |
PeterL: | mircea_popescu: but encrypting the r to one key and the r xor m to a second key, so you end up with two rsa-key-length segments | [14:23] |
mircea_popescu: | ok, so then you also send 2, udp sized packets ? | [14:24] |
PeterL: | well, I was putting it all in one udp packet | [14:24] |
mircea_popescu: | yes, but we're examining why and whether you have to. | [14:25] |
PeterL: | if they did not come together in one packet, then you would have to hold onto packets and try to match them up with their partner | [14:26] |
mircea_popescu: | yes. | [14:26] |
PeterL: | this seemed like it would be cleaner | [14:26] |
mircea_popescu: | but even if you send them "together", there's no guarantee they stay unfragmented. not at that size. | [14:26] |
PeterL: | (perhaps I misunderstand how udp packets get reassembled) | [14:27] |
mircea_popescu: | as alf says : "something to all comers". primo target of ddos monkeys. | [14:27] |
PeterL: | the other optin would be to use rsa keys of half the size, allowing only 256 byte messages | [14:28] |
mircea_popescu: | you mean messages of half the size. | [14:28] |
PeterL: | well, message still limited by key size, so yes | [14:29] |
mircea_popescu: | so your gossiptron only accepts lines of up to 256 chars in length, then you lzw that and pad etc. not the end of the world. | [14:31] |
mircea_popescu: | the rng consumption will be significant though. | [14:31] |
PeterL: | but that 256 also has to carry stuff like user name | [14:31] |
mircea_popescu: | yes. | [14:32] |
PeterL: | still better than twitter, I guess | [14:32] |
mircea_popescu: | you would see value in eg irc dropping its 200 char limit or what was it ? | [14:33] |
PeterL: | I do find it annoying that long messages get split, but I guess it is not the end of the world or anything | [14:34] |
PeterL: | suggestions on a good hash function for a checksum? | [14:36] |
mircea_popescu: | xor the bytes ? | [14:37] |
asciilifeform: | lol that's probably the worst conceivable | [14:37] |
mircea_popescu: | :D | [14:38] |
mircea_popescu: | !!up PeterL | [14:38] |
deedbot: | PeterL voiced for 30 minutes. | [14:38] |
mircea_popescu: | anyway, crcs usually what people use. | [14:38] |
mircea_popescu: | steal gnuradio's crc32 for instance. | [14:40] |
mircea_popescu: | iirc openpgp used a crc-24 self-formulation | [14:41] |
mircea_popescu: | (that =4char thing at the end of the messages) | [14:42] |
mircea_popescu: | and with this, PeterL finds himself exposed to galois fields, polynomial division, and the rest of the "easy to implement and straightforward" jewels. | [14:45] |
asciilifeform: | you wouldn't want to use a checksum ( e.g. crc ) for decryptable-legit vs random rubbish distinguisher | [14:46] |
asciilifeform: | this problems was how we even ended up with cryptological hash functs | [14:46] |
asciilifeform: | ( if anyone recalls my sageprobe crack ? that was as simple as it was because the thing used crc as hash... ) | [14:47] |
mod6: | BingoBoingo: 7-ish | [14:53] |
BingoBoingo: | mod6: ty fxd | [14:55] |
PeterL: | asciilifeform: ^ what would be the downside of using crc for this? | [14:57] |
* PeterL | looks, finds a .py standar lib function for this: binascii.crc32 | [14:58] |
deedbot: | http://phuctor.nosuchlabs.com/gpgkey/FB227B026FA94ABC18FD0A71ADB21D83E8E43BBF14F2DEBFE85F490FFF3627B9 << Recent Phuctorings. - Phuctored: 1578...0979 divides RSA Moduli belonging to '82.214.135.102 (ssh-rsa key from 82.214.135.102 (13-14 June 2016 extraction) for Phuctor import. Ask asciilifeform or framedragger on Freenode, or email fd at mkj dot lt) <ssh...lt> ' (82-214-135-102.itsa.net.pl. PL) | [15:25] |
deedbot: | http://phuctor.nosuchlabs.com/gpgkey/FB227B026FA94ABC18FD0A71ADB21D83E8E43BBF14F2DEBFE85F490FFF3627B9 << Recent Phuctorings. - Phuctored: 1618...0213 divides RSA Moduli belonging to '82.214.135.102 (ssh-rsa key from 82.214.135.102 (13-14 June 2016 extraction) for Phuctor import. Ask asciilifeform or framedragger on Freenode, or email fd at mkj dot lt) <ssh...lt> ' (82-214-135-102.itsa.net.pl. PL) | [15:25] |
mircea_popescu: | asciilifeform yes, well, everything has problems. but there's a difference between using a crc as hash and using a crc as checksum and using say sawed-barrel keccak (take first or last x bytes, whatever) isn't all that good because it's really not designed for fragment behaviour like that, nor was such studied | [16:43] |
mircea_popescu: | trying to stuff a mac or something in there will make the bondogle regret the days of the aes/rsa combo. | [16:46] |
mircea_popescu: | besides rsa allows existential forgery ~anyway~. | [16:48] |
asciilifeform: | waiwat | [16:58] |
asciilifeform: | whole point of the M+H(M) or no-go combo is to prevent forgery. | [16:58] |
asciilifeform: | ( if message dun match the prescribed structure -> forgery ) | [16:58] |
mircea_popescu: | so you want to take a message m, add that many random bits to it, and then add twice that many bits as a hash of the pile, thereby using 25% of the space for the plaintext ? | [17:07] |
mircea_popescu: | (the rsa forgery comment was re sig ^ e mod n || sig mod n always verifies as validly signed.) | [17:07] |
mircea_popescu: | and incidentally, pss should prolly be in the final tmsr-rsatron huh. | [17:11] |
mircea_popescu: | http://grouper.ieee.org/groups/1363/P1363a/contributions/pss-submission.pdf for the day of the pdfs. | [17:13] |
mircea_popescu: | (ftr, the way pgp does it is that it repeats two bytes of a more or less random block of 16 bytes, and then checks if they came out the same. this is in fact WORSE than http://btcbase.org/log/2017-08-09#1696023 but then again contemporary applied cryptography is a very low effort, low quality field). | [17:17] |
a111: | Logged on 2017-08-09 18:37 mircea_popescu: xor the bytes ? | [17:17] |
mircea_popescu: | (believe it or not, the 18 byte lulz is actually specificed as such, https://archive.is/QYKu5#selection-3121.6-3121.789 worth a read, has null IV and all sorta gems) | [17:20] |
mircea_popescu: | BingoBoingo by following qntra link, i fell upon http://trilema.com/2014/the-woes-of-altcoin-or-why-there-is-no-such-thing-as-cryptocurrencies/#comment-117679 which i suppose explains http://btcbase.org/log/2017-08-01#1692327 | [17:33] |
a111: | Logged on 2017-08-01 23:43 mircea_popescu: i suspect steemit is a sort of how did they call that alt-disqus/alt-github "let us steal your content" thing ? | [17:33] |
BingoBoingo: | Ah, that may be it? | [17:34] |
mircea_popescu: | guy made a blog, next year but still. | [17:36] |
BingoBoingo: | Not really made a blog. Started making posts on platform that it seems some other folks made. | [17:40] |
* BingoBoingo | not looked into "who made Steemit" | [17:41] |
mircea_popescu: | it's incomprehensible to me, how this "i moved from a forum to a ... forum" thing works in the public's mind. | [17:41] |
mircea_popescu: | but, it given, it's no wonder all cars migrating to being the same engine in different plastifications. | [17:41] |
mircea_popescu: | BingoBoingo http://btcbase.org/log/2016-05-21#1470340 << low effort reddit spinoff ? | [17:43] |
a111: | Logged on 2016-05-21 23:31 shinohai: https://steemit.com/girlsgonesteem-nsfw/@steempower/welcome-to-girls-gone-steem#comments <<< the logo even looks like a turd. "steem" | [17:43] |
asciilifeform: | mircea_popescu: i looked at the pss thing, seems like simply yet another obfuscatorily-complex nsaological artifact | [17:46] |
mircea_popescu: | iirc there is a proof it is as secure as rsa. | [17:47] |
asciilifeform: | replete with magicnumbers, 'random oracle' assumptions, 'perfect hash', and other maculae | [17:47] |
mircea_popescu: | what is this, bayesian proof evaluation ? | [17:47] |
asciilifeform: | mno, i did go & read | [17:48] |
asciilifeform: | here's a gem : | [17:48] |
asciilifeform: | ''When RSA is the underlying primitive, something even more is known: that the ability to forge with resources R in an attack which does not exploit some structural characteristic of the MGF implies the ability to invert RSA on random strings using computational resources only slightly greater than R.'' | [17:48] |
mircea_popescu: | so what is teh fail ? | [17:48] |
asciilifeform: | see problem ? | [17:48] |
asciilifeform: | thing ~assumes~ own conclusion ! acquinas-style. | [17:49] |
mircea_popescu: | wait. | [17:50] |
asciilifeform: | now if you want a pubkeycrypto where this proof actually exists, i know of exactly one : cramer-shoup | [17:50] |
mircea_popescu: | the statement is that if pss is used atop rsa, then baring poor implementation a forgery is going to cost more than what reversing rsa costs. | [17:51] |
asciilifeform: | ( my distaste for it comes largely from it not being rsa, and from a suspicion that enemy has a partial pill against discrete logarithm problem , given that dsa was based on same ) | [17:52] |
mircea_popescu: | pubkey crypto dunb enter into it, this is a discussion of signature hashing (digests, really) schemes. | [17:52] |
mircea_popescu: | distaste for c-s ? | [17:52] |
asciilifeform: | possibly distaste is wrong word | [17:52] |
asciilifeform: | but for above reasons i prefer rsa. | [17:52] |
mircea_popescu: | i thought there's consensus re offering c-s in teh tmsr cryptotron | [17:52] |
asciilifeform: | i don't know of any hard, tangible reason to avoid it. | [17:53] |
asciilifeform: | at any rate it is just as easily implemented on pmachine as rsa. | [17:53] |
mircea_popescu: | afaik pretty much the only candidate besides rsa itself. | [17:53] |
asciilifeform: | ( dun require any new primitives ) | [17:53] |
asciilifeform: | aha. | [17:53] |
asciilifeform: | i know of no others worth bothering with. | [17:53] |
mircea_popescu: | but in my own mind the "well alf is making P" pretty much was "he's walking to path to both cs and rsa impls to the furthest node" | [17:54] |
asciilifeform: | correct. | [17:54] |
mircea_popescu: | otherwise why implement a ptron rather than simply a rsatron. | [17:54] |
asciilifeform: | incidentally you get best attributes of both if you harness them as i described, via otpxor | [17:54] |
asciilifeform: | ( yet another reason for pmach ) | [17:55] |
asciilifeform: | you can do more or less whatever variations on whichever theme, you feel like, all it costs is a few extra chars in pubkey | [17:55] |
erlehmann: | btw i found a new social game | [17:56] |
erlehmann: | 1. mention non-existence dependencies to people who know C and/or C++ | [17:57] |
asciilifeform: | erlehmann: incidentally what exactly is a 'nonexistence dependency' ? | [17:57] |
erlehmann: | 2. look on while almost all of them develop the exactiy same train of thoughts (including fixing make, which is impossible for this kind of program) | [17:57] |
mircea_popescu: | asciilifeform that for x to work, y has to not exist. | [17:58] |
mircea_popescu: | like you know, poisons. | [17:58] |
asciilifeform: | granted, but when would this come into play ? | [17:58] |
asciilifeform: | in erlehmann's context | [17:58] |
mircea_popescu: | i dunno he has some abstractive grammars itch. | [17:58] |
asciilifeform: | didn't we do the STOP FUCKING PARTIALMAKING thread ? | [17:58] |
erlehmann: | asciilifeform on systems with multiple include paths, a C or C++ header file is looked for in location A, B, C. it is found in directory C. it does not exist in location A or B. | [17:59] |
asciilifeform: | clean the fucking chalkboard | [17:59] |
erlehmann: | s/directory/location | [17:59] |
asciilifeform: | flush the toilet. | [17:59] |
erlehmann: | if C changes, the target needs to be rebuilt. that is a dependency. | [17:59] |
asciilifeform: | multiple include paths are retarded. | [17:59] |
erlehmann: | if A or B start to exist, the target also needs to be rebuilt. that is a non-existence dependency. | [17:59] |
asciilifeform: | they correspond to a vgraph with contradictory inputs. | [17:59] |
mircea_popescu: | well, systems without patch are also retarded. | [17:59] |
asciilifeform: | systems are to be fixed - i.e. brought into conformance with vtronics -- or discarded. | [18:00] |
asciilifeform: | no third. | [18:00] |
mircea_popescu: | asciilifeform anyway, let's sit down and make something sane for this guy. peterl i mean. what's his message supposed to be like ? | [18:00] |
erlehmann: | asciilifeform that is one possible answer to the think. the thing that starts the triggering is usually a combination of said devs using make and realizing that this is, indeed, a problem. | [18:00] |
mircea_popescu: | letting him "figure for self" at this juncture is unsanitary. | [18:00] |
asciilifeform: | erlehmann: the problem however is not where you seem to put it | [18:00] |
BingoBoingo: | mircea_popescu: Looking like exactly that | [18:01] |
erlehmann: | asciilifeform C header files are only one instance of such non-existence dependencies where existing of a thingy invalidates the assumptions that went into building another thingy. | [18:01] |
erlehmann: | they are only arguably the most common one | [18:01] |
asciilifeform: | erlehmann: are you familiar with how v works ? | [18:01] |
erlehmann: | and excellent for stunning freeBSD developers btw | [18:01] |
asciilifeform: | erlehmann: the problem you describe is absent in v | [18:02] |
erlehmann: | asciilifeform you are correct | [18:02] |
asciilifeform: | erlehmann: if it is present in whatever you are using instead -- your process is broken | [18:02] |
erlehmann: | asciilifeform it is always absent if you always build clean | [18:02] |
mircea_popescu: | erlehmann that's not what v does. | [18:02] |
erlehmann: | mircea_popescu in a way, it does. no? | [18:03] |
asciilifeform: | erlehmann: the building-clean thing is sanity. we had this thread. if your program is 'too big to always build clean', IT IS TOO BIG | [18:03] |
asciilifeform: | cut it. like procrustes, or into independent subsystems, i don't care how | [18:03] |
asciilifeform: | no program has any business being a billion line build. | [18:04] |
mircea_popescu: | erlehmann it's a pile of patches. how the compiler optimizes the rebuilding is irrelevant if you change one file it can rebuild the whole thing or not but v still only changes the one file and still doesn't have the problem. | [18:04] |
erlehmann: | asciilifeform correct. the talk begins with me mentioning non-existence dependencies and ends with the recipient either having a solution (one guy), being aware of the problem already (i counted two) or being unaware of it but being aware that their software is a lie. | [18:04] |
erlehmann: | the solution turned out to be a non-solution btw | [18:05] |
erlehmann: | something involving a goedelized perl script that builds all build rules that don't build themselves. drugs were probably involved. | [18:05] |
asciilifeform: | erlehmann: you seem to be fixated on a problem that simply doesn't exist in sane contexts | [18:06] |
asciilifeform: | !#s martian problem | [18:06] |
a111: | 4 results for "martian problem", http://btcbase.org/log-search?q=martian%20problem | [18:06] |
erlehmann: | asciilifeform the goal of the game is to make dev aware of context being insane | [18:06] |
asciilifeform: | http://btcbase.org/log/2014-11-26#934853 << thread | [18:07] |
a111: | Logged on 2014-11-26 01:11 asciilifeform: 'Id like to see one expression coined by the poker writer Matt Matros become common parlance, since it applies far more widely than only to poker. An alien problem means some problem that might be fun, interesting and educational to analyze, and it would be really important to know the solution if you ever found yourself in that situation, but the point is that you shouldn't even be having that problem in the first pl | [18:07] |
* asciilifeform | brb | [18:07] |
erlehmann: | indeed, one part of the solution is to return to earth | [18:08] |
mircea_popescu: | to encrypt : take plaintext message M, no longer than 250 bytes, and zero-pad it to 250 bytes. take pile of random bits R 250 bytes long. calculate X = M xor R. calculate Y = R xor MPFHF(X) set for R.len = 250 bytes. RSA the 500 byte pile of X || Y. done. to decrypt : de-RSA the 500 byte pile. cut it in two halves. calculate R = Y xor X. calculate M as X xor R. done. | [18:09] |
mircea_popescu: | how's that sound ? | [18:09] |
mircea_popescu: | erlehmann did anything further come of it ? | [18:10] |
erlehmann: | mircea_popescu one person hallucinated having seen the elusive djb redo c code that ultimately did not exist. another person was a release manager and made sure the problem does not exist. a third person wrote a cmake thingy longer than my own redo implementation. a freebsd developer confirmed the problem exists. | [18:12] |
erlehmann: | mainly i realized why my talk to the conference was rejected | [18:12] |
asciilifeform: | mircea_popescu: mphf in a fixedtime fixedspace system is insane | [18:12] |
erlehmann: | because the reaction of most people to it is | [18:12] |
mircea_popescu: | asciilifeform most importantly, do we ACTUALLY want to do something pgp-retarded like say R.len = 200 bytes, repeat the last 50 for a 250 byte total then use the repeat to make sure you decrypted correctly ? | [18:12] |
erlehmann: | 1. this is not a problem at all in my process | [18:12] |
mircea_popescu: | asciilifeform what else makes arbitrary size output ? | [18:12] |
erlehmann: | 2. yes, this might be a problem for some, but it never happens to me | [18:12] |
mircea_popescu: | but yes insane. | [18:12] |
asciilifeform: | keccak? | [18:13] |
asciilifeform: | or any other sponge | [18:13] |
mircea_popescu: | i thought it's any input fixed output | [18:13] |
erlehmann: | 3. yes, this is not detectable, but the effect is negligible | [18:13] |
erlehmann: | 4. yes the effect matters. we can patch make, though | [18:13] |
asciilifeform: | mircea_popescu: nope that'd be classisal hashes | [18:13] |
erlehmann: | 5. make is unfixable, but we can patch gcc! | [18:13] |
mircea_popescu: | erlehmann which talk is this ? | [18:13] |
erlehmann: | (which does not help btw) | [18:13] |
asciilifeform: | sponge goes from any-input to desired-width-out | [18:13] |
* asciilifeform | bbl, meat | [18:14] |
mircea_popescu: | asciilifeform i guess when he comes back from the mpfhf reverser ima make him do a keccak impl that ACTUALLY does the any-output thing. afaik they're all 32/64byte | [18:14] |
mircea_popescu: | but afaik keccak isn't that fix-space-able either. | [18:14] |
erlehmann: | mircea_popescu i wanted to give a talk about non-existence dependencies at SHA 2017 and it was rejected with “provide a 5min lightning talk on problem instead”. problem: 5min are enough to understand the problem, not why you are having it or what follows from it. | [18:14] |
mircea_popescu: | erlehmann was this paid ? | [18:15] |
erlehmann: | one lulzy consequence is that a lot of software might have been released with sublty wrong header files included | [18:15] |
erlehmann: | mircea_popescu like, ticket? it was camping, mostly | [18:15] |
mircea_popescu: | did they pay you to do a talk. | [18:15] |
erlehmann: | no, they rejected my entry | [18:15] |
erlehmann: | like, my submission | [18:16] |
mircea_popescu: | do you know who harlan ellison is ? | [18:16] |
erlehmann: | maybe i am not clear enough: i did not get to hold a talk so i talked to random c developers for fun. | [18:16] |
erlehmann: | mircea_popescu not yet | [18:16] |
mircea_popescu: | aite, here : https://www.youtube.com/watch?v=mj5IV23g-fE | [18:17] |
mircea_popescu: | watch at least until he says turnip | [18:17] |
erlehmann: | on train now, later | [18:28] |
mircea_popescu: | "tell that to some guy a little younger than you, who just fell off the turnip truck. there is no publicity value in my talk being at your conference. what, if you sell 2000 of them it'll be a miracle. and what, what are people going to say, uuuuuu i like how that erlehmann talks, i wonder if he's got a blog or anything". | [18:28] |
mircea_popescu: | nobody knows what the fuck "sha 2017" is. nobody cares. even the people paid to fucking care stopped giving a shit in the 90s, as that nsa goon at "crypto conferences" piece amply attests. | [18:29] |
mircea_popescu: | hanging out with any other troop of stoners would be a better use of your time, in the sense of variety. | [18:30] |
mircea_popescu: | in other lulz : obviously there's a "foundation" and a "code of conduct" (the usgistani nonsense copy/pasted) and a freenode chan, why not. ~600 accounts logged in (specifically : http://p.bvulpes.com/pastes/yDU6G/?raw=true ) , ZERO anyone has to say at all whatsoever. most are related to matrix.org, which is a pile of nonsensical lulz which you're more than welcome to try and make sense of by yourself. in any case, it's an " | [18:47] |
mircea_popescu: | independent" "free" bla bla made by amdocs employees. which YES, is that thing made by the israeli golden pages, and YES is that thing involved in the espionage scandals. and so on. | [18:47] |
mircea_popescu: | but isn't it great that all mgm needs to do is to put on a coupla hats and suddenly the turnips think themselves human fucking beings ? | [18:48] |
asciilifeform: | http://btcbase.org/log/2017-08-09#1696171 << it dun branch-on-secrets if correctly made. so yes fixed. | [18:52] |
a111: | Logged on 2017-08-09 22:14 mircea_popescu: but afaik keccak isn't that fix-space-able either. | [18:52] |
mircea_popescu: | are we talking the keccak reference code here ? | [18:53] |
asciilifeform: | the algo strictly | [18:54] |
asciilifeform: | the 'reference' is sad | [18:54] |
mircea_popescu: | yeah well, above his pay grade. | [18:54] |
mircea_popescu: | but yes, i agree that in principle something-like-keccak could be made to spit arbitrary len digests and perhaps also in fixed space. the latter will require actual impl to settle. | [18:54] |
asciilifeform: | fwiw i have a half-built one here. on hold until p. | [18:55] |
asciilifeform: | mircea_popescu: amusingly that was almost whole point of keccak | [18:55] |
mircea_popescu: | no, i know. | [18:55] |
mircea_popescu: | well barnacled. | [18:55] |
asciilifeform: | that and killing length extension attack idiocy | [18:55] |
mircea_popescu: | ftr, we both talking http://keccak.noekeon.org/KeccakReferenceAndOptimized-3.0.zip ? | [18:56] |
asciilifeform: | but this being said , i am not even ready yet to barf re ref-keccak, i aint even yet done barfing re ffa not having already existed | [18:57] |
asciilifeform: | srsly wtf, oughta have been written in 1993 at the latest | [18:57] |
mircea_popescu: | the herd is lazy, the aparatchicks are scared, and the intelligent are lost in the soup, interacting with cattle and criminals as if they were people. | [19:00] |
pa1atine: | hi all, great reads I had those days. logs are a trove of wisdom | [19:41] |
pa1atine: | http://btcbase.org/log/2017-08-09#1696206 < first verse of your religious leader sermon? ) | [19:43] |
a111: | Logged on 2017-08-09 23:00 mircea_popescu: the herd is lazy, the aparatchicks are scared, and the intelligent are lost in the soup, interacting with cattle and criminals as if they were people. | [19:43] |
trinque: | sorry, we're past our quip quota for the day. what else you got? | [19:44] |
pa1atine: | nothing, really | [19:44] |
pa1atine: | just back reading all the stuff | [19:45] |
pa1atine: | much catch up to do | [19:45] |
pa1atine: | http://btcbase.org/log/2017-07-18#1686026 <this one was the one that got me occupied the last couple days | [19:52] |
a111: | Logged on 2017-07-18 18:23 mircea_popescu: asciilifeform understand this bit of GT : the knowledge of all the things you don't know thereby constructs a sybil of you. | [19:52] |
PeterL: | just wanted to verify that http://btcbase.org/log/2017-08-09#1695864 was indeed me | [20:13] |
a111: | Logged on 2017-08-09 17:10 PeterL: I will check in later once I am back at my computer with my key to verify this conversation has been with the real PeterL | [20:13] |
PeterL: | http://btcbase.org/log/2017-08-09#1696147 << I don't think we need to do a hash on the data, it is already xored with the random string | [20:15] |
a111: | Logged on 2017-08-09 22:09 mircea_popescu: to encrypt : take plaintext message M, no longer than 250 bytes, and zero-pad it to 250 bytes. take pile of random bits R 250 bytes long. calculate X = M xor R. calculate Y = R xor MPFHF(X) set for R.len = 250 bytes. RSA the 500 byte pile of X || Y. done. to decrypt : de-RSA the 500 byte pile. cut it in two halves. calculate R = Y xor X. calculate M as X xor R. done. | [20:15] |
PeterL: | and wouldn't you also need to know S if you are going to reverse the MPFHF from a given R? | [20:18] |
PeterL: | Is there a way to calculate the probabilty that a random string of 256 bytes will pass a csc check? | [20:19] |
PeterL: | csc32 that is | [20:20] |
PeterL: | ack, I meant crc32 | [20:20] |
mircea_popescu: | !!up pa1atine | [20:23] |
deedbot: | pa1atine voiced for 30 minutes. | [20:23] |
mircea_popescu: | !~later tell peterl the hash-xor thing is oadp, which is a provedly strong padding scheme for rsa. | [20:24] |
jhvh1: | mircea_popescu: The operation succeeded. | [20:24] |
mircea_popescu: | reversing MPFHF is not required for the above quoted version, as the fhf is used there as a hash function not as a padder. (and alf's objection is valid, not a very good option, a settable size output sponge would be much better). | [20:26] |
mircea_popescu: | reversing mpfhf is required for the padding scheme originally described, whereby you simply mpfhf the plaintext message and then encrypt the S + R, see http://btcbase.org/log/2017-08-09#1695856 | [20:27] |
a111: | Logged on 2017-08-09 15:58 mircea_popescu: anyway, let it be said that there's nothing wrong with oaep as far as we know, but for the sake of argument a mpfhf based padding scheme would conceivably work like this : 1. given message m, of length l, generate r = random bits, of length l' up to l but not less than 256 bits. 2. compose m' = r + m + c (in that order), where c is l - l` (and its bitness is always same as the bitness of len(m')-256). 3. compose Pm = R + S + | [20:27] |
mircea_popescu: | these two are are not the same thing. | [20:27] |
mircea_popescu: | and finally re crc : given a string S of any length, the probability of a string S' where less than 32 bits have been altered in a "burst" passiong crc32 is 0. if you go over 32 bit long bursts the probability is ~ proportional to the burst length / 32. | [20:28] |
mod6: | <+erlehmann> something involving a goedelized perl script that builds all build rules that don't build themselves. drugs were probably involved. << dafaq is this dude on about? | [22:22] |
asciilifeform: | soooo ACHTUNG PANZERS , asciilifeform went and actually tried http://btcbase.org/log/2017-08-08#1695511 : | [22:42] |
a111: | Logged on 2017-08-08 23:51 asciilifeform: it thereby follows that i could unroll comba into explicit cases from 1 to 8 words | [22:42] |
asciilifeform: | for simplicity, tested the case that actually happens in practice: on a 64bit box, any ffa width over 512 bits gives a strictly 8-wide comba mult ocurrence | [22:43] |
asciilifeform: | and so here http://wotpaste.cascadianhacker.com/pastes/hoM4U/?raw=true we have a combasquareatron explicitly unrolled for 8-word operand | [22:44] |
asciilifeform: | ( yielding 16 word result ) | [22:44] |
asciilifeform: | it is loop- (and any other jump) - free | [22:44] |
asciilifeform: | so theoretically x86 branch predictor oughta be very very happy | [22:44] |
asciilifeform: | HOWEVER the actual result is : ~13% cut in execution time. | [22:46] |
asciilifeform: | so imho it is not worth it. | [22:47] |
asciilifeform: | mircea_popescu, phf , mod6 , et al ^^ | [22:47] |
mod6: | hmm, nice test though | [22:50] |
asciilifeform: | had to. | [22:50] |
asciilifeform: | itched to find, what if another 2x vrooom is possible. | [22:51] |
asciilifeform: | but apparently branch predictor dun matter so much when your entire thing is ~guaranteed to fit in cache | [22:51] |
mod6: | yeah, worth the hunting trip | [22:56] |
asciilifeform: | there's still a dilemma tho : | [22:57] |
asciilifeform: | the unrolled-8word thing is 1 ) less general 2) harder to read with naked eye but 3 ) easier to prove correct | [22:57] |
asciilifeform: | 3 of course because no branching | [22:58] |
asciilifeform: | you can reduce it algebraically | [22:58] |
asciilifeform: | so currently it is not obvious to me, which variant is Moar Right Thing | [22:59] |
asciilifeform: | ( i'ma keep the general case, for nao, because it is always very easy to turn it into the above later. but not vice-versa. ) | [23:00] |
mod6: | sure. keep it in your back pocket. | [23:00] |
asciilifeform: | aite, nao all asciilifeform needs is a constantspacetime MODULAR exp algo that can be expressed with the mux primitive | [23:02] |
asciilifeform: | and then we can play. | [23:02] |
asciilifeform: | ( nobody seems to have produced a branch-free montgomery-reduction algo. or any other division-free modexp. ) | [23:04] |
asciilifeform: | srsly this entire exercise has been a brainmelting tour of the sheer unfathomable worthlessness of 'the litarature', 'the cryptography komyoonity', et al | [23:05] |
asciilifeform: | 'sorry you can't have multiplication in algebraic - branch-free - form ! That Would Be Wrong' | [23:08] |
mircea_popescu: | asciilifeform yeah, i guess. depends though, good to have both variants. | [23:11] |
mircea_popescu: | honestly i don't believe the somewhat more cl is such a problem. | [23:11] |
asciilifeform: | mircea_popescu: it'd be many moar , to correctly handle cases of 1-7 word too | [23:12] |
mircea_popescu: | anyway. i think the point re : fathers are worthless , siblings are severely retarded is well vindicated | [23:12] |
asciilifeform: | ( a ptron is permitted to be invoked with any bitness that is multiple of 64 ) | [23:12] |
asciilifeform: | waiwat | [23:13] |
asciilifeform: | did i miss a whole thread | [23:13] |
mircea_popescu: | asciilifeform i doubt it. ~nobody who came before did anything useful and ~nobody currently active has an actually functioning brain. | [23:13] |
asciilifeform: | aa | [23:13] |
mircea_popescu: | anyway, re the unrolls : it's really not that bad, because of the patterns. it's only "unreadable" because alien because too much time spent reading code written by idiots. | [23:14] |
mircea_popescu: | will get used to it (tm) | [23:14] |
asciilifeform: | we definitely don't need any case of comba above 8 tho | [23:14] |
mircea_popescu: | right. | [23:14] |
asciilifeform: | currently i lean to unrolling them ~in the proof doc~ and leaving proggy as is. | [23:14] |
asciilifeform: | tabula proof! | [23:15] |
mircea_popescu: | i am all for keepiong the unrolled version at the ready but i really see no problem with having and using the unrolled loops version. you read it once, over a weekend or a week, and you use it ten billion times over fifty years. | [23:15] |
mircea_popescu: | tell me 13% of 50 years somehow comes out to less than a week ? | [23:15] |
asciilifeform: | anyway this is the easy bit. hard bit apparently is the final crown, coughing up a sane modexp | [23:15] |
asciilifeform: | turns out, none is publicly known. | [23:15] |
asciilifeform: | ( every single motherfucking modexp in the open lit, branches on seekrit ) | [23:16] |
mircea_popescu: | coincidentally.\ | [23:16] |
asciilifeform: | ^ if asciilifeform is wrong here, folx, plz to write in !! | [23:16] |
asciilifeform: | knuth has one with 'addition chains', but it requires the exponent to be welded into place for all time | [23:17] |
asciilifeform: | and as such is unsuitable for ptron | [23:17] |
asciilifeform: | ( generating ideal additionchain for a particular exp, incidentally, is np-hard ) | [23:18] |
mircea_popescu: | myeah | [23:18] |
mircea_popescu: | and a possible candidate for "alt cryptosystem" at that. | [23:18] |
mircea_popescu: | i think we even spoke of it back in the day | [23:18] |
asciilifeform: | has same problem as every other nphard | [23:19] |
asciilifeform: | (no way to prevent 'easy case') | [23:19] |
asciilifeform: | (problem from 'use as cryptosystem' pov) | [23:19] |
asciilifeform: | or, more formally, no way to prove the absence of arbitary number of classes of 'easy case' | [23:20] |
mircea_popescu: | !#s kochanski | [23:20] |
a111: | 2 results for "kochanski", http://btcbase.org/log-search?q=kochanski | [23:20] |
asciilifeform: | he's the d00d with the '90s rsa chip | [23:20] |
mircea_popescu: | yes but also has a reduciton method iirc ? | [23:21] |
mircea_popescu: | which was serializable | [23:21] |
mircea_popescu: | http://www.nugae.com/encryption/bin/design.pdf << that | [23:21] |
asciilifeform: | it's catastrophically slow on general-purpose comp | [23:22] |
asciilifeform: | AND branches on seekrits. | [23:22] |
mircea_popescu: | ah is it ? | [23:22] |
asciilifeform: | aha. wants fast bittwiddle | [23:22] |
asciilifeform: | ( rather than word arithm ) | [23:22] |
mircea_popescu: | but you serialize and do a whole word's worth of bit diddle as a xor | [23:23] |
mircea_popescu: | there's no rule you must do the parts in order or anything | [23:23] |
asciilifeform: | you can , but still have the 'guessing and undo' thing | [23:23] |
asciilifeform: | ergo much branching. and all of it on seekrit bits. | [23:23] |
mircea_popescu: | hm | [23:23] |
asciilifeform: | what is needed is a wholly algebraic process. like my mult. | [23:23] |
mircea_popescu: | no but you write it as a full matrix, you get the undo for free | [23:24] |
asciilifeform: | where control flow is SAME regardless of what the exponentiation args are. | [23:24] |
asciilifeform: | it is the only acceptable form for ptron. | [23:24] |
asciilifeform: | otherwise whole thing is a massive waste. | [23:24] |
mircea_popescu: | it would take a shitload of memory wouldn't it | [23:24] |
asciilifeform: | (' a little bit ' of seekrit-branch is same as 'little big pregnant' ) | [23:24] |
asciilifeform: | no reason why it oughta | [23:24] |
asciilifeform: | now if you were to try to rsa by exping first and THEN mod, the universe could not hold your intermediates | [23:25] |
asciilifeform: | so that falls out trivially. | [23:25] |
asciilifeform: | any practical modexp algo has to 'mod as it goes along' | [23:25] |
mircea_popescu: | im still talking of trying to adapt kochanski's thing | [23:25] |
asciilifeform: | if you can picture a branch-free form, lemme know | [23:26] |
asciilifeform: | i dun see it | [23:26] |
mircea_popescu: | asciilifeform he is doing this D-to-k table thing | [23:26] |
asciilifeform: | ( the infallible litmus for ffability : 'can this be UNROLLED TO DEATH?' if not -- no go ) | [23:26] |
mircea_popescu: | but you don't have to use a table, you should be able to make it work in a matrixc | [23:26] |
asciilifeform: | also his thing uses carry-save form | [23:27] |
asciilifeform: | which dun work with conventional machine arithm | [23:27] |
mircea_popescu: | i am telling you, his thing is ripe for rewritting in a more apt notation. he is misrepresenting it because thinking in therms of fucking logic gates | [23:28] |
asciilifeform: | understand, that's how he makes the ops independent ( rather than chained ) | [23:28] |
asciilifeform: | by ignoring the carry, and reconstituting later | [23:28] |
asciilifeform: | we cannot do this. because the simplicity of ffa comes from using strictly ordinary machineword arithmetic. | [23:29] |
asciilifeform: | where, e.g., word addition, is sequential. | [23:29] |
mircea_popescu: | you can add the words in any order you wish and you can keep whichever intermediates you feel like | [23:29] |
mircea_popescu: | he -- cant | [23:29] |
asciilifeform: | mno. | [23:29] |
asciilifeform: | there is carry. | [23:30] |
asciilifeform: | can't 'add in any order you wish' | [23:30] |
mircea_popescu: | there is carry | [23:30] |
asciilifeform: | nor subtract | [23:30] |
mircea_popescu: | hm | [23:30] |
asciilifeform: | incidentally various heathen bignumtrons use carry-save form. it is one of the reasons why they are 10,000s of lines, and mine is ~1k. | [23:31] |
asciilifeform: | it was the most effective optimization i knew, and the one i rejected first and most incurably. | [23:32] |
asciilifeform: | because antifitsinhead. | [23:32] |
mircea_popescu: | mgh. | [23:37] |
asciilifeform: | the sad and slow constantspacetime solution , is the same exponentiation-by-squaring ffa has now, http://wotpaste.cascadianhacker.com/pastes/BVxyN/?raw=true , but after FZ_Square(B, B, C_Sqr) we FZ_Mod(B, M B) every time. | [23:48] |
asciilifeform: | ( for modexp, that is ) | [23:48] |
asciilifeform: | grr, | [23:48] |
asciilifeform: | FZ_Mod(B, M, B) | [23:48] |
asciilifeform: | http://wotpaste.cascadianhacker.com/pastes/HuJDk/?raw=true << for anybody who forgot how division worx. | [23:50] |
asciilifeform: | sloooow | [23:50] |
asciilifeform: | division is the single most expensive arithmetic op. | [23:52] |
asciilifeform: | there is not an equiv of karatsuba for it | [23:52] |
mircea_popescu: | this is irksome | [23:52] |
asciilifeform: | aha! | [23:53] |
asciilifeform: | currently trying to express montgomery reduction ffaically. | [23:56] |
asciilifeform: | ( for 3 wks or so nao... ) | [23:56] |
asciilifeform: | but if anyone has better idea -- write in | [23:57] |
mircea_popescu: | heh. the graph of a ^ x mod b looks eheheheheeexactly like the riemann functions / unit covering shenanigans. | [23:59] |
mircea_popescu: | i know that face glaring back at me. it is the face of unyielding fucking doom. | [23:59] |
Category: Logs