#asciilifeform | 2020-01-03

kako’s multiple lines of sobbing in reply to short responses is hilarious, he used to be less sensitive

16:36

less sensitive

16:37

er, client made me think that was truncated

16:50

ftr i think bitbet was amazing and deeply appreciate his role in it, if he had bought and kept it running, i might still have money on a bet or two there today

16:52

i want to make an integer btc wager on us elections this year but i dont know of any trustworthy venues

16:57

too bad it blew up over what amounts to pennies compared to the money and history the founders made together

17:08

feedbot

http://qntra.net/2020/01/trump-orders-usg-strike-inside-baghdad-international-airport-quds-force-leader-killed/ << Qntra -- Trump Orders USG Strike Inside Baghdad International Airport Quds Force Leader Killed

~ 35 minutes ~

17:44

mats: what's an "integer btc wager"? in simple terms, what's the lower bar for hedging in your hypothetical trustworthy venue

17:44

iirc, bitbet was unprofitable for hedgers sending fewer than a million satoshis per output

17:47

*

asciilifeform back from holiday

17:49

!q uptime

17:49

asciilifeform: time since my last reconnect : 21d 18h 38m

17:53

http://logs.nosuchlabs.com/log/asciilifeform/2020-01-02#1004719 << i was getting ready to 'this is 2y-old lulz' but apparently fresh, lol

17:53

Logged on 2020-01-02 12:16:57 shinohai: https://old.reddit.com/r/Bitcoin/comments/eiskr6/i_was_reading_saifedeans_book_and_saw_mircea/fctiggk/ <<< trb is "full of vulnerabilities" didja know ?

17:54

*

asciilifeform mildly astonished that cockroach pit is still replaying years-old fud, but whatever, still snoar

17:59

that that that that that refers, is not the that that should be deduplicated [(c) m. gardner, r.i.p]

17:59

how was the holiday, asciilifeform ?

17:59

adlai: i dun recall this in gardner. maybe because read w/out lsd ?

18:00

it's in the "b-sides" of the wordplay section in _Aha! Insight_

18:00

adlai: holiday great. errybody oughta sometimes spend a week away from console.

18:01

(book consists of cartoons containing characters discussing puzzles of a specific variety, followed by prose commentary often containing further examples)

18:01

also in megalulz, https://news.ycombinator.com/item?id=21917505

18:02

we need weaker crypto everywhere (tm)

18:02

Apocalyptic: that site is a bottomless well of crapola like the linked item

18:03

( for bonus sad, djb is 1 of the more prolific perpetrators )

18:04

asciilifeform, sadly the only place that discusses the paper I could find

18:05

Apocalyptic: reading papers like this, could fill 'over 9000' lifetimes, to no particular win

18:05

there's a well-oiled conveyor of usg.artists pumping'em out

18:07

quite obv. the cheapest place to break crypto is in the head of the implementer. so that's where they invest.

18:09

Apocalyptic: imho, reading yc or academitardia snakepits regularly, to learn whether 'finally someone wrote a solid piece' is like visiting time square daily to see whether ufo landed yet

18:11

Apocalyptic: erry once in a while useful, original algo is published, but, observe, you won't find out about it from 'hacker noose' or reddit or 'nature' .

18:12

luckily I rarely indulge in such readings (at least re yc), this paper was just surprisingly too straightforward about the goal

18:12

they're all screamingly 'straightforward about the goal' if yer third eye is fully open.

18:25

shinohai

http://logs.nosuchlabs.com/log/asciilifeform/2020-01-03#1004745 <<< troo, when I awoke this morning top of page was a life-changing post on which set of emoji scissors close.

18:25

Logged on 2020-01-03 18:02:35 asciilifeform: Apocalyptic: that site is a bottomless well of crapola like the linked item

~ 29 minutes ~

18:55

http://logs.nosuchlabs.com/log/asciilifeform/2020-01-03#1004722 << near as i can tell, fella heard about snsa closing, and peeked at the logs, thought to find buncha new 'friends'. but didn't find. hence 'emo' .

18:55

Logged on 2020-01-03 16:35:47 mats: kako’s multiple lines of sobbing in reply to short responses is hilarious, he used to be less sensitive

19:07

http://logs.nosuchlabs.com/log/asciilifeform/2020-01-03#1004727 << nuffin ever 'blows up over pennies.' just as camel's back never literally breaks from the biblical '1 straw'. rather, 2 irreconcilable maniacs cannot live for long in 1 box.

19:07

Logged on 2020-01-03 16:57:37 mats: too bad it blew up over what amounts to pennies compared to the money and history the founders made together

~ 48 minutes ~

19:55

asciilifeform, in Barret is there any additional requirements for j,k,X,M than those listed under " And so, we now know that if we satisfy the constraints:" for the algo to hold ?

19:57

Apocalyptic: aside from the obv. 'and the arithmetizer must work correctly' -- there are not. (and this oughta be apparent from the proof.) note, however, that there is a separate proof re physical bitness bounds of the necessary operations .

19:58

Apocalyptic: the program that corresponds to these 2 proofs, can be seen here .

20:01

I'm just playing with the algo on some random examples and it barfs on one instance with M = 2^64

20:02

probably something stupid on my end, I get X - M * G < X mod M, where G is the green part

20:02

Apocalyptic: likely you did not handle the degenerate case

20:05

Apocalyptic: the other thing is, it is very difficult to implement the algo correctly if you dun 100% understand how it worx . hence the very pedantic proof.

20:06

is the degenerate case limited to M = 1 ?

20:08

Apocalyptic: it is .

20:10

Apocalyptic: make sure that your barretoid constants actually satisfy the given inequalities (in particular re the domain of M , X, and B_M . )

20:19

asciilifeform, I think the issue I'm having is that second inequality in J_M, specifically since M is a power of 2 in my case, it cannot possibly strictly live between two consecutive powers of 2

20:21

Apocalyptic: if you're trying the algo in e.g. python, you gotta remember that the bitness of arithmetizer in which M can be 2^64, in ffa is 128.

20:22

(i.e. not 64.)

20:24

( as illuminated here . )

~ 41 minutes ~

21:05

*

asciilifeform fixed typo in 'algo 2', ty Apocalyptic . observe that this does not contradict the earlier or subsequent text (or the proggy.)

21:05

alright I fixed my implementation, everything works as intended

21:07

asciilifeform, indeed it doesn't contradict anything since it's just the equality case of 2^j <= M mentioned earlier

21:08

my issue turned out to be that I wasn't properly handling the (k-j) left shift somehow

21:08

*right shift

21:09

anyway interesting algo, wasn't familiar with it

~ 41 minutes ~

21:50

Apocalyptic: the original ver. (non-constantspacetime) is due to p. barrett, 1986.

21:53

Apocalyptic: the other (comparatively trivial, but also not afaik published anywhere but my www) constant-time algos in the series, are for gcd and miller-rabin

21:55

(one could argue that the constant-time width-measure and shift algos also 'not seen elsewhere', but they are imho trivial and literate folx asked to re-derive'em on empty sheet of paper , i suspect, prolly could do so quickly )

21:59

Apocalyptic: feel free to post your personal demo proggy in the comments (or here) .

22:00

*

asciilifeform ftr will say that enjoys this thread 9000x moar than 'what sewer rats said about mp' etc

22:00

Logged on 2020-01-03 17:54:10 asciilifeform: mildly astonished that cockroach pit is still replaying years-old fud, but whatever, still snoar

22:01

will do, it was just a quick could-be-one-liner in pari/gp to play with the beast

22:03

*

asciilifeform brb

~ 50 minutes ~

22:54

re gcd, nice trick to make the essential part constant-time

22:55

Apocalyptic: broken link in above

22:56

right, lost the page, should be nice trick

22:57

Apocalyptic: in principle any algo can be rewritten 'in constant time', 'simply' make sure it always runs in worst case. in actual practice sometimes not obvious how to do this (esp. given that in ffa, also want ~constant space~, so gotta prove the spatial bounds of all intermediate ops)

22:58

yeah, never really thought about constant-space in algos before

22:58

certain algos intrinsically 'branch on intermediates' (i.e. lehmer's method for gcd) and thus cannot be rewritten 'in constant'

22:59

in the particular case of gcd, interestingly , i know of no proof that it is intrinsically o(n^2) in its worst case. but presently i conjecture that it is.

23:04

Apocalyptic: i advocate constant-spacetime arithmetic for e.g. rsa not only because abolishes 'side-channel' leakage, but also because it makes proofs of correctness actually possible.

23:04

algos which branch on intermediates (or index memory by them) are virtually impossible to 'prove correct for all possible inputs'

23:09

the other win is that algos which specify a fixed width of arithmetic, and an input-independent sequence of arithmetizations -- are trivial, comparatively, to hardwareize.

23:11

(to ~properly~ hardwareize, as in to lay out as a circuit which is guaranteed to return the answer in x nsec, consuming every time j joules -- as opposed to a von neumann bastardization)

23:19