--- Day changed Wed Sep 05 2018 00:08 -!- gpolitis [~gpolitis@119.192.143.241] has joined #secp256k1 00:14 -!- gpolitis [~gpolitis@119.192.143.241] has quit [Ping timeout: 246 seconds] 08:17 < roconnor> In the wnaf; is the negation case necessary for correctness, or is it just an optimization @ https://github.com/bitcoin-core/secp256k1/blob/master/src/ecmult_impl.h#L279 08:18 < gmaxwell> roconnor: IIRC thats needed to avoid expanding the number. 08:19 < gmaxwell> and without it it might take more doublings. 08:20 < roconnor> I'd conjecture it saves one doubling when the case is invoked (half the time). 08:21 < sipa> roconnor: at least when the endomorphism optimization is used, the inputs to wnaf are only 128 bits 08:21 < roconnor> I was trying to figure out if there was more to it than that. 08:21 < sipa> (but positive or negative) 08:21 < sipa> and explicit negation would bump it up to 256 bits 08:22 < roconnor> Hmm I see. 08:34 -!- weez17 [~isaac@unaffiliated/weez17] has joined #secp256k1 08:44 < andytoshi> in ecmult_const_impl i had a similar situation and wrote a long comment about it https://github.com/bitcoin-core/secp256k1/blob/master/src/ecmult_const_impl.h#L63-L78 08:45 < andytoshi> oh, actually i had the opposite problem .. i needed only _odd_ numbers, and the standard way to get them is to negate any even numbers and then correct later, but i couldn't do that without expanding 128-bit numbers to 256-bit ones. so i conditionally added either 1 or 2 and corrected for that 09:03 < roconnor> BTW, what's the deal with the endorphism. Its disabled by default AFAIU, so I haven't looked at it much. But theoretically it is faster isn't it? 09:04 < gmaxwell> by about 20% 09:04 < gmaxwell> There is a patent likely covering the technique that is in effect for another year or two. 09:04 < roconnor> Ugh. 09:05 < gmaxwell> which is why basically no one anywhere even implements the technique. 09:05 < gmaxwell> The bitcoin community had to implement it ourselves to even know how it actually performed (first implemented by Hal). 09:05 < roconnor> If it helps, you cannot patent math ;-P 09:06 < gmaxwell> The US federal circuit court seems to think that it's fine to patent the application of it at least. :P 09:12 < andytoshi> there is a standard page in all of blockstream's patents (and probably in everyone else's) that describes how a computer machine does math 09:12 < andytoshi> so then it's physical. 09:13 < gmaxwell> This is standard practice world wide. 09:13 < andytoshi> (i'm not sure whether to be sad or amused by this; i guess in practice it winds up being pretty destructive that this is allowed..) 09:14 < gmaxwell> there was a brief period in the US where it was believed that boilerplate wasn't required, but then bilski overturned state street and stuff without that boilierplate was found to be invalid... 09:14 < andytoshi> o.O that's really bizarre 09:14 < andytoshi> i don't think anyone has ever actually read the boilerplate 09:56 -!- belcher_ [~belcher@unaffiliated/belcher] has joined #secp256k1 10:12 -!- ken2812221 [~ken281222@180.217.94.90] has quit [Ping timeout: 245 seconds] 11:45 -!- ken2812221 [~ken281222@180.217.128.66] has joined #secp256k1 15:30 -!- weez17 [~isaac@unaffiliated/weez17] has quit [Quit: Lost terminal] 15:36 -!- jcorgan_ [~jcorgan@64-142-68-61.dsl.static.sonic.net] has quit [Quit: leaving] 16:20 -!- belcher_ [~belcher@unaffiliated/belcher] has quit [Quit: Leaving] 20:48 -!- sipa [~pw@gateway/tor-sasl/sipa1024] has quit [Ping timeout: 256 seconds] 20:57 -!- sipa [~pw@gateway/tor-sasl/sipa1024] has joined #secp256k1 21:05 -!- sipa_ [~pw@gateway/tor-sasl/sipa1024] has joined #secp256k1 21:08 -!- sipa [~pw@gateway/tor-sasl/sipa1024] has quit [Remote host closed the connection] 21:16 -!- instagibbs [~instagibb@pool-100-15-122-172.washdc.fios.verizon.net] has quit [Ping timeout: 268 seconds] 21:19 -!- instagibbs [~instagibb@pool-100-15-122-172.washdc.fios.verizon.net] has joined #secp256k1