--- Log opened Mon Dec 16 00:00:38 2019
00:20 -!- ddustin [~ddustin@unaffiliated/ddustin] has quit [Remote host closed the connection]
00:21 -!- ddustin [~ddustin@unaffiliated/ddustin] has joined #secp256k1
00:25 -!- ddustin [~ddustin@unaffiliated/ddustin] has quit [Ping timeout: 246 seconds]
01:04 -!- belcher [~belcher@unaffiliated/belcher] has joined #secp256k1
01:26 -!- jonatack [~jon@2a01:e0a:53c:a200:bb54:3be5:c3d0:9ce5] has quit [Ping timeout: 252 seconds]
01:44 -!- ddustin [~ddustin@unaffiliated/ddustin] has joined #secp256k1
01:59 -!- ddustin [~ddustin@unaffiliated/ddustin] has quit [Remote host closed the connection]
02:00 -!- ddustin [~ddustin@unaffiliated/ddustin] has joined #secp256k1
02:05 -!- ddustin [~ddustin@unaffiliated/ddustin] has quit [Ping timeout: 265 seconds]
02:08 -!- kcalvinalvin [~kcalvinal@ec2-52-79-199-97.ap-northeast-2.compute.amazonaws.com] has joined #secp256k1
02:08 -!- luke-jr [~luke-jr@unaffiliated/luke-jr] has joined #secp256k1
02:09 -!- jonatack [~jon@213.152.161.85] has joined #secp256k1
02:27 -!- jonatack [~jon@213.152.161.85] has quit [Ping timeout: 276 seconds]
02:29 -!- ddustin [~ddustin@unaffiliated/ddustin] has joined #secp256k1
02:44 -!- ddustin [~ddustin@unaffiliated/ddustin] has quit [Remote host closed the connection]
02:47 -!- ddustin_ [~ddustin@unaffiliated/ddustin] has joined #secp256k1
03:13 -!- ddustin_ [~ddustin@unaffiliated/ddustin] has quit [Remote host closed the connection]
04:07 -!- ddustin [~ddustin@unaffiliated/ddustin] has joined #secp256k1
04:07 -!- ddustin [~ddustin@unaffiliated/ddustin] has quit [Remote host closed the connection]
04:08 -!- ddustin [~ddustin@unaffiliated/ddustin] has joined #secp256k1
04:12 -!- ddustin [~ddustin@unaffiliated/ddustin] has quit [Ping timeout: 246 seconds]
06:38 -!- afk11 [~afk11@gateway/tor-sasl/afk11] has quit [Ping timeout: 260 seconds]
06:39 -!- afk11 [~afk11@gateway/tor-sasl/afk11] has joined #secp256k1
07:23 < elichai2> So apparently now BlackBerry owns the Endomorphism patent https://patents.google.com/patent/US7995752B2/en
07:47 < real_or_random> BlackBerry owns Certicom
07:47 -!- andytoshi [~apoelstra@wpsoftware.net] has joined #secp256k1
07:47 -!- andytoshi [~apoelstra@wpsoftware.net] has quit [Changing host]
07:47 -!- andytoshi [~apoelstra@unaffiliated/andytoshi] has joined #secp256k1
08:20 -!- jonatack [~jon@2a01:e0a:53c:a200:bb54:3be5:c3d0:9ce5] has joined #secp256k1
08:36 < elichai2> oh really? lol so they abandoned a patent and renewed under another just to complicate our life?
08:38 < instagibbs> elichai2, I'm not sure that abandoning resets it? Seems like a stupid loophole to make sure no one tries to use it forever
08:38 < elichai2> instagibbs: didn't say reset. just a new patent number
08:38 < instagibbs> oh you mean complicate looking it up? :)
08:38 < elichai2> US20020057796A1 was abandoned today
08:39 < elichai2> instagibbs: and complicates understanding when it will expire :/
08:39 < instagibbs> IANAL but it would be braindead if it does
08:40 < elichai2> if it does complicate it? it complicates it *for me*. ie you usually take filling day and add 20 years. now you need to make sure you're even looking at the right patent because the number had changed
08:58 < real_or_random> whatever the intent of this was, I don't think it was complicating your life
09:01 < sipa> elichai2: no, you don't "take filing day and add 20 years"
09:01 < sipa> you contact a patent attorney
09:02 < elichai2> sipa: you're right. this wasn't legal advidce at all. just my personal rule of thumb *before* contacting a patent attorny. you should always seek legal advice with actual lawyers :)
09:02 < sipa> elichai2: sure, and that rule still applies
10:23 -!- meshcollider [meshcollid@quantumznc.com] has quit [Quit: ZNC - https://znc.in]
10:26 < elichai2> I want to try and make `secp256k1_scalar_inverse_var` faster. I see 2 ways. A. Try to optimize the addition chain(ie how fe inverse is twice as fast). B. implement the Extended Euclidean algorithm.
10:27 < elichai2> I know that best effort for B was tried byt andytoshi in #290. I want to know how much effort went into A and if anyone has any intuition on which has the potential for more benefit?
10:35 < sipa> i don't think that much effort went into A
10:36 < sipa> but it's a nontrivial problem too (and the scalar modulus has far less structure than the field one)
10:43 < elichai2> Well it seems to be a big step in IBD in my benchmarks right now, around 10% (Altough I'm doing full IBD profile tonight)
10:44 < elichai2> sipa: right now it's fermat's little theorem with binary exponentiation?
10:55 < sipa> possibly, i don't remember
11:35 < elichai2> Probably no one here remembers but am I dreaming or the scalar inverse calculates upwards of X^16,320
11:37 < elichai2> me trying to understand the algorithm lol  https://usercontent.irccloud-cdn.com/file/3uZtkcdO/IMG_20191216_213632.jpg
11:39 < sipa> that sounds wrong
11:40 < sipa> it's calculating 2^(n-2)
11:40 < sipa> eh, x^(n-2)
11:43 < elichai2> Yeah that's what I thought. That's Fermat
11:44 < sipa> that makes me wonder... could you find a multiple k such that (n-1)*k-1 is low hamming weight?
11:44 < elichai2> Maybe that's the u^M in that algorithm
11:44 < sipa> in that case computing x^((n-1)*k-1) could be cheaper than x^(n-2)
11:45 < sipa> probably not
11:45 < elichai2> You mean the least amount of turned on bits?
11:45 < sipa> yes
11:50 < elichai2> I don't think you'll end up with an inverse
11:51 < elichai2> Ohh no you still will
11:52 < elichai2> Cause x^n-1 is 1. So 1^k is still 1
12:21 < gmaxwell> elichai2: a ladder inverse is always going to be many times slower than a extgcd like inverse for the scalar.
12:22 < gmaxwell> the way to make an inverse fast is to batch it.
12:22 < gmaxwell> I don't buy your IBD claim, signatures are even only validated in the last couple months of the IBD.
12:27 < sipa> gmaxwell: i don't know by how much though (extgcd vs power ladder)
12:37 < gmaxwell> for field, which has a structure that optimizes the power ladder, it's 2.2x faster to use the variable time inverse.
12:38 < gmaxwell> for scalar it's currently 5.2x faster to use the variable time inverse.
12:45 < sipa> and that's compared with gmp, which is probably nontrivial to get close to
12:45 < sipa> but for scalars that sounds like it may not be too hard to do better than the current ladder
12:50 < sipa> i suspect there is some work in implementing a variable-length scalar type though, as you don't want to do full 256-bit arithmetic in extgcd everywhere
14:23 -!- afk11 [~afk11@gateway/tor-sasl/afk11] has quit [Ping timeout: 260 seconds]
14:25 -!- afk11 [~afk11@gateway/tor-sasl/afk11] has joined #secp256k1
22:41 -!- ddustin [~ddustin@unaffiliated/ddustin] has joined #secp256k1
22:44 -!- Tuor [~quassel@unaffiliated/tuor] has quit [Quit: https://quassel-irc.org - Chat comfortably. Anywhere.]
22:44 -!- Tuor [~quassel@unaffiliated/tuor] has joined #secp256k1
23:33 -!- ddustin [~ddustin@unaffiliated/ddustin] has quit [Remote host closed the connection]
23:34 -!- ddustin [~ddustin@unaffiliated/ddustin] has joined #secp256k1
23:34 -!- ddustin [~ddustin@unaffiliated/ddustin] has quit [Remote host closed the connection]
23:35 -!- ddustin [~ddustin@unaffiliated/ddustin] has joined #secp256k1
23:35 -!- ddustin [~ddustin@unaffiliated/ddustin] has quit [Remote host closed the connection]
23:35 -!- ddustin [~ddustin@unaffiliated/ddustin] has joined #secp256k1
23:36 -!- ddustin [~ddustin@unaffiliated/ddustin] has quit [Remote host closed the connection]
23:36 -!- ddustin [~ddustin@unaffiliated/ddustin] has joined #secp256k1
23:37 -!- ddustin [~ddustin@unaffiliated/ddustin] has quit [Remote host closed the connection]
23:37 -!- ddustin [~ddustin@unaffiliated/ddustin] has joined #secp256k1
23:37 -!- ddustin [~ddustin@unaffiliated/ddustin] has quit [Remote host closed the connection]
--- Log closed Tue Dec 17 00:00:40 2019