--- Log opened Sun Nov 28 00:00:45 2021 00:07 -!- jtrag [~jtrag@user/jtrag] has quit [Remote host closed the connection] 00:09 -!- jtrag [~jtrag@user/jtrag] has joined #bitcoin-wizards 00:27 -!- jtrag [~jtrag@user/jtrag] has quit [Remote host closed the connection] 00:28 -!- jtrag [~jtrag@user/jtrag] has joined #bitcoin-wizards 00:36 -!- Guyver2 [Guyver@guyver2.xs4all.nl] has joined #bitcoin-wizards 01:11 -!- jtrag [~jtrag@user/jtrag] has quit [Remote host closed the connection] 01:12 -!- jtrag [~jtrag@user/jtrag] has joined #bitcoin-wizards 01:14 -!- solocshaw [~Thunderbi@gateway/vpn/pia/solocshaw] has quit [Ping timeout: 268 seconds] 01:20 -!- jtrag [~jtrag@user/jtrag] has quit [Remote host closed the connection] 01:21 -!- jtrag [~jtrag@user/jtrag] has joined #bitcoin-wizards 02:04 -!- kexkey [~kexkey@static-198-54-132-165.cust.tzulo.com] has quit [Ping timeout: 265 seconds] 02:06 -!- kexkey [~kexkey@static-198-54-132-85.cust.tzulo.com] has joined #bitcoin-wizards 02:59 -!- smartin [~Icedove@88.135.18.171] has joined #bitcoin-wizards 03:16 -!- jtrag [~jtrag@user/jtrag] has quit [Remote host closed the connection] 03:17 -!- jtrag [~jtrag@user/jtrag] has joined #bitcoin-wizards 03:45 -!- smartin [~Icedove@88.135.18.171] has quit [Ping timeout: 265 seconds] 03:56 -!- jtrag [~jtrag@user/jtrag] has quit [Remote host closed the connection] 03:57 -!- jtrag [~jtrag@user/jtrag] has joined #bitcoin-wizards 04:11 -!- Guyver2_ [Guyver@guyver2.xs4all.nl] has joined #bitcoin-wizards 04:14 -!- Guyver2 [Guyver@guyver2.xs4all.nl] has quit [Ping timeout: 256 seconds] 04:14 -!- Guyver2_ is now known as Guyver2 04:21 -!- jonatack [jonatack@user/jonatack] has quit [Ping timeout: 256 seconds] 05:06 -!- jtrag [~jtrag@user/jtrag] has quit [Remote host closed the connection] 05:07 -!- jtrag [~jtrag@user/jtrag] has joined #bitcoin-wizards 06:10 -!- Guyver2 [Guyver@guyver2.xs4all.nl] has quit [Quit: Going offline, see ya! (www.adiirc.com)] 06:53 < sipa> ademan[m]: bitcoin core does that 06:59 -!- jtrag [~jtrag@user/jtrag] has quit [Remote host closed the connection] 07:00 -!- jtrag [~jtrag@user/jtrag] has joined #bitcoin-wizards 07:17 < roconnor> sipa: Did you have any critearion between choosing between the frobenious automorphs of Bech32's generator? 07:17 < roconnor> It's hard for me to think of any meaningful differences between them. 07:23 < sipa> roconnor: yes, there is a (weak) one: the character set is selected to that (highly subjective selection of) likely typos correspond to 1-bit errors, and the generator is chosen so that the code has hamming distance 6 when interpreted over GF(2) 07:25 < sipa> i was going to say that these automorphisms may help you w.r.t. ease of computation by hand, but since they just transform individual coefficients point-wise, and leave 0 and 1 unchanged, they probably don't help you? 07:41 -!- bitdex [~bitdex@gateway/tor-sasl/bitdex] has quit [Ping timeout: 276 seconds] 07:42 -!- Guyver2 [Guyver@guyver2.xs4all.nl] has joined #bitcoin-wizards 07:42 < roconnor> Right, the automorphism seems to do nothing regarding hand computation. 07:45 -!- jtrag [~jtrag@user/jtrag] has quit [Remote host closed the connection] 07:45 -!- jtrag [~jtrag@user/jtrag] has joined #bitcoin-wizards 07:47 < sipa> perhaps the other ones does, though? reversing the order of coefficients? 07:47 < roconnor> yes: 07:48 < roconnor> [22:22] the average checksum table entry for V53S0VVV95U22 has 10.14 unique characters (out of 13). 07:48 < roconnor> [22:23] he average checksum table entry for 17EQDDD06BEDA has 10.17 unique characters (out of 13). 07:49 -!- bitdex [~bitdex@gateway/tor-sasl/bitdex] has joined #bitcoin-wizards 07:56 < sipa> btw, i've since discovered that these two transformations correspond to simple transformations on alpha: squaring the coefficients of the generator is squaring alpha, reversing the order of coefficients of the generator is inverting alpha 07:58 < sipa> or, if you want to see alpha as implicitly defined as the "x" element of the extension field of GF(32) mod p(x), where p(x) is an irreducible polynomial: squaring the generator coefs is squaring the p(x) coefs; reversing the generator coefs is reversing the p(x) coefs 08:02 < roconnor> how many polynomials generate GF(32)? 08:05 < sipa> 6 08:05 < sipa> [37, 41, 47, 55, 59, 61] 08:09 < roconnor> sipa: I was going to say, don't we have 10 transformations, but i guess some overlap. 08:10 < sipa> only 5 affect individual coefficients 08:10 < sipa> i think you're confusing GF(32)'s definition, and the code over it 08:11 < sipa> the transformation that squares the generator coefficients, corresponds to squaring in GF(32); not squaring the modulus used to define GF(32) over GF(2) 08:12 < roconnor> Right 08:12 < sipa> you could of course also look at changing the GF(32) definition, which matters if you care about bit-level errors, but not about GF(32)-symbol level errors 08:50 < roconnor> I'm a bit torn on whether to make a symbol mutliplication vollvelle, or just have a lookup table. 08:51 < roconnor> Right now the volvelles are easy to correctly assemble because all the top discs are the same. 08:51 < roconnor> But a symbol multiplication volvelle requires a new top disc with symbols on it. 08:51 < roconnor> Now suddenly it is possible to put the wrong top disc on the wrong bottom disc. 08:55 < roconnor> Maybe I can do a totally different design. 08:55 < roconnor> The multiplicative group is, in a certain sense, much simpler. 08:55 < roconnor> I could make a sliding ruler for that computation. 09:03 -!- real_or_random [~real_or_r@user/real-or-random/x-4440763] has quit [Quit: ZNC 1.8.2 - https://znc.in] 09:04 -!- Guyver2_ [Guyver@guyver2.xs4all.nl] has joined #bitcoin-wizards 09:05 -!- real_or_random [~real_or_r@user/real-or-random/x-4440763] has joined #bitcoin-wizards 09:07 -!- Guyver2 [Guyver@guyver2.xs4all.nl] has quit [Ping timeout: 256 seconds] 09:08 -!- Guyver2_ is now known as Guyver2 09:10 < roconnor> or a cirular slide ruler. 09:11 < roconnor> If I make a smaller ciruclar slide ruler, then wrong pieces will clearly not fit properly together. 09:16 < andytoshi> roconnor: neat idea! 09:18 < andytoshi> regarding the classification of the 3-of-n symbols ... there are 141 distinct sets of symbols: aleph-aleph-aleph which occurs 155 times, and 140 ones where no symbol repeats (times their 6 permutations i guess but i don't think this is helpful to think about), which each occur 31 times 09:18 < andytoshi> i have a straightforward but nonenlightening combinatorial argument for this 09:19 < andytoshi> but what i'm interested in is: given the share indices, is there a "simple" computation that will tell the user which class they are in, or at least narrow things down 09:19 < andytoshi> otherwise the complete 3-of-n table fits comfortable across 4 pages i suppose 09:24 < roconnor> 4 pages isn't so bad. 09:24 < roconnor> I mean, this is an optimization after all. 09:24 < roconnor> They can just use the recover share disc and multiplicaiton disc. 09:26 < andytoshi> all true. and like, there are 8 pages of 2-of-n creation tables :) 09:26 < andytoshi> i'll spend one more hour on this because it's nerdsniped me pretty bad 09:26 < andytoshi> but i agree that this is not usefully spent time 09:27 < andytoshi> roconnor: i think i would like to label the "optimization" stuff as appendices though. so the 2-of-n tables would be Appendix A, the 3-of-n recovery table would be Appendix B 09:27 < andytoshi> so the user knows that he could get away without printing them, if he was willing to do some extra work 09:47 < roconnor> yes 09:59 -!- jtrag [~jtrag@user/jtrag] has quit [Remote host closed the connection] 10:00 -!- jtrag [~jtrag@user/jtrag] has joined #bitcoin-wizards 10:01 < roconnor> andytoshi: I cut and paste my way to creating a multiplication disc sans instructions. 10:01 < roconnor> sorry for the conflicts. 10:03 < roconnor> I might make it a bit smaller and perform other adjustments. 10:03 < andytoshi> all good, i should be able to cut-and-paste my way through the conflicts 10:03 < andytoshi> do you mean, conflicts with my k-of-n branch? that should be easy to rebase since it basically only has the one page 10:04 < andytoshi> i guess there will be conflicts related to the page numbering but i can just redo that 10:04 < roconnor> mostly the page numbering stuff. 10:04 < andytoshi> ok cool, no need to apologize. it's really adobe's fault for having such a shitty page numbering system 10:05 < roconnor> It's pretty amazing that all this stuff is possible to do on paper. 10:05 < andytoshi> BTW - i have a hypothesis. if you take your share indices, add S to all of them, then look at the ratios (for k-of-n there'll be k-1 ratios), this completely determines your set of symbols 10:05 < andytoshi> yeah! 10:06 < roconnor> andytoshi: I mean that is like saying that if you look up all the shares in the recover share disc, and multiply them all together you get your set of symbols. 10:06 < andytoshi> so i can probably do 3-of-n in two 31x31 tables: one maps x,y to (x + S)/(y + S), and the other maps the pair of ratios you get to the 3 symbols 10:07 < roconnor> which is indeed what the instructions are. 10:07 < andytoshi> roconnor: oh, yeah, ofc 10:07 < andytoshi> though i am saving a step here 10:07 < andytoshi> normally you have (S + x)(S + y)/(z + x)(z + y) 10:07 < andytoshi> and i'm not considering the denominator at all 10:08 < roconnor> oh I see. 10:08 < roconnor> you are talking about building an 1-x-y table. 10:08 < andytoshi> well, implicitly i am of course, ultimately since multiplication is a bijection, i can hide a ton of clever operations inside the words "is completely determined by" 10:08 < andytoshi> roconnor: right, exactly 10:08 < andytoshi> by doing this i can avoid any 31-by-31-by-31 tabels 10:10 < roconnor> Hmm, I think I'm not entirely following your method. 10:10 < andytoshi> As another appendix we should provide the mapping between bech32 chars and binary, and the mapping between bech32 chars and powers of alpha. in principle this should be completely unnecessary but it might help advanced users sanity-check things 10:10 < andytoshi> roconnor: the argument for it might be nontrivial 10:11 < andytoshi> currently my argument involves a lot of "i did random transformations and look for patterns, oh here's one" 10:11 < andytoshi> but basically, suppose you have shares A C 2 10:11 < andytoshi> then add S to each of these indices: D G 6 10:12 < andytoshi> D G 6 is alpha^7, alpha^3, alpha^8 10:12 < andytoshi> then 7-3 is 4 and 8-3 is 5 .... my claim is that these two numbers 4 and 5 are sufficient to figure out what symbols you have 10:13 < andytoshi> what recovery symbols you'd get, by directly looking up AC2 in the table, i mean 10:14 < andytoshi> my current argument for this is: I took every triplet that got my club-heart-beta, did this transformation, and i got 4 and 5 every time 10:14 < andytoshi> :P 10:18 < andytoshi> (i also checked the preimages of some other sets of symbols, and confirmed that (a) the ratios are consistent; (b) they are not 4 and 5) 10:20 < andytoshi> lemme try to write out a theorem and prove it, i'll paste some latex. i don't think there's a clean handwavey argument, i think this is one of those things you find in number theory books where you think "this theorem and its proof are both fucking stupid" but they solved some specific problem the author had, which *he* originally solved by brute-force guessing relations 10:20 < roconnor> Okay. I can't see how the algrebra allows for this. 10:21 < andytoshi> i don't think there's a purely algebraic argument, i think i'm gonna have to use some combinatorics and the fact that multiplication is a bijection 10:21 < andytoshi> maybe 10:21 < andytoshi> i'll get to it 10:21 * andytoshi gets to it 10:30 < andytoshi> ok, i've got an argument. it's not too bad actually but it's long enough that i need to LaTeX it up 10:30 < andytoshi> it is purely algebraic and does not even depend on characteristic 2 (i think, i need to go through and change a bunch of +s to -s to be sure) 10:31 < andytoshi> but essentially you can compute the lagrange basis polynomials explicitly in terms of those two ratios 10:38 < roconnor> okay I see that (S - x)/(S - z) - 1 = (z - x)/(S - z) 10:39 < roconnor> This is starting to look plausible. 10:39 < andytoshi> yeah, then the next observation is that (x - y) = (S - y) - (S - x) lol 10:39 < andytoshi> and the rest falls into place 10:42 < andytoshi> https://www.wpsoftware.net/pix/2021-11-28_181347.png full algebra 10:45 < andytoshi> this generalizes to higher k but it's not so useful (at least, not without further work) ... e.g. for k=4 you can reduce to a set of three ratios (which you can look up in the same table as the one i'll make for k=3). but then you've got three quantities and you need all 3 to compute your recovery symbols 10:45 < andytoshi> oh amusingly my argument doesn't work in case alpha = 1 or beta = 1 ... but this is exactly the case when your symbols are aleph-aleph-aleph 10:46 < roconnor> what about generalizint it ot k=2 10:47 < andytoshi> oo interesting ... i believe that will work 10:48 < roconnor> probably works, but ends up making the recovery process harder rather than easier. 10:49 < roconnor> using tables instead volvelles for the 3-of-n symbol computation makes is probably okay. 10:49 < roconnor> The number of look ups you need to do is very few. 10:49 < roconnor> like 6ish 10:50 < roconnor> rather than O(48*k) 10:51 < andytoshi> for 2-of-n you need to look up your two indices in a 2D table to get a ratio R 10:51 < andytoshi> then look up R in a 1D table to get your recovery symbols 10:51 < andytoshi> is that easier or harder than a volvelle? i dunno. it's worth providing the alternative since it would require very little additional page space 10:52 < andytoshi> for 3-of-n you need to look up your first and second indices, and first and third indices, in the *same* 2D table as you'd have used for 2-of-n. then you'll have two ratios R1 and R2 10:52 < andytoshi> and you need to look these up in a 2D table to get your recovery symbols 10:52 < roconnor> yep, and right now you just look for 2-of-n you look up your two indices (in the recover share volvelle) and get your recovery symbol immediatley. 10:52 < andytoshi> yep 10:52 < andytoshi> though to get to the volvelle you need to switch pages ;) 10:53 < andytoshi> so which one is harder depends on how clean your desk is 10:53 < andytoshi> anyway it doesn't matter, for 2-of-n either way is easy. the question is whether it would be pedagogically useful to provide one method, or teh other, or both 10:53 < roconnor> The recover share volvelle could be a lookup table, since it isn't so frequenly used. 10:54 < andytoshi> yeah .. it may also be easier to label a table in such a way to discourage people from using it backward 10:54 < roconnor> oh 10:55 < roconnor> that's a good point. 10:55 -!- jtrag [~jtrag@user/jtrag] has quit [Remote host closed the connection] 10:55 < roconnor> I'll make that an issue 10:56 -!- jtrag [~jtrag@user/jtrag] has joined #bitcoin-wizards 10:57 < andytoshi> 18:45 < andytoshi> oh amusingly my argument doesn't work in case alpha = 1 or beta = 1 ... but this is exactly the case when your symbols are aleph-aleph-aleph 10:58 < andytoshi> i was wrong about this -- if aleph = 1 or beta = 1 then it means that two of your shares are the same :) 10:58 < andytoshi> the aleph-aleph-aleph case is a bit more subtle, it happens when alpha*beta = (alpha - 1)(beta - 1) 10:58 < andytoshi> for k = 2, it would happen when alpha = (1 - alpha), which explains why it never happens :) 10:59 < sipa> ok, i have pure python BCH mixed erasure/correction code that works 10:59 < andytoshi> err when alpha = alpha-1 10:59 < andytoshi> sipa: cool!! 10:59 < roconnor> sipa: let me know when you have it in TI-85 basic. 10:59 < andytoshi> lol 11:00 < sipa> roconnor: does TI-85 have support for unsigned 70-bit integers? 11:00 < sipa> (i represent polynomials as integers with just all bits packed together) 11:00 < sipa> 66 bit may be enough 11:02 < roconnor> IIRC native integer support is somewhere between 16 and 24 bits. 11:05 -!- dr-orlovsky [~dr-orlovs@31.14.40.18] has quit [Ping timeout: 268 seconds] 11:05 < roconnor> I don't like how nu and upsilon are so similar. 11:06 < roconnor> but I guess if Bech32 can have U and V then we can use nu and upsilon. 11:06 < andytoshi> there is also phi and varphi, and nu and varnu(?), which users may confuse if they are remembering the symbols by their names 11:09 < roconnor> ya I already use phi and varphi , theta and vartheta , sigma and varsigma 11:09 < roconnor> it's a little problematic. 11:12 < andytoshi> a further problem is that some symbols (e.g. the club) are difficult to draw by hand 11:13 < andytoshi> i think the heart and diamond are good, we can repurpose * which i think is Q, we can add some capital greek letters, maybe some arrows (e.g. the two-headed ones) 11:14 < andytoshi> there is probably a filled dot and an unfilled dot 11:32 < roconnor> andytoshi: not to disparage your work, but maybe it is easier to do 3-of-n recovery by lookup pairs in the recovery table, turning the muliplication wheel and writting down the resulting symbol. 11:36 < andytoshi> roconnor: if i'm understanding you right that's a fair bit more work 11:36 -!- Guyver2 [Guyver@guyver2.xs4all.nl] has quit [Read error: Connection reset by peer] 11:37 -!- Guyver2 [Guyver@guyver2.xs4all.nl] has joined #bitcoin-wizards 11:37 < roconnor> Maybe you are right. 11:38 < andytoshi> oh actually 11:38 < andytoshi> yeah, i see 11:39 < andytoshi> so in both cases .. i need to look up two objects, and then combine them 11:39 < roconnor> well you do have to use the multiplication on all 3 pairs. 11:39 < andytoshi> and furthermore, in what you're suggesting, i can actually reuse the recovery table from the 2-of-n case, which is pretty neat 11:39 < roconnor> for my method. 11:39 < andytoshi> ah right yes 11:39 < andytoshi> whereas the "ratio method" gets you all three at once 11:40 < andytoshi> on the other hand, this is "one-time" work in the sense that you don't have to repeat it 48 times 11:40 < andytoshi> so it's ok if it's a little bit of extra work 11:40 < roconnor> my method involves 6 lookups from the recovery table, which I'm going to count as 3 since the come in pairs in the same column. 11:41 < roconnor> and then 3 turns of the multiplication wheel 11:41 < roconnor> your involes 2 lookups in the ratio table 11:42 < roconnor> then another lookup of the ratios to get a tripple 11:42 < andytoshi> yep 11:42 < andytoshi> that matches my accounting 11:42 < andytoshi> so ... my method does save 6 lookups/volvelle turns ... but OTOH it's a whole new ad-hoc scheme that doesn't usefully generalize and requires extra instructions 11:43 < roconnor> OTOOH the multiplication wheel then only becomes useful for k >=4 11:44 < andytoshi> yeah .. that was my original motivation, was that i wanted k=3 to be one of the "good" k values that didn't require the multiplication wheel 11:44 < andytoshi> but honestly i like your approach .. it is a bit more work for k=3, but not that much, and it lets you write a unified set of instructions for all k 11:46 < andytoshi> and remember we can stick the 4-page 3-of-n lookup table into an appendix, so there *is* still a shortcut for users willing to waste a bit of paper 11:48 < roconnor> right 11:49 < andytoshi> having a unified set of instructions might also let us provide a recovery table volvelle. if the instructions are "turn the volvelle pointer to the share whose symbol you're looking up, then multiply all the symbols corresponding to the other shares" then it's easy for a user to not get this backward (the instructions are to spin the volvelle 1 time, not k-1 times) 11:49 < andytoshi> even in the k=2 case when 1 = k-1 11:52 -!- CryptoDavid [uid14990@id-14990.uxbridge.irccloud.com] has joined #bitcoin-wizards 11:53 < andytoshi> We would then have four volvelles: addition, translation, recovery share, symbol multiplication. We could fit the table versions of each one onto a single page, which would probably also help the user's understanding (that the volvelles are just table lookups, they're not inherently doing any clever algebra) 11:55 < roconnor> andytoshi: the multiplication wheel makes multiplying long strings of symbols pretty easy. 11:55 < roconnor> you turn the dial to multiply the first two values, then slide the pointer to that result to multiply the next value, and so on. 11:56 < andytoshi> ah yeah that's really nice 12:05 < andytoshi> Cool. So for now I'll just clean up my giant 3-of-n table and format it as an appendix. and then maybe work on writing the generalized recovery instructions 12:05 < andytoshi> and then we'll be done i guess, up to formatting/UX issues 12:07 < andytoshi> the slide ruler is very cool :) 12:17 -!- atuttle [~atuttle@static-198-54-131-168.cust.tzulo.com] has quit [Quit: atuttle] 12:17 -!- atuttle [~atuttle@static-198-54-131-168.cust.tzulo.com] has joined #bitcoin-wizards 12:29 -!- atuttle [~atuttle@static-198-54-131-168.cust.tzulo.com] has quit [Quit: atuttle] 12:36 -!- atuttle [~atuttle@static-198-54-131-168.cust.tzulo.com] has joined #bitcoin-wizards 12:36 -!- atuttle [~atuttle@static-198-54-131-168.cust.tzulo.com] has quit [Client Quit] 12:50 -!- atuttle [~atuttle@static-198-54-131-168.cust.tzulo.com] has joined #bitcoin-wizards 12:50 -!- atuttle [~atuttle@static-198-54-131-168.cust.tzulo.com] has quit [Client Quit] 12:51 -!- jasan [~j@tunnel625336-pt.tunnel.tserv1.bud1.ipv6.he.net] has quit [Ping timeout: 250 seconds] 12:51 -!- jasan [~j@tunnel625336-pt.tunnel.tserv1.bud1.ipv6.he.net] has joined #bitcoin-wizards 12:55 -!- smartin [~Icedove@88.135.18.171] has joined #bitcoin-wizards 12:56 -!- atuttle [~atuttle@static-198-54-131-168.cust.tzulo.com] has joined #bitcoin-wizards 12:58 -!- atuttle [~atuttle@static-198-54-131-168.cust.tzulo.com] has quit [Client Quit] 13:00 < roconnor> I guess it is common to multiply with a slide ruler in a logarithmic scale. 13:00 < roconnor> And this is a log base alpha scale. 13:01 -!- atuttle [~atuttle@static-198-54-131-168.cust.tzulo.com] has joined #bitcoin-wizards 13:15 -!- jtrag [~jtrag@user/jtrag] has quit [Remote host closed the connection] 13:16 -!- jtrag [~jtrag@user/jtrag] has joined #bitcoin-wizards 13:33 -!- smartin [~Icedove@88.135.18.171] has quit [Quit: smartin] 13:56 -!- CryptoDavid [uid14990@id-14990.uxbridge.irccloud.com] has quit [Quit: Connection closed for inactivity] 14:00 < jeremyrubin> on-chain hanukkiah built with sapio https://twitter.com/JeremyRubin/status/1465076638748577794 :) happy holidays 14:01 < jeremyrubin> it drops coins to 36 people along the lines of the candle lightings of hanukah 1..=8 14:02 < jeremyrubin> it's technically a congestion control tree 14:02 < jeremyrubin> but just a little bit of fun :) 14:11 < roconnor> 🕎 14:30 -!- jtrag [~jtrag@user/jtrag] has quit [Remote host closed the connection] 14:31 -!- jtrag [~jtrag@user/jtrag] has joined #bitcoin-wizards 14:41 -!- jtrag [~jtrag@user/jtrag] has quit [Remote host closed the connection] 14:42 -!- jtrag [~jtrag@user/jtrag] has joined #bitcoin-wizards 14:45 -!- atuttle [~atuttle@static-198-54-131-168.cust.tzulo.com] has quit [Quit: atuttle] 14:45 -!- atuttle [~atuttle@static-198-54-131-168.cust.tzulo.com] has joined #bitcoin-wizards 14:55 -!- lukedashjr [~luke-jr@user/luke-jr] has joined #bitcoin-wizards 14:57 -!- luke-jr [~luke-jr@user/luke-jr] has quit [Ping timeout: 256 seconds] 14:58 -!- lukedashjr is now known as luke-jr 15:22 -!- jtrag [~jtrag@user/jtrag] has quit [Remote host closed the connection] 15:23 -!- jtrag [~jtrag@user/jtrag] has joined #bitcoin-wizards 15:39 -!- Guyver2 [Guyver@guyver2.xs4all.nl] has quit [Quit: Going offline, see ya! (www.adiirc.com)] 16:04 < roconnor> andytoshi: we should write out the share construction tables for k=2..9 in an appendix. Then just put k =2 and 3 in the main body. 16:04 < andytoshi> roconnor: yeah, i think that's wise 16:04 < andytoshi> k = 2..6 fit nicely on the page 16:05 < andytoshi> but it's a bit dissonant having them there when the instructions say "don't do k > 3" 16:05 < andytoshi> BTW, i am starting to assemble the new volvelles now and the multiplication wheel, and will do an end-to-end test of 3-of-n and 4-of-n splitting and recovery 16:06 < roconnor> oh I just resized the multiplication wheel 16:06 < roconnor> Not that I had a good reason to do that. 16:06 < andytoshi> i think i got it, i fetched from your repo 10 minutes ago 16:07 < roconnor> okay I think I pushed it an hour ago. 16:08 < roconnor> andytoshi: so the pre-bip has two methods of share creation: one with S and one without S for generating fresh random secrets. 16:08 < andytoshi> roconnor: right, i'm also not sure how to fit that into the exposition in the booklet 16:08 < roconnor> andytoshi: Assuming you think that is a good idea, we should have two sets of creation tables for these two situations. 16:09 < andytoshi> also i think i should start drafting the text in latex, directly writing in postscript is super high-friction because i have to manually reflow text and i can't do simple things like binomial coefficients without a lot of pain 16:09 < andytoshi> roconnor: oh, i misread, i thought you were talking about generating a random S vs translating from an existing secret 16:09 < roconnor> like one way to generate a random S is to generate a random S. 16:10 < andytoshi> ah, but another way is to just generate three random shares then reconstruct them? 16:10 < roconnor> but a somewhat better way to generate a random S is to generate k random shares. 16:10 < andytoshi> can you quantify "somewhat better" 16:10 < andytoshi> i would believe that it somehow softens out biases in the randomness 16:10 < roconnor> I think I want to argue it is less work. 16:10 < andytoshi> oh! interesting! 16:11 < andytoshi> it sounds like strictly more 16:11 < roconnor> to generate k-of-n with a fresh secret, you 16:11 < roconnor> generate a random S. 16:11 < roconnor> generate a random k-1 shares. 16:11 < roconnor> construct n-k+1 shares. 16:12 < roconnor> With my method you 16:12 < roconnor> generate k random shares. 16:12 < roconnor> construct n-k shares. 16:12 < roconnor> And the trick is that we are assuming your wallet is ms32 compatable, in which case you load k of your shares into it. 16:12 < roconnor> and never write down S. 16:12 < andytoshi> ahhh that's very interesting 16:13 < andytoshi> i need to chew on that 16:13 < roconnor> yep, think about it. 16:13 < andytoshi> typing things into a hww is also a lot of work :) though probably less work than doing SSS reconstruction by hand, and results in less "toxic waste" key material that needs to be burned 16:14 < roconnor> oh that's a good point about toxic waste. 16:15 < andytoshi> so, i think the "generate S first" scheme needs to be supported for the case where people are starting from an existing secret 16:15 < roconnor> absolutely 16:15 < andytoshi> and my current discomfort is that it's hard to support both without duplicating the "Create Share" tables 16:15 < andytoshi> which might be alright 16:16 < roconnor> basically I'm calling for duplicating those tables. 16:16 < andytoshi> actually, we could put the "S first" method in an appendix, and describe it as a simple variant of the "normal" way 16:16 -!- jesseposner_ [~jesse@c-24-5-105-39.hsd1.ca.comcast.net] has quit [Ping timeout: 256 seconds] 16:16 < andytoshi> and then put the duplicated tables in the appendix 16:16 < roconnor> that would be fine. 16:16 < andytoshi> ok, yeah, i like that approach 16:16 < roconnor> Maybe we should start calling these modules instead of appendixes. 16:17 < andytoshi> Yeah, I think so 16:18 < andytoshi> makes it easier for 3rd parties to contribute, to support things that are too large/niche to fit into the main .ps, etc 16:20 -!- copumpkin [~woohoo@user/copumpkin] has quit [Quit: My MacBook has gone to sleep. ZZZzzz…] 16:22 < roconnor> yes ... things that are too large ... 16:23 < andytoshi> lol 16:24 < andytoshi> i was imagining, like, the 4-of-n recovery table which would have 31465 entries in it 16:24 < andytoshi> which is 35 pages 16:35 < roconnor> I think we can make a main module with bare minimum of tables supporting the 2-of-n and 3-of-n cases. Other modules for takes for k upto 9; 2-of-n share creation tables; 3-of-n recovery tables; splitting an existing secret; fancy top wheels. 16:36 < roconnor> ; worksheets for longer than 48 characters. 16:37 < andytoshi> all sounds great 16:37 < andytoshi> and we can have a header in the .ps to enable/disable different ones (and a front user-visible page indicating which are available/enabled and how to enable them) 16:38 < andytoshi> this would also give users a good introduction to the idea that they're able to edit the .ps 16:48 -!- jtrag [~jtrag@user/jtrag] has quit [Remote host closed the connection] 16:49 -!- jtrag [~jtrag@user/jtrag] has joined #bitcoin-wizards 16:52 -!- jtrag [~jtrag@user/jtrag] has quit [Remote host closed the connection] 16:52 -!- jtrag [~jtrag@user/jtrag] has joined #bitcoin-wizards 17:17 < roconnor> I was actually thinking about putting modules in separate files. 17:34 -!- jtrag [~jtrag@user/jtrag] has quit [Remote host closed the connection] 17:34 -!- jtrag [~jtrag@user/jtrag] has joined #bitcoin-wizards 17:36 < andytoshi> yeah, i like that. i had thought earlier you said you didn't want to do this 17:37 < andytoshi> but maybe you just meant, you didn't want the core stuff split across multiple files 17:37 < andytoshi> i assume postscript has a way to conditionally include things (and maybe it could even scan a modules/ directory and auto-detect stuff .. though that may be risky) 17:40 -!- kexkey [~kexkey@static-198-54-132-85.cust.tzulo.com] has quit [Ping timeout: 265 seconds] 17:42 -!- kexkey [~kexkey@static-198-54-132-101.cust.tzulo.com] has joined #bitcoin-wizards 17:53 -!- davterra [~davterra@143.198.56.186] has joined #bitcoin-wizards 18:10 < roconnor> I'm under the impression that generally postscript viewers won't let you import across files. 18:11 < roconnor> I did originally not want to split up the file, and I certainly want a single file that can do everything. 18:11 < roconnor> but I'm warming to the idea of independent modules when they are really independent. 18:12 < roconnor> I wonder if we dare make a 3 character checksum table module. 18:18 < sipa> are there "preprocessors" for postscript? 18:22 < roconnor> like latex? 18:24 < sipa> or m4 18:24 < sipa> or cpp 18:27 < roconnor> https://stackoverflow.com/questions/7587408/including-a-postscript-file-into-another-one/19368785 18:43 < _aj_> sipa: perl! 18:43 < sipa> i can write that! 18:43 < sipa> (not read it, though) 18:47 -!- ghost43 [~ghost43@gateway/tor-sasl/ghost43] has quit [Remote host closed the connection] 18:47 -!- ghost43 [~ghost43@gateway/tor-sasl/ghost43] has joined #bitcoin-wizards 18:52 -!- solocshaw [~Thunderbi@gateway/vpn/pia/solocshaw] has joined #bitcoin-wizards 19:05 < andytoshi> hmm, so, generating a single 3-of-n share takes me nearly half an hour .. and i screwed it up the first time and it took me nearly as long to re-check it (and i was cheating and using postscript to check checksums rather than doing it by hand, that'd be another half hour of work..) 19:05 < andytoshi> and it was only one mistake :| 19:06 < andytoshi> i also wasted a few minutes trying to screw around checksumming the translated shares, but i realized that wasn't going to make sense unless i also "translated" the hrp 19:10 < andytoshi> on the flip side, multiplying recovery symbols together is really super easy (except that we need different symbols that i don't pronounce the same in my head :)) 19:10 < andytoshi> like, to the point where i'd suggest that recovery is no harder than creation 19:18 < roconnor> andytoshi: you saying that the repeated greek characters are a problem? 19:20 < roconnor> BTW, Program 17 of the Postscript Cookbook is a method for reencoding a font, so we could make a bech32 Courier font with the letters lined up to their encodings. 19:21 < roconnor> Though it probably isn't a good idea. 19:48 < roconnor> What actually might make sense is to build us a custom symbol font, which would allow us to, for example, comine exotic characters from Symbol and Helvetica into a single font. 19:49 < roconnor> that would give us access to things like † ‡ § 19:49 < roconnor> £ ¥ 20:05 < andytoshi> roconnor: yeah, i like that idea (having our own symbol font) 20:05 < andytoshi> because yes, the repeated greek characters are a big problem for me :) 20:18 < andytoshi> roconnor: i'm kinda tempted to leave the k=2..6 generation tables in the main document, now that i see how fast it is to use the multiplication wheel to compute recovery symbols on the fly 20:18 -!- jtrag [~jtrag@user/jtrag] has quit [Remote host closed the connection] 20:20 -!- jtrag [~jtrag@user/jtrag] has joined #bitcoin-wizards 20:20 < andytoshi> in that if i want to do k=5, i'm not going to get blindsided by how difficult recovery is ... it's only slighly more difficult than creation was 20:21 < andytoshi> (though i suspect that anybody who attempts k=5 will get discouraged during share generation and rethink their plans) 20:22 < andytoshi> and i don't think we should discourage k>3 merely because it increases the likelihood of key loss. i think this is something that even a non-cryptographer can make an informed decision about. 20:34 < roconnor> Oh if you think people want k=4..6, then we can keep it. 20:34 < roconnor> I just figured no one would use it, so no point in having it in the document. 20:34 < roconnor> the main document. 20:35 < roconnor> So there are 24 letters in the greek alphabet. That leave us with 8 more symbols to find. 20:36 < roconnor> and you don't like clubs and spades. 20:38 < roconnor> so Aleph, Hearts, Diamonds, Dagger, Double-Dagger, Section, um Paragraph, oh and I'm using times for zero. 20:39 < roconnor> I feel I'm off by one somewhere... 20:41 < _aj_> could use a circumflex to double your characters? 20:41 -!- jtrag [~jtrag@user/jtrag] has quit [Remote host closed the connection] 20:42 < roconnor> oh I never used varsigma, so I'm good. 20:43 -!- jtrag [~jtrag@user/jtrag] has joined #bitcoin-wizards 20:43 < roconnor> _aj_: andytoshi can't even write down a Y that doesn't look like an X, so I think accents are a no-go. 20:44 < _aj_> is long term storage done as letters or translated to a word list? 20:45 < _aj_> (i don't see how X and chi would work eg) 20:45 < roconnor> this symbol set is only used in intermediate computations. 20:45 < roconnor> and form a distinct "type" 20:46 < roconnor> (roughtly speaking they are used for scalars, rather than points / vectors) 20:46 < roconnor> storage is always done with bech32 characters. 20:47 < roconnor> using a distinct alternate character sets helps make sure you are using the right wheel at the right time. 20:49 -!- _0x1d3 [sid43116@id-43116.tinside.irccloud.com] has quit [Ping timeout: 245 seconds] 20:50 -!- yuanti [sid16585@id-16585.tinside.irccloud.com] has quit [Ping timeout: 250 seconds] 20:52 -!- _0x1d3 [sid43116@id-43116.tinside.irccloud.com] has joined #bitcoin-wizards 20:53 < roconnor> andytoshi: do you think the multiplication wheel would be better if I put a "handle" on the top disc above the Aleph, that you can grab to turn, with a window cut out so you can see where it is pointing to. 20:54 -!- yuanti [sid16585@id-16585.tinside.irccloud.com] has joined #bitcoin-wizards 20:57 -!- Jackielove4u [uid43977@user/jackielove4u] has quit [Ping timeout: 250 seconds] 21:01 -!- Jackielove4u [uid43977@user/jackielove4u] has joined #bitcoin-wizards 21:31 -!- jtrag [~jtrag@user/jtrag] has quit [Remote host closed the connection] 21:32 -!- jtrag [~jtrag@user/jtrag] has joined #bitcoin-wizards 21:44 -!- jtrag [~jtrag@user/jtrag] has quit [Remote host closed the connection] 21:45 -!- jtrag [~jtrag@user/jtrag] has joined #bitcoin-wizards 21:53 -!- Pasha [~Cory@user/pasha] has joined #bitcoin-wizards 21:57 -!- jtrag [~jtrag@user/jtrag] has quit [Remote host closed the connection] 21:58 -!- jtrag [~jtrag@user/jtrag] has joined #bitcoin-wizards 22:07 -!- gnusha [~gnusha@user/gnusha] has joined #bitcoin-wizards 22:07 [Users #bitcoin-wizards] 22:07 [@ChanServ ] [ CrashTestDummy2] [ isthmus ] [ nathanael ] [ S3RK ] 22:07 [@split ] [ darosior ] [ Jaamg ] [ neha ] [ sandipndev123] 22:07 [ _0x0ff ] [ davterra ] [ Jackielove4u ] [ nickler_ ] [ sanket1729 ] 22:07 [ _0x1d3 ] [ DeanGuss ] [ jasan ] [ nikuhodai ] [ sanket_cell ] 22:07 [ _aj_ ] [ dllud ] [ javi404 ] [ ogola ] [ schmidty ] 22:07 [ achow101 ] [ dodo ] [ jeremyrubin ] [ otoburb ] [ sdaftuar1 ] 22:07 [ ademan[m] ] [ dongcarl ] [ jnewbery ] [ paairs ] [ sipa ] 22:07 [ adiabat ] [ elichai2 ] [ johnzwen- ] [ panpan ] [ solocshaw ] 22:07 [ AlienTrooper ] [ emcy_ ] [ jrayhawk ] [ Pasha ] [ soundandfury ] 22:07 [ amiti ] [ EmmyNoether ] [ jtrag ] [ peace777_ ] [ sr_gi ] 22:07 [ Amnesia ] [ emzy ] [ kallewoof ] [ pin ] [ stevenroose ] 22:07 [ andrewtoth ] [ FelixWeis ] [ kanzure ] [ pinheadmz_ ] [ stoner19 ] 22:07 [ andytoshi ] [ flag ] [ Keele ] [ plank ] [ takinbo ] 22:07 [ Apocalyptic ] [ fluffypony ] [ kexkey ] [ Psynthax ] [ tromp ] 22:07 [ ariard ] [ gazab ] [ koolazer ] [ rachelfi1h ] [ u221f_ ] 22:07 [ atuttle ] [ ghost43 ] [ laanwj ] [ real_or_random] [ uasf ] 22:07 [ belcher ] [ gnusha ] [ Liliaceae ] [ roasbeef ] [ vicsn2 ] 22:07 [ berndj ] [ greypw254 ] [ livestradamus ] [ robertspigler ] [ vtnerd ] 22:07 [ bfsfhkacjzgcytf] [ gribble ] [ luke-jr ] [ robot-dreams ] [ waxwing ] 22:07 [ bitdex ] [ grubman9001 ] [ Madars_ ] [ rockhouse ] [ willcl_ark ] 22:07 [ blkncd ] [ h4sh3d ] [ MarcoFalke ] [ roconnor ] [ windsok ] 22:07 [ BlueMatt ] [ harding ] [ MatrixBot1234510] [ ron-slc ] [ yakshaver ] 22:07 [ BUSY ] [ harrow ] [ meshcollider ] [ rottenstonks ] [ yanmaani ] 22:07 [ bw ] [ heath ] [ michaelfolkson ] [ rottenwheel ] [ yuanti ] 22:07 [ cdecker[m] ] [ helo_ ] [ moneyball_ ] [ RubenSomsen ] [ zegalch ] 22:07 [ cold ] [ hendi ] [ morcos ] [ ryan-c ] [ zkao ] 22:07 [ Common_ ] [ instantp10neer ] [ murrayn ] [ s0ph1a ] 22:07 -!- Irssi: #bitcoin-wizards: Total of 134 nicks [2 ops, 0 halfops, 0 voices, 132 normal] 22:07 -!- Channel #bitcoin-wizards created Wed May 19 06:51:00 2021 22:07 -!- jonasschnelli [~jonasschn@2a01:4f9:2a:2510::2] has joined #bitcoin-wizards 22:07 -!- musalbas [~musalbas@algebra.musalbas.com] has joined #bitcoin-wizards 22:07 -!- kakolainen[m] [~kakolaine@2001:470:69fc:105::34f9] has joined #bitcoin-wizards 22:09 -!- Irssi: Join to #bitcoin-wizards was synced in 130 secs 22:11 -!- RCasatta[m] [~rcasattam@2001:470:69fc:105::c85] has joined #bitcoin-wizards 23:35 -!- copumpkin [~woohoo@user/copumpkin] has joined #bitcoin-wizards 23:53 -!- jonatack [jonatack@user/jonatack] has joined #bitcoin-wizards --- Log closed Mon Nov 29 00:00:46 2021