--- Day changed Thu Feb 23 2017
06:14 -!- nickler [~nickler@185.12.46.130] has quit [Ping timeout: 260 seconds]     
06:26 -!- nickler [~nickler@185.12.46.130] has joined #secp256k1     
10:26 -!- andytoshi [~apoelstra@wpsoftware.net] has quit [Ping timeout: 264 seconds]     
10:33 -!- andytoshi [~apoelstra@wpsoftware.net] has joined #secp256k1     
11:06 -!- jtimon [~quassel@garage-jp.static.monkeybrains.net] has joined #secp256k1     
11:43 -!- jtimon [~quassel@garage-jp.static.monkeybrains.net] has quit [Ping timeout: 268 seconds]     
11:44 -!- jtimon [~quassel@garage-jp.static.monkeybrains.net] has joined #secp256k1     
11:51 -!- echonaut1 [~echonaut@46.101.192.134] has quit [Remote host closed the connection]     
11:51 -!- echonaut [~echonaut@46.101.192.134] has joined #secp256k1     
11:51 -!- echonaut [~echonaut@46.101.192.134] has quit [Remote host closed the connection]     
11:52 -!- echonaut [~echonaut@46.101.192.134] has joined #secp256k1     
12:03 -!- jtimon [~quassel@garage-jp.static.monkeybrains.net] has quit [Ping timeout: 255 seconds]     
12:38 -!- jtimon [~quassel@199.116.72.155] has joined #secp256k1     
12:52 < gmaxwell> hehe I was trying to add a test for the uncovered branch at
12:52 < gmaxwell>      155                 :       2052 : static void secp256k1_ge_set_table_gej_var(secp256k1_ge *r, const secp256k1_gej *a, const secp256k1_fe *zr, size_t len) {
12:52 < gmaxwell>      156                 :       2052 :     size_t i = len - 1;
12:52 < gmaxwell>      157                 :            :     secp256k1_fe zi;
12:52 < gmaxwell>      158                 :            :
12:52 < gmaxwell>      159         [ +  - ]:       2052 :     if (len > 0) {
12:57 < gmaxwell> on nevermind, I was looking at the web copy of the coverage report instead of the local one!
13:47 -!- jtimon [~quassel@199.116.72.155] has quit [Ping timeout: 255 seconds]     
13:47 -!- jtimon [~quassel@garage-jp.static.monkeybrains.net] has joined #secp256k1     
14:05 -!- Madars [~null@unaffiliated/madars] has quit [Quit: Leaving.]     
14:13 -!- Madars [~null@unaffiliated/madars] has joined #secp256k1     
14:47 -!- jtimon [~quassel@garage-jp.static.monkeybrains.net] has quit [Ping timeout: 255 seconds]     
14:54 -!- jtimon [~quassel@garage-jp.static.monkeybrains.net] has joined #secp256k1     
18:42 -!- jtimon [~quassel@garage-jp.static.monkeybrains.net] has quit [Remote host closed the connection]     
19:11 -!- echonaut [~echonaut@46.101.192.134] has quit [Remote host closed the connection]     
19:11 -!- echonaut [~echonaut@46.101.192.134] has joined #secp256k1     
22:08 -!- instagibbs [~instagibb@pool-100-15-114-3.washdc.fios.verizon.net] has quit [Ping timeout: 240 seconds]     
22:18 -!- instagibbs [~instagibb@pool-100-15-117-236.washdc.fios.verizon.net] has joined #secp256k1     
22:54 -!- indutny [~indutny@188.226.143.86] has joined #secp256k1     
22:54 < indutny> hello everyone
22:55 < indutny> has anyone attempted to decompose the scalar using 6-th root of unity
22:55 < indutny> sort of like GLV, but with more coefficients?
23:08 < gmaxwell> there isn't one.
23:08 < gmaxwell> You also can't just get another endomorphism like that, unfortunately.
23:09 < gmaxwell> There are multiple cube roots of unity (three, of course) but they do not form a proper basis that allows a further decomposition.
23:09 < indutny> there is 6-th root of unity
23:10 < indutny> and indeed I've so far failed to create basis using any of them
23:10 < indutny> I guess there is some sort of redundancy in basis
23:11 < indutny> LLL reduces it way too much
23:11 < indutny> gmaxwell: is there any mathematical argument to why this should not be possible?
23:11 < indutny> using different cube roots (for example)
23:13 < gmaxwell> indutny: IIRC there isn't a 6th root: there has to be a root in both the field and the order as one of the basic prereqts to get an endomorphism.--  and it doesn't exist in the curve order.
23:14 < indutny> lambda=5363ad4cc05c30e0a5261c028812645a122e22ea20816678df02967c1b23bd72
23:14 < indutny> beta=851695d49a83f8ef919bb86153cbcb16630fb68aed0a766a3ec693d68e6afa40
23:14 < indutny> appears to be working for me
23:14 < indutny> let me double check, though
23:15 < gmaxwell> oh indeed it is.
23:16 < indutny> sorry
23:16 < indutny> wrong numbers, though
23:16 < indutny> lambda=ac9c52b33fa3cf1f5ad9e3fd77ed9ba4a880b9fc8ec739c2e0cfc810b51283ce
23:16 < indutny> beta is the same
23:16 < indutny> gmaxwell: it doesn't matter too much in the end
23:16 < indutny> whatever initial basis I choose for LLL
23:16 < indutny> it yields very short first basis vector
23:16 < indutny> and half-size second and third
23:18 < indutny> ah, heck
23:18 < indutny> hahaha
23:19 < indutny> gmaxwell: sorry for misinformation
23:19 < indutny> there is no 6-th root of unity for secp256k1 indeed
23:19 < indutny> the lambda^(1/2) is lambda^2
23:23 < gmaxwell> On the 'plus side' a higher order endomorphism wouldn't result in that much of an additional speedup.
23:29 < indutny> heh     
23:30 < indutny> there was a paper with decomposition into 4 scalars
23:30 < indutny> the speedup was around 25% as far as I remember
23:30 < indutny> the curve was F[p^2], though
23:30 < indutny> s/curve/field/
23:31 < gmaxwell> yes, thats one of the ways you can get a higher order endomorphism. google snowshoe for a curve constructed with nice paramters.
23:32 < gmaxwell> I would expect 25% over no endomorphism as compared to 20% with just the single endomorphism.
23:53 < indutny> ok, I think my problem comes down to the trivial fact
23:53 < indutny> that lambda^2 + lambda + 1 = 0
23:54 < indutny> so whenever I introduce lambda^2 as a basis vector
23:54 < indutny> it becomes trivial
23:54 < indutny> basically lambda^2 = -1 - lambda