--- Day changed Fri Feb 24 2017
00:23 < indutny> at least I found mathematical explanation to my troubles today :D
00:23 < indutny> and this channel
00:24 < indutny> gmaxwell: just curious, do you have any optimizations to apply in your queue?
00:24 < indutny> I'm mostly interested in algorithmic opts
00:25 < indutny> since I maintain similar JS module
00:25 < gmaxwell> There are many, though most not applicable to you I think.
00:25 < gmaxwell> yes, I'm aware. :)
00:26 < indutny> heh     
00:26 < indutny> that's pretty sad! :)
00:26 < gmaxwell> do you use bn.js?
00:26 < indutny> yes     
00:26 < indutny> it was created for elliptic
00:27 < gmaxwell> If so, it looked like it had ~no real tests and has several times had serious bugs that caused incorrect pubkey generation resulting in funds loss for bitcoin users. It really could use some more testing harness work around it.
00:28 < gmaxwell> because of that I'm stuck telling people that under NO condition should they use JS ecc code for bitcoin. :(
00:28 < indutny> hm... has anyone ever reported this bugs?
00:28 < gmaxwell> (mostly because broken versions will probably circulate in use forever. :( :( )
00:28 < gmaxwell> Oh of course, and the known issues have been fixed.
00:28 < indutny> s/this/these/
00:29 < indutny> both elliptic and bn.js have pretty good test coverage at this point
00:29 < indutny> and elliptic is used for browser-version of bcoin
00:29 < indutny> which powers purse.io
00:29 < gmaxwell> but the systemic risk that they were possible in the first place... really?  I looked previously for bn and didn't find much other than a 'run this function with one value' kind of test.
00:30 < indutny> oh, it is much much better now
00:30 < indutny> although, there is lots of room for improvement
00:30 < gmaxwell> okay that is good to hear.
00:31 < indutny> bn.js is used in quite many places right now, not just elliptic
00:31 < indutny> because it is a part of crypto-browserify
00:31 < indutny> so any webpack- or browserify- built app that uses `crypto` module
00:32 < indutny> will end up using it for something
00:32 < indutny> I hope there are no bugs :)
00:32 < gmaxwell> yea, I know it is.. thats part of the problem, bad versions last forever. Like the prior issues the bitcoin space had with 'SecureRandom' that still show up on sites.
00:33 < indutny> yeah
00:34 < indutny> I haven't changed much in bn.js for years
00:34 < indutny> so the version that is rolled out everywhere now should be pretty stable
00:34 < indutny> I need to make it less lenient to user input errors
00:34 < indutny> like invalid hex and etc
00:34 < indutny> this is a major change so I was very lazy on it
00:35 < gmaxwell> You should take a look at the testing harnessnes in GMP. They're very good. Big randomized tests.
00:35 < indutny> will surely do!
00:35 < indutny> thank you
00:35 < gmaxwell> yes, untypesafe JS is a big source of serious bugs for varrious apps, fair amount of bitcoin lost that way too. :-/ paranoid programming is justified. :)
00:36 < gmaxwell> indutny: in any case, there is a pull request implementing co-z arithmetic which we haven't merged partially because we haven't completed the patent investigation on it yet. (it should be fine, but there is some jerk claiming patents on some distantly related things, which were also published far earlier by someone else)
00:37 < indutny> sounds interesting!
00:37 < indutny> :)     
00:38 < indutny> oh, new formula for addition
00:38 < gmaxwell> it's only really useful for building the multiples of P table.. at least in the structure of our code.  It was more useful until mooted by other optimizations.
00:39 < indutny> that's what I thought
00:39 < indutny> in elliptic this 50% meaningless
00:39 < indutny> at least for secp256k1
00:39 < indutny> because it is easier to just include precomputed values
00:40 < indutny> wNAF doesn't use much of them
00:40 < indutny> I don't remember what window I use, but I guess it is 5
00:40 < indutny> no, it is 4
00:41 < gmaxwell> for P you canot include precomputed values.   For G absolutely. We use an enormous G table in libsecp256k1.
00:41 < indutny> right, for P elliptic.js computes 4 values
00:42 < indutny> considering how much it doubles/adds later on
00:42 < indutny> saving some time may not be reasonable there
00:42 < indutny> oh     
00:42 < indutny> its actually 14 values
00:42 < indutny> I totally forgot that part of the code
00:43 < indutny> gmaxwell: noted that optimization, will investigate it!
00:43 < indutny> thank you
00:43 < gmaxwell> Welcome.
05:10 -!- btcdrak [uid165369@gateway/web/irccloud.com/x-iftxkrupbolzykki] has quit [Ping timeout: 240 seconds]     
05:11 -!- btcdrak [uid165369@gateway/web/irccloud.com/x-wixlumuzlnijkjnz] has joined #secp256k1     
05:37 < andytoshi> good morning. -lambda is a sixth root of unity :P but this isn't useful for the endomorphism trick, negating a basis vector won't give you another basis vector :)
10:51 < indutny> andytoshi: morning
10:51 < indutny> andytoshi: I wish I figured it out earlier :)
15:14 -!- jtimon [~quassel@199.116.72.155] has joined #secp256k1     
15:18 -!- jtimon [~quassel@199.116.72.155] has quit [Remote host closed the connection]     
15:49 -!- jtimon [~quassel@199.116.72.155] has joined #secp256k1     
17:00 -!- echonaut [~echonaut@46.101.192.134] has quit [Remote host closed the connection]     
17:01 -!- echonaut [~echonaut@46.101.192.134] has joined #secp256k1     
17:18 -!- CodeShark [sid126576@gateway/web/irccloud.com/x-zuzkitkercprdfqk] has quit []     
17:18 -!- CodeShark [sid126576@gateway/web/irccloud.com/x-kicibfzlmvjvtssf] has joined #secp256k1     
18:11 -!- jtimon [~quassel@199.116.72.155] has quit [Remote host closed the connection]     
18:35 -!- droark [~droark@c-24-22-123-27.hsd1.or.comcast.net] has joined #secp256k1     
18:36 -!- droark [~droark@c-24-22-123-27.hsd1.or.comcast.net] has quit [Client Quit]     
19:59 -!- droark [~droark@c-24-22-123-27.hsd1.or.comcast.net] has joined #secp256k1     
21:14 -!- roasbeef_ [~root@104.131.26.124] has joined #secp256k1     
21:14 -!- gmaxwell_ [gmaxwell@mf4-xiph.osuosl.org] has joined #secp256k1     
21:14 -!- wump [~quassel@pdpc/supporter/professional/wumpus] has joined #secp256k1     
21:16 -!- wumpus [~quassel@pdpc/supporter/professional/wumpus] has quit [Ping timeout: 260 seconds]     
21:16 -!- roasbeef [~root@104.131.26.124] has quit [Ping timeout: 240 seconds]     
21:16 -!- midnightmagic [~midnightm@unaffiliated/midnightmagic] has quit [Ping timeout: 240 seconds]     
21:16 -!- gmaxwell [gmaxwell@wikimedia/KatWalsh/x-0001] has quit [Ping timeout: 240 seconds]     
21:16 -!- so [~so@unaffiliated/so] has quit [Ping timeout: 240 seconds]     
21:16 -!- waxwing [~waxwing@185.65.135.88] has quit [Ping timeout: 240 seconds]     
21:16 -!- so_ [~so@unaffiliated/so] has joined #secp256k1     
21:17 -!- waxwing [~waxwing@185.65.135.88] has joined #secp256k1     
21:17 -!- gmaxwell_ [gmaxwell@mf4-xiph.osuosl.org] has quit [Changing host]     
21:17 -!- gmaxwell_ [gmaxwell@wikimedia/KatWalsh/x-0001] has joined #secp256k1     
21:17 -!- gmaxwell_ is now known as gmaxwell     
21:18 -!- midnightmagic [~midnightm@unaffiliated/midnightmagic] has joined #secp256k1     
21:41 -!- so_ [~so@unaffiliated/so] has quit [Ping timeout: 260 seconds]     
21:42 -!- so [~so@unaffiliated/so] has joined #secp256k1     
22:54 -!- roasbeef_ is now known as roasbeef     
23:15 -!- nickler [~nickler@185.12.46.130] has quit [Ping timeout: 255 seconds]     
23:20 -!- nickler [~nickler@185.12.46.130] has joined #secp256k1     
23:46 -!- wump is now known as wumpus