--- Log opened Tue Jun 01 00:00:25 2021
00:07 -!- real_or_random [~real_or_r@2a02:c207:3002:7468::1] has left #secp256k1 [Leaving]
00:07 -!- real_or_random [~real_or_r@2a02:c207:3002:7468::1] has joined #secp256k1
00:29 -!- lukedashjr [~luke-jr@user/luke-jr] has joined #secp256k1
00:31 -!- luke-jr [~luke-jr@user/luke-jr] has quit [Ping timeout: 268 seconds]
00:31 -!- lukedashjr is now known as luke-jr
00:50 -!- mode/#secp256k1 [+o nickler] by ChanServ
00:53 -!- mode/#secp256k1 [-o nickler] by ChanServ
00:53 < real_or_random> note to self: IRC is just old and weird.
01:19 -!- ChanServ changed the topic of #secp256k1 to: libsecp256k1 development discussion | https://github.com/bitcoin-core/secp256k1 | Channel logs: http://gnusha.org/secp256k1
01:22 -!- real_or_random_ [~real_or_r@185.209.196.135] has joined #secp256k1
01:22 -!- real_or_random_ [~real_or_r@185.209.196.135] has left #secp256k1 [Leaving]
01:22 -!- real_or_random_ [~real_or_r@185.209.196.135] has joined #secp256k1
01:22 -!- real_or_random_ [~real_or_r@185.209.196.135] has left #secp256k1 [Leaving]
01:42 -!- michaelfolkson [~michael@2a00:23c7:60c5:ad01:4130:9d8a:f42d:542f] has joined #secp256k1
03:16 -!- michaelfolkson [~michael@2a00:23c7:60c5:ad01:4130:9d8a:f42d:542f] has quit [Quit: I am away from my computer]
03:20 -!- michaelfolkson [~michael@2a00:23c7:60c5:ad01:4130:9d8a:f42d:542f] has joined #secp256k1
03:22 -!- michaelfolkson [~michael@2a00:23c7:60c5:ad01:4130:9d8a:f42d:542f] has quit [Client Quit]
03:30 -!- michaelfolkson [~michael@2a00:23c7:60c5:ad01:4130:9d8a:f42d:542f] has joined #secp256k1
03:31 -!- belcher_ [~belcher@user/belcher] has quit [Ping timeout: 265 seconds]
03:35 -!- michaelfolkson [~michael@2a00:23c7:60c5:ad01:4130:9d8a:f42d:542f] has quit [Quit: I am away from my computer]
03:37 -!- belcher [~belcher@user/belcher] has joined #secp256k1
05:09 -!- menace [~someone@user/menace] has joined #secp256k1
05:16 -!- michaelfolkson [~michael@2a00:23c7:60c5:ad01:4130:9d8a:f42d:542f] has joined #secp256k1
05:45 -!- michaelfolkson [~michael@2a00:23c7:60c5:ad01:4130:9d8a:f42d:542f] has quit [Quit: I am away from my computer]
05:59 -!- michaelfolkson [~michael@2a00:23c7:60c5:ad01:4130:9d8a:f42d:542f] has joined #secp256k1
06:03 -!- michaelfolkson [~michael@2a00:23c7:60c5:ad01:4130:9d8a:f42d:542f] has quit [Client Quit]
06:39 -!- Nebraskka [~Nebraskka@user/nebraskka] has joined #secp256k1
06:41 -!- roconnor [~roconnor@host-184-164-3-109.dyn.295.ca] has joined #secp256k1
08:17 -!- michaelfolkson [~michael@2a00:23c7:60c5:ad01:4130:9d8a:f42d:542f] has joined #secp256k1
08:19 -!- michaelfolkson [~michael@2a00:23c7:60c5:ad01:4130:9d8a:f42d:542f] has quit [Client Quit]
08:28 -!- michaelfolkson [~michael@2a00:23c7:60c5:ad01:4130:9d8a:f42d:542f] has joined #secp256k1
09:13 -!- michaelfolkson [~michael@2a00:23c7:60c5:ad01:4130:9d8a:f42d:542f] has quit [Quit: Textual IRC Client: www.textualapp.com]
09:13 -!- michaelfolkson [~michael@2a00:23c7:60c5:ad01:4130:9d8a:f42d:542f] has joined #secp256k1
09:25 -!- michaelfolkson [~michael@2a00:23c7:60c5:ad01:4130:9d8a:f42d:542f] has quit [Quit: Textual IRC Client: www.textualapp.com]
09:26 -!- michaelfolkson [~michael@2a00:23c7:60c5:ad01:4130:9d8a:f42d:542f] has joined #secp256k1
09:41 -!- michaelfolkson is now known as michaelfolkson2
09:42 -!- michaelfolkson2 is now known as michaelfolkson
09:42 -!- michaelfolkson is now known as michaelfolkson2
09:43 -!- michaelfolkson2 is now known as michaelfolkson
09:46 -!- real_or_random [~real_or_r@2a02:c207:3002:7468::1] has quit [Quit: ZNC 1.8.2 - https://znc.in]
09:47 -!- real_or_random [~real_or_r@173.249.7.254] has joined #secp256k1
09:51 -!- michaelfolkson [~michael@2a00:23c7:60c5:ad01:4130:9d8a:f42d:542f] has quit [Quit: Textual IRC Client: www.textualapp.com]
09:52 -!- michaelfolkson2 [~michael@2a00:23c7:60c5:ad01:4130:9d8a:f42d:542f] has joined #secp256k1
09:57 -!- michaelfolkson [~michaelfo@138.68.143.20] has joined #secp256k1
10:02 -!- sanket1729 [~sanket172@ec2-100-24-255-95.compute-1.amazonaws.com] has joined #secp256k1
10:03 -!- michaelfolkson2 [~michael@2a00:23c7:60c5:ad01:4130:9d8a:f42d:542f] has quit [Quit: Textual IRC Client: www.textualapp.com]
10:05 -!- gmaxwell [~gmaxwell@c-73-170-118-145.hsd1.ca.comcast.net] has joined #secp256k1
10:12 -!- michaelfolkson2 [~michael@2a00:23c7:60c5:ad01:4130:9d8a:f42d:542f] has joined #secp256k1
10:13 -!- michaelfolkson2 [~michael@2a00:23c7:60c5:ad01:4130:9d8a:f42d:542f] has quit [Client Quit]
10:24 -!- Netsplit *.net <-> *.split quits: sebx2a, FelixWeis, elichai2
10:24 -!- Netsplit over, joins: sebx2a
10:24 -!- Netsplit over, joins: elichai2
10:24 -!- Netsplit over, joins: FelixWeis
11:21 -!- roconnor_ [~roconnor@host-184-164-3-109.dyn.295.ca] has joined #secp256k1
11:21 -!- roconnor [~roconnor@host-184-164-3-109.dyn.295.ca] has quit [Ping timeout: 252 seconds]
11:36 -!- roconnor_ is now known as roconnor
13:44 -!- real_or_random [~real_or_r@173.249.7.254] has quit [Changing host]
13:44 -!- real_or_random [~real_or_r@user/real-or-random/x-4440763] has joined #secp256k1
17:30 < gmaxwell> I was talking to sipa today about the fact that the endomorphism operation can be batched.
17:30 < gmaxwell> Basically, in strauss instead of applying the endomorphism to each point in the WINDOW_A table,
17:30 < gmaxwell> you can instead multiply the accumulator by beta or beta^2 to switch the accumulator between endo
17:30 < gmaxwell> and non-endo, track what state its in, apply the operations for the current state and only switch
17:30 < gmaxwell> when necessary.
17:30 < gmaxwell> For just a single variable base exp (and assuming G table is adjusted so it doesn't care either way)
17:30 < gmaxwell> I measure and average of 35 field multiplies needed for this state swapping. But for a large enough
17:31 < gmaxwell> number of points it should win.. asymptotically it will need 128 field multiplies (e.g. every digit is
17:31 < gmaxwell> non-zero for both endo and non-endo additions) compared to 9*N needed by the currently code,
17:31 < gmaxwell> so certainly by 16 points but probably fewer.
17:31 < gmaxwell> Same can be done for negations, though it might not be worth the accounting overhead.
17:31 < gmaxwell> Similarly can be done with pippenger, in a simple and almost form just applying this
17:31 < gmaxwell> to the comb column accumulator, but leaving the wnaf ladder alone.
17:31 < gmaxwell> e.g. apply all the positive endo to each column accumulator, negate. apply all the negative endo,
17:31 < gmaxwell> endo-transform, apply all the negative points, negate, apply all the positive points.
17:31 < gmaxwell> In that case it'll be faster as soon as batching gains beat reuse of the precomputed values...
17:31 < gmaxwell> this will happen for some sufficiently large number of inputs, I think.
17:31 < gmaxwell> I think perhaps the batching could also be spread across the pippenger wnaf ladder, but I haven't really given it any thought.
17:31 < gmaxwell> Maybe, if things are lucky, the size when pippenger starts getting used is also large enough
17:31 < gmaxwell> that this approach is a win. :)  I doubt anyone wants more algorithms to switch between. :)
17:32 < sipa> and if we do this, it would be essentially free to include the G additions into this endo-multiplying system
17:33 < sipa> so if we additionally make G split 1/lambda rather than 1/2^128 like now, we can just drop the 2^128-scaled G precomputed table (and either gain half the memory, or increase its window size by 1 bit for the same window size)
17:33 < sipa> with that change, perhaps it's a win for smaller numbers of strauss points even
17:35 < sipa> (though, i guess not, the gain from going from window 15 to window 16 is tiny)
17:40 < gmaxwell> yeah though it might also be useful to increase window_a's size.  Hard to say, it seems unlikely to me that any variation of this will be faster for just one variable-base.
21:33 -!- belcher_ [~belcher@user/belcher] has joined #secp256k1
21:35 -!- belcher [~belcher@user/belcher] has quit [Ping timeout: 265 seconds]
23:09 -!- calvinalvin [~kcalvinal@ec2-52-79-199-97.ap-northeast-2.compute.amazonaws.com] has joined #secp256k1
23:09 -!- kcalvinalvin [~kcalvinal@ec2-52-79-199-97.ap-northeast-2.compute.amazonaws.com] has quit [Ping timeout: 272 seconds]
23:09 -!- calvinalvin is now known as kcalvinalvin
--- Log closed Wed Jun 02 00:00:26 2021