isis agora lovecruft (they/them)

@isislovecruft

anarchist; hacker; once-upon-a-time theoretical physicist. i might be a cryptographer but i'm not your cryptographer. i use ☠️𝖍𝖆𝖘𝖍 𝖋𝖚𝖓𝖈𝖙𝖎𝖔𝖓𝖘☠️

San Francisco, CA
Vrijeme pridruživanja: prosinac 2010.

Tweetovi

Blokirali ste korisnika/cu @isislovecruft

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @isislovecruft

  1. Prikvačeni tweet

    x="if(t%2)else";python3 -c"[print(t>>15&(t>>(2$x 4))%(3+(t>>(8$x 11))%4)+(t>>10)|42&t>>7&t<<9,end='')for t in range(2**20)]"|aplay -c2 -r4

    Poništi
  2. me: i’m a gemini but i’m also a ex-physicist so it doesn’t count them: i’m a cancer me: nice them: ? me: … me: ♋️

    Poništi
  3. proslijedio/la je Tweet
    Odgovor korisnicima

    the transition period officially means all dudes are force femmed, free titty skittles for all, i don’t make the brexit rules

    Poništi
  4. amazing how having just one shit person in your project/community/startup/organisation/nonprofit will forever taint it by continuing to be shit and draw ever increasingly shit people in, huh, how 'bout that, almost like half rotten trees grow half rotten apples, so strange

    Poništi
  5. them: wait.. i take the code i am good at making fast.. and i make it go slower? with different constraints?? me: yes. exactly that. slower but as fast as you can and still be constant time them: OH MY GOD YES FINALLY A WHOLE NEW SET OF CONSTRAINTS TO PROBLEM SOLVE IN

    Prikaži ovu nit
    Poništi
  6. my signal messages are almost entirely People Who Are Good At Compilers realising that yesteryear's cryptographers were being bullshit gatekeepers when they said "don't roll your own crypto" and that they have Exactly The Skillset for optimising crypto, and i am 100% here for it

    Prikaži ovu nit
    Poništi
  7. it just occurred to me to skitch a muni, what the fuck did i even learn from tony hawk pro skater 2

    Poništi
  8. this amusingly means that i will hold the title for implementing both the fastest and slowest elliptic curve related cryptographic implementations in the world 🏆🏆

    Prikaži ovu nit
    Poništi
  9. i'm not sure how many field element operations i'm going to need to walk the isogeny graph yet, but i feel pretty confident that this is going to be the slowest post-quantum cryptographic implementation in existence, and quite possibly just straight up slowest crypto in the world

    Prikaži ovu nit
    Poništi
  10. the 6510 chips in commodore 64s run at ~1MHz depending on whether it's the PAL or NTSC version, and a field element in this 434-bit prime field takes 56 bytes, so multiplying two field elements takes roughly 20,944 cycles or ~21ms assuming page boundaries aren't crossed

    Prikaži ovu nit
    Poništi
  11. here's the same routine made constant time by always adding-then-doubling which requires 283 instructions AND TAKES 374 CYCLES JUST TO MULTIPLY TWO BYTES

    a pile of horrible assembly so terrible that you really don't want to hear it but if you do it's over here https://github.com/isislovecruft/iso64/blob/master/src/c64/subtle.asm
    Prikaži ovu nit
    Poništi
  12. here's a fairly "simple" variable-time 8-bit x 8-bit -> 16-bit multiplication algorithm in 6502/6510 assembly, which indexes over the bits of the b multiplicand and conditionally either doubles or add-then-doubles, taking 146 cycles (best case) to 184 cycles (worst case)

      LDA #0                      ; Initialize RESULT to 0
  LDX #8                      ; There are 8 bits in a
.do_add_then_mul:
  LSR .b                     ; Get low bit of b
  BCC .do_mul          ; 0 or 1?
  CLC                         ; If 1, add a
  ADC .a
.do_mul:
  ROR A                       ; "Stairstep" shift (catching carry from add)
  ROR .c
  DEX
  BNE .do_add_then_mul
  STA .c+1
    Prikaži ovu nit
    Poništi
  13. before jumping into the assembly (THERE WAS A JOKE THERE, DID YOU SEE, DID YOU SEE IT) maybe i should first show some C taken from an older version of BoringSSL which multiplies two n-bit numbers into a 2n-bit result in constant-time (albeit relying on hardware multiplication)

    a screenshot of this function from this commit in boringssl: https://boringssl.googlesource.com/boringssl/+/07432f325d6a388fe6d4881e84b076610c961f05/third_party/sike/asm/fp_generic.c#18
    Prikaži ovu nit
    Poništi
  14. in my quest to make commodore 64s secure against attackers with quantum computers by implementing supersingular isogeny key encapsulation in 6510 assembly, i obviously need constant-time multiplication, but forget even variable-time IT DOES'T HAVE *ANY* MULTIPLICATION INSTRUCTION

    Prikaži ovu nit
    Poništi
  15. of course there's ways around non-constant-time multiply instructions, like the well-documented tricks uses (cf. or below) but afaik all them rely on tricking *some* form of a hardware multiply instruction into good behaviour

    Prikaži ovu nit
    Poništi
  16. similarly also for ARM cortex-M3 chips, the multiply instruction can take 1-2 cycles less if both multiplicands are ≤ 2^16, either multiplicand is 0, or—somewhat strangely—either multiplicand is a power of two

    Prikaži ovu nit
    Poništi
  17. so for example crypto on older macs with powerpc chips is "not possible" (not without a lot of effort) because the chip's multiplication instruction first looks to see if either multiplicand is 0 or 1, in which case it short circuits and returns 0 or the other multiplicand rsp

    Prikaži ovu nit
    Poništi
  18. in cryptography we assume some things about the hardware, usually including that it uses two's complement and has a constant-time hardware multiply instruction

    Prikaži ovu nit
    Poništi
  19. i believe i just did something no one has ever done before: i wrote a constant-time galois field implementation on a 6502 chipset, which not only does not have a constant-time hardware multiply instruction, but does not have a multiply instruction at all

    Prikaži ovu nit
    Poništi
  20. proslijedio/la je Tweet
    29. sij

    Genius! This Woman Shares Horrifying Code Snippets To Flirt With Other Queer Hackers

    Poništi
  21. proslijedio/la je Tweet
    29. sij
    Odgovor korisnicima

    Be gay do crimecodes

    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·