Skip to content
  • Home Home Home, current page.
  • About

Saved searches

  • Remove
  • In this conversation
    Verified accountProtected Tweets @
Suggested users
  • Verified accountProtected Tweets @
  • Verified accountProtected Tweets @
  • Language: English
    • Bahasa Indonesia
    • Bahasa Melayu
    • Català
    • Čeština
    • Dansk
    • Deutsch
    • English UK
    • Español
    • Filipino
    • Français
    • Hrvatski
    • Italiano
    • Magyar
    • Nederlands
    • Norsk
    • Polski
    • Português
    • Română
    • Slovenčina
    • Suomi
    • Svenska
    • Tiếng Việt
    • Türkçe
    • Ελληνικά
    • Български език
    • Русский
    • Српски
    • Українська мова
    • עִבְרִית
    • العربية
    • فارسی
    • मराठी
    • हिन्दी
    • বাংলা
    • ગુજરાતી
    • தமிழ்
    • ಕನ್ನಡ
    • ภาษาไทย
    • 한국어
    • 日本語
    • 简体中文
    • 繁體中文
  • Have an account? Log in
    Have an account?
    · Forgot password?
    New to Twitter?
    Sign up
isislovecruft's profile
isis agora lovecruft (they/them)
isis agora lovecruft (they/them)
isis agora lovecruft (they/them)
@isislovecruft

Tweets

isis agora lovecruft (they/them)

@isislovecruft

anarchist; hacker; once-upon-a-time theoretical physicist. i might be a cryptographer but i'm not your cryptographer. i use ☠️𝖍𝖆𝖘𝖍 𝖋𝖚𝖓𝖈𝖙𝖎𝖔𝖓𝖘☠️

San Francisco, CA
patternsinthevoid.net
Joined December 2010

Tweets

  • © 2020 Twitter
  • About
  • Help Center
  • Terms
  • Privacy policy
  • Cookies
  • Ads info
Dismiss
Previous
Next

Go to a person's profile

Saved searches

  • Remove
  • In this conversation
    Verified accountProtected Tweets @
Suggested users
  • Verified accountProtected Tweets @
  • Verified accountProtected Tweets @

Promote this Tweet

Block

  • Tweet with a location

    You can add location information to your Tweets, such as your city or precise location, from the web and via third-party applications. You always have the option to delete your Tweet location history. Learn more

    Your lists

    Create a new list

    Under 100 characters, optional
    Privacy

    Copy link to Tweet

    Embed this Tweet

    Embed this Video

    Add this Tweet to your website by copying the code below. Learn more

    Add this video to your website by copying the code below. Learn more

    Hmm, there was a problem reaching the server.

    By embedding Twitter content in your website or app, you are agreeing to the Twitter Developer Agreement and Developer Policy.

    Preview

    Why you're seeing this ad

    Log in to Twitter

    · Forgot password?
    Don't have an account? Sign up »

    Sign up for Twitter

    Not on Twitter? Sign up, tune into the things you care about, and get updates as they happen.

    Sign up
    Have an account? Log in »

    Two-way (sending and receiving) short codes:

    Country Code For customers of
    United States 40404 (any)
    Canada 21212 (any)
    United Kingdom 86444 Vodafone, Orange, 3, O2
    Brazil 40404 Nextel, TIM
    Haiti 40404 Digicel, Voila
    Ireland 51210 Vodafone, O2
    India 53000 Bharti Airtel, Videocon, Reliance
    Indonesia 89887 AXIS, 3, Telkomsel, Indosat, XL Axiata
    Italy 4880804 Wind
    3424486444 Vodafone
    » See SMS short codes for other countries

    Confirmation

     

    Welcome home!

    This timeline is where you’ll spend most of your time, getting instant updates about what matters to you.

    Tweets not working for you?

    Hover over the profile pic and click the Following button to unfollow any account.

    Say a lot with a little

    When you see a Tweet you love, tap the heart — it lets the person who wrote it know you shared the love.

    Spread the word

    The fastest way to share someone else’s Tweet with your followers is with a Retweet. Tap the icon to send it instantly.

    Join the conversation

    Add your thoughts about any Tweet with a Reply. Find a topic you’re passionate about, and jump right in.

    Learn the latest

    Get instant insight into what people are talking about now.

    Get more of what you love

    Follow more accounts to get instant updates about topics you care about.

    Find what's happening

    See the latest conversations about any topic instantly.

    Never miss a Moment

    Catch up instantly on the best stories happening as they unfold.

    1. isis agora lovecruft (they/them)‏ @isislovecruft 1h1 hour ago

      in cryptography we assume some things about the hardware, usually including that it uses two's complement and has a constant-time hardware multiply instruction

      1 reply 0 retweets 18 likes
      Show this thread
    2. isis agora lovecruft (they/them)‏ @isislovecruft 1h1 hour ago

      so for example crypto on older macs with powerpc chips is "not possible" (not without a lot of effort) because the chip's multiplication instruction first looks to see if either multiplicand is 0 or 1, in which case it short circuits and returns 0 or the other multiplicand rsp

      2 replies 1 retweet 13 likes
      Show this thread
    3. isis agora lovecruft (they/them)‏ @isislovecruft 1h1 hour ago

      similarly also for ARM cortex-M3 chips, the multiply instruction can take 1-2 cycles less if both multiplicands are ≤ 2^16, either multiplicand is 0, or—somewhat strangely—either multiplicand is a power of two

      1 reply 0 retweets 9 likes
      Show this thread
    4. isis agora lovecruft (they/them)‏ @isislovecruft 1h1 hour ago

      of course there's ways around non-constant-time multiply instructions, like the well-documented tricks @BearSSLNews uses (cf. https://www.bearssl.org/ctmul.html  or below) but afaik all them rely on tricking *some* form of a hardware multiply instruction into good behaviourpic.twitter.com/wDV8N6nUSU

      1 reply 0 retweets 14 likes
      Show this thread
    5. isis agora lovecruft (they/them)‏ @isislovecruft 1h1 hour ago

      in my quest to make commodore 64s secure against attackers with quantum computers by implementing supersingular isogeny key encapsulation in 6510 assembly, i obviously need constant-time multiplication, but forget even variable-time IT DOES'T HAVE *ANY* MULTIPLICATION INSTRUCTION

      2 replies 4 retweets 38 likes
      Show this thread
    6. isis agora lovecruft (they/them)‏ @isislovecruft 1h1 hour ago

      before jumping into the assembly (THERE WAS A JOKE THERE, DID YOU SEE, DID YOU SEE IT) maybe i should first show some C taken from an older version of BoringSSL which multiplies two n-bit numbers into a 2n-bit result in constant-time (albeit relying on hardware multiplication)pic.twitter.com/VwLCU6cDrC

      a screenshot of this function from this commit in boringssl: https://boringssl.googlesource.com/boringssl/+/07432f325d6a388fe6d4881e84b076610c961f05/third_party/sike/asm/fp_generic.c#18
      1 reply 0 retweets 27 likes
      Show this thread
    7. isis agora lovecruft (they/them)‏ @isislovecruft 1h1 hour ago

      here's a fairly "simple" variable-time 8-bit x 8-bit -> 16-bit multiplication algorithm in 6502/6510 assembly, which indexes over the bits of the b multiplicand and conditionally either doubles or add-then-doubles, taking 146 cycles (best case) to 184 cycles (worst case)pic.twitter.com/Nh3hoONQRF

      LDA #0 ; Initialize RESULT to 0 LDX #8 ; There are 8 bits in a .do_add_then_mul: LSR .b ; Get low bit of b BCC .do_mul ; 0 or 1? CLC ; If 1, add a ADC .a .do_mul: ROR A ; "Stairstep" shift (catching carry from add) ROR .c DEX BNE .do_add_then_mul STA .c+1
      4 replies 1 retweet 14 likes
      Show this thread
    8. isis agora lovecruft (they/them)‏ @isislovecruft 1h1 hour ago

      here's the same routine made constant time by always adding-then-doubling which requires 283 instructions AND TAKES 374 CYCLES JUST TO MULTIPLY TWO BYTESpic.twitter.com/TBV7N5mlUh

      a pile of horrible assembly so terrible that you really don't want to hear it but if you do it's over here https://github.com/isislovecruft/iso64/blob/master/src/c64/subtle.asm
      1 reply 0 retweets 19 likes
      Show this thread
    9. isis agora lovecruft (they/them)‏ @isislovecruft 58m58 minutes ago

      the 6510 chips in commodore 64s run at ~1MHz depending on whether it's the PAL or NTSC version, and a field element in this 434-bit prime field takes 56 bytes, so multiplying two field elements takes roughly 20,944 cycles or ~21ms assuming page boundaries aren't crossed

      2 replies 1 retweet 11 likes
      Show this thread
    10. isis agora lovecruft (they/them)‏ @isislovecruft 53m53 minutes ago

      i'm not sure how many field element operations i'm going to need to walk the isogeny graph yet, but i feel pretty confident that this is going to be the slowest post-quantum cryptographic implementation in existence, and quite possibly just straight up slowest crypto in the world

      1 reply 2 retweets 21 likes
      Show this thread
      isis agora lovecruft (they/them)‏ @isislovecruft 53m53 minutes ago

      this amusingly means that i will hold the title for implementing both the fastest and slowest elliptic curve related cryptographic implementations in the world 🏆🏆

      3:15 PM - 30 Jan 2020
      • 6 Retweets
      • 44 Likes
      • alex Derek Klein Aaron Swartz Day Marc Manzano Shaitan Ioton // siaynoq! { ฿, and i like turtles} Mordur Aslaugarson Matt Micene Adam (not an airport) Lindsay undead billionaire
      1 reply 6 retweets 44 likes
        1. New conversation
        1. Master Phong‏ @PhongKoans 31m31 minutes ago
          Replying to @isislovecruft

          I'd probably go for multiplying 4 bits at a time with lookup tables.

          1 reply 0 retweets 0 likes
        2. isis agora lovecruft (they/them)‏ @isislovecruft 26m26 minutes ago
          Replying to @PhongKoans

          i'm aware of various lookup table techniques but i'm worried that the tables will take up too much memory (i'm already at ~4KB for the field implementation and still need to implement the Montgomery curve and isogenies)

          0 replies 0 retweets 1 like
          3. End of conversation

      Loading seems to be taking a while.

      Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

        Promoted Tweet

        false

        • © 2020 Twitter
        • About
        • Help Center
        • Terms
        • Privacy policy
        • Cookies
        • Ads info