mersenneforum.org  

Go Back   mersenneforum.org > Search Forums

Showing results 1 to 25 of 43
Search took 0.01 seconds.
Search: Posts Made By: patnashev
Forum: Math 2020-09-12, 09:23
Replies: 247
Views: 17,406
Posted By patnashev
Seventeen or Bust and other Sierpinski problems...

Seventeen or Bust and other Sierpinski problems were switched to fast DC. At VDF depth 7.
Forum: Math 2020-08-26, 05:08
Replies: 247
Views: 17,406
Posted By patnashev
Security exponent for 8191 is 2 * 3 * 3 * 5 * 7 *...

Security exponent for 8191 is 2 * 3 * 3 * 5 * 7 * 13
Forum: Math 2020-08-26, 05:06
Replies: 247
Views: 17,406
Posted By patnashev
Yes, that's why we're talking about divisors of...

Yes, that's why we're talking about divisors of N-1. But composite powers are dealt with automatically when you compute the "security" exponent.
Forum: Math 2020-08-26, 04:47
Replies: 247
Views: 17,406
Posted By patnashev
And it's not enough to only consider prime...

And it's not enough to only consider prime factors, their powers are important too.
14773 != 1 (mod 8191)
14779 = 1 (mod 8191)

All 9th roots of unity mod 8191: {1, 90, 1477, 1874, 2723, 4840,...
Forum: Math 2020-08-26, 04:33
Replies: 247
Views: 17,406
Posted By patnashev
There are only two square roots of unity. A...

There are only two square roots of unity. A single squaring is enough to turn them into 1. But phi(N)=N-1 can be divisible by 3, so there could be three cubic roots of unity. Raising to 3rd power is...
Forum: Math 2020-08-25, 15:14
Replies: 247
Views: 17,406
Posted By patnashev
Roots of unity Attack It is possible to...

Roots of unity Attack

It is possible to conceal a prime by tampering with the proof and forcing the result of PRP test to be different than 1. In the simplest circumstances an attacker has to...
Forum: Math 2020-06-28, 05:48
Replies: 247
Views: 17,406
Posted By patnashev
We've started searching for GFN-15 Mega...

We've started searching for GFN-15 Mega (b^32768+1, 1M digits). b is a hundred-bit number, but Pietrzak VDF works just fine with such numbers.
Forum: Math 2020-06-24, 03:49
Replies: 247
Views: 17,406
Posted By patnashev
It's a model to calibrate your hashes against....

It's a model to calibrate your hashes against. Btw, x^(h0*h0) is not modular and can be precomputed.
Forum: Math 2020-06-23, 15:30
Replies: 247
Views: 17,406
Posted By patnashev
Brute-force attack: for (h0 = 1; h0 <...

Brute-force attack:

for (h0 = 1; h0 < max_hash; h0++)
{
y = x^(h0*h0);
u_1 = x^(-h0);
if (hash(y) == h0)
break;
}
u_i[i>1] = 1;
Forum: Math 2020-06-23, 08:13
Replies: 247
Views: 17,406
Posted By patnashev
I use 64-bit md5 with no divisors <1000 "just in...

I use 64-bit md5 with no divisors <1000 "just in case". But I see the appeal of shorter unhardened hashes. Server load is linear with hash size.
Forum: Math 2020-06-23, 04:23
Replies: 247
Views: 17,406
Posted By patnashev
Just compute and upload the proof like it's a...

Just compute and upload the proof like it's a regular composite number.



Yes, the proof would not verify, x_t^distance != y_t. But consider the additional anti-cheating step at the end of the...
Forum: Math 2020-06-22, 22:51
Replies: 247
Views: 17,406
Posted By patnashev
The y of Pietrzak VDF, the last point that is...

The y of Pietrzak VDF, the last point that is uploaded along with a proof. But I do the manipulation before calculation of the proof, so all hashes are computed correctly.


Because the last point...
Forum: Math 2020-06-22, 17:57
Replies: 247
Views: 17,406
Posted By patnashev
A time for hacking fun. The random exponent...

A time for hacking fun.

The random exponent is required to have no divisors <1000 in my code. After disabling this check I was able to "hide" a 321 prime by multiplying the result by 3rd root of...
Forum: Math 2020-06-22, 09:43
Replies: 247
Views: 17,406
Posted By patnashev
Do you construct the full exponent for each point...

Do you construct the full exponent for each point or group them?
Forum: Math 2020-06-20, 14:01
Replies: 247
Views: 17,406
Posted By patnashev
No. Besides attacks, there are also...

No.


Besides attacks, there are also hardware and software errors. And we're much more likely to see them than an attack.
Forum: Math 2020-06-20, 12:32
Replies: 247
Views: 17,406
Posted By patnashev
As a matter of fact, the proof is not unique. I...

As a matter of fact, the proof is not unique. I ran simulations at small numbers and found some ways to decrease the number of parasitic proofs. First of all, check that x_t != 0 and gcd(x_t, N) = 1....
Forum: Math 2020-06-19, 20:13
Replies: 247
Views: 17,406
Posted By patnashev
Yes, exactly! No need to store the full proof....

Yes, exactly! No need to store the full proof. Process it immediately and queue the certificate for validation.


Yes, the risk is real. It's not only the cheaters who want to fake the original...
Forum: Math 2020-06-19, 17:37
Replies: 247
Views: 17,406
Posted By patnashev
My certification/validation scheme allows to...

My certification/validation scheme allows to securely shift computation between parties with a simple goal to limit depth to 6..8, limit bandwidth, limit server load and limit temporary storage.
Forum: Math 2020-06-19, 17:28
Replies: 247
Views: 17,406
Posted By patnashev
No. The server performs all calculations in that...

No. The server performs all calculations in that post until
prp(A[N-1], topK/(2^N)) == B[N-1]
Only this one is offloaded to a verifier. In Pietrzak terminology A[N-1] = x_t, B[N-1] = y_t, and let's...
Forum: Math 2020-06-19, 07:49
Replies: 247
Views: 17,406
Posted By patnashev
In cheating scenario with u_i = const the...

In cheating scenario with u_i = const the probability of finding a solution increases with the decrease of hash size. Lower distance also helps. I personally like 64 bit, but that's a feeling. I also...
Forum: Math 2020-06-19, 05:48
Replies: 247
Views: 17,406
Posted By patnashev
As a matter of fact, yes! I have an idea and...

As a matter of fact, yes! I have an idea and already presented it.
Don't go that deep. 6..8 is enough. Offload exponentiation at the final iteration to participants, there's a secure way to do it....
Forum: Math 2020-06-19, 04:21
Replies: 247
Views: 17,406
Posted By patnashev
Happy to share my experience! No, it...

Happy to share my experience!



No, it allows to cheat with only first two intermediate points. Basically, for free. Pietrzak VDF is secure as long as you use hashes that depend on the current...
Forum: Math 2020-06-18, 12:20
Replies: 247
Views: 17,406
Posted By patnashev
Yes, this is exactly the scenario that has to be...

Yes, this is exactly the scenario that has to be dealt with. Solution is simple: provide the verifier with x_t^random and expect y_t^random from him. Even if the verifier knows (x_t, y_t), he has to...
Forum: Math 2020-06-18, 09:59
Replies: 247
Views: 17,406
Posted By patnashev
As an exercise, I constructed a solution for...

As an exercise, I constructed a solution for depth 2 in case h1 is predetermined. Only two intermediate points is needed, not four. The solution passes the check but is wrong, because it's only half...
Forum: Math 2020-06-18, 07:07
Replies: 247
Views: 17,406
Posted By patnashev
Short answer: no, you can't do that without...

Short answer: no, you can't do that without making cheating easy.

Long answer:
The fundamental problem of computing proofs on the user side is that every time you compute a product it's hiding...
Showing results 1 to 25 of 43

 
All times are UTC. The time now is 13:06.

Tue Oct 27 13:06:25 UTC 2020 up 47 days, 10:17, 0 users, load averages: 2.62, 2.89, 2.74

Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.

This forum has received and complied with 0 (zero) government requests for information.

Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation.
A copy of the license is included in the FAQ.