01:53:47 <Isthmus> I also strongly disagree personally (and professionally)
03:16:10 <gingeropolous> i disagree occasionally
03:29:03 <suraeNoether> Sarang, I am sorry, but my delays today on finishing this up took longer than expected, I had to cross reference another soundness proof... I'll be making comments on overleaf tomorrow. Thanks again for your patience
03:53:17 <sarang> No problem!
04:20:40 <QQ> Is the salt in bulletproofs' get_exponent function null terminated?
04:20:45 <QQ> https://github.com/monero-project/monero/blob/411f1b0ee30f1d424621eb856841dc82d2f161c2/src/ringct/bulletproofs.cc#L102
04:21:33 <QQ> Like the "SubAddr" is in subaddress generation?
04:21:44 <QQ> https://monero.stackexchange.com/questions/10674/how-are-subaddresses-and-account-addresses-generated-from-master-wallet-keys
09:02:25 <koe> hi, given field element r, where x = r + 1/r, is it trivial to find r given x?
15:44:32 <suraeNoether> Koe try the quadratic formula to solve for r
15:45:01 <suraeNoether> Oh arbitrary field
15:45:20 <sarang> You'd need to compute a root
15:50:03 <suraeNoether> Koe: over an arbitrary field the answer is no. Solutions are not unique in the complex numbers, i.e you can get collisions. If the field is Zp I will have to think about it for a few more minutes
16:39:20 <sarang> Very interesting paper by JP Aumasson: https://eprint.iacr.org/2019/1492
16:39:41 <sarang> Discusses the round choices for popular algorithms in hindsight
17:10:20 <Isthmus> @n3ptune pointed out that I might have miscalc'd one of the unlock times (second versus millisecond)
17:10:22 <Isthmus> Here's the raw data:
17:10:29 <Isthmus> https://www.irccloud.com/pastebin/EHrChzBp/
17:10:56 <Isthmus> (this is just the top 20, obviously there are like 5 million rows in this table)
17:11:25 <Isthmus> Oh, + hashes for good measure:
17:11:30 <Isthmus> https://www.irccloud.com/pastebin/28HpODTX/
17:13:09 <nioc> someone recently mentioned that there is some limit to the unlock time.  No mention of the limit but the year 4600 mentioned yesterday seems to be a bit beyond that
17:17:09 <moneromooo> For time unlock times, it's a 64 bit number of seconds since the epoch. 4600 years is going to be nowhere near the limit.
17:18:07 <moneromooo> I just checked, the limit is ~600 billion years. Assuming no mistake.
17:19:54 <nioc> moneromooo: "limit"
20:07:14 * Isthmus chuckles at nioc
20:08:04 <Isthmus> Lemme just stash this 0.03 XMR away until the heat death of the universe
21:21:04 <suraeNoether> 600 billion is so much shorter than the heat death
21:23:23 <suraeNoether> sarang I disagree with JP aumasson at least with chacha
21:25:46 <sarang> Yeah?
21:26:57 <suraeNoether> yeah, chacha has had a lot of recent stuff come out, including an allegedly efficient 8-round distinguisher
21:27:29 <suraeNoether> https://www.sciencedirect.com/science/article/pii/S0020019019300821
21:27:50 <suraeNoether> not to mention the slightly less new stuff: https://tosc.iacr.org/article/view/574
21:29:19 <suraeNoether> iirc chacha20 was originally recommended. i personally suspect that chacha will require at least 20 rounds for any hope of security that lasts more than a decade; progress is being made too quickly on that one