| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <019901cf26fd$09ea5fd0$1dbf1f70$@acm.org> Date: Mon, 10 Feb 2014 23:44:03 -0800 From: "Dennis E. Hamilton" <dennis.hamilton@....org> To: <discussions@...sword-hashing.net> Subject: RE: [PHC] multiply-hardening (Re: NoelKDF ready for submission) Many, many years ago, Knuth published a paper about exponentiation by integers. The speed-up he got beyond the standard version (working on bits of the exponent and squarings of the base) was in places where divisions were used instead of multiplications into the growing product for the result. I would be surprised if this wasn't in volume 2 of The Art of Computer Programming, probably in one or more of the problems. I published a Pascal version (without the division speedups) for arbitrary integer exponents in Dr. Dobbs too many years ago. While I was developing it, Knuth and I had a minor disagreement over what 0 to the power 0 should be. (He voted for 1, I resolved it by returning 0/0 (by identity with 0 to the power 1-1) and letting the arithmetic of the given compiler and platform decide how to handle it.) If you like, I'll see if I can track the Knuth paper and/or the TAoCP location. - Dennis -----Original Message----- From: Bill Cox [mailto:waywardgeek@...il.com] Sent: Monday, February 10, 2014 20:11 To: discussions@...sword-hashing.net Subject: Re: [PHC] multiply-hardening (Re: NoelKDF ready for submission) On Sat, Feb 8, 2014 at 10:16 PM, Samuel Neves <sneves@....uc.pt> wrote: > On 09-02-2014 02:52, Bill Cox wrote: > This is a well-known variant of the addition-chain problem. SPIRAL [1] > generates the following code sequence, using 7 additions: In 1984, I was infatuated with the president of the math club at Berkeley (who was female - no, not Eve), where I hung out with a few guys who were a lot like SolarDesigner, in that they were simply smarter than me. In some comp sci class the prof asked us to compute x^n, for x and n integers, and of course we all came up with the power-of-two standard solution, but I was a wise-ass and for the specific constant the prof asked for, I gave a slightly improved answer. My super-genius friends and I grabbed this problem and couldn't sleep for days. We had asymptotic lower bounds on the number of required multiplies, and a formula for increasing sized integers that converged to it. We wanted to talk with an expert, and Donald Knuth was the guy, so one friend of mine who you might know from Junk Yard Wars as Geo the Guestimator and I dropped by Stanford to see if we could chat with Donald Knuth about it, but he was out for the summer on sabbatical. Thinking to call first was not the sort of brilliant idea we would have come up with :-) Geo and I were both from Palo Alto, so we were on our way home for the weekend anyway. I loved seeing this related problem, and had to write some a quick hack to find optimal solutions. I miss hanging out with super-geeks who are way smarter than me... they are rare here in NC. Thus the alter ego waywardgeek... Bill
Powered by blists - more mailing lists