20200624, 03:49  #188 
"Pavel Atnashev"
Mar 2020
37 Posts 
It's a model to calibrate your hashes against.
Last fiddled with by patnashev on 20200624 at 04:27 
20200624, 19:48  #189 
P90 years forever!
Aug 2002
Yeehaw, FL
1AFE_{16} Posts 
Some data (now using the attached sliding window exponentiation routine)
Proof level 8: Proof generator does 15489 or 20632 squarings (48bit vs 64bit hash) Server does 1080 or 1414 squarings Proof verifier does 390625 squarings (assuming 100,000,000 exponent) Proof level 9: Proof generator does 31485 or 41925 squarings (48bit vs 64bit hash) Server does 1207 or 1577 squarings Proof verifier does 195312 squarings (assuming 100,000,000 exponent) From a total system point of view, we can see that proof level 10 is currently optimal. Compared to level 9, generator does 42K more squarings to save the verifier 97K squarings. If 800 PRP tests a day are reported to the server, I think it can handle 1.2M squarings a day. My quad core Haswells can generate 10 million squarings a day. For me, at proof level 9, the 10500 squarings saved for 48bit vs. 64bit hash represents 1/2 PRP test a year. 
20200624, 20:02  #190  
P90 years forever!
Aug 2002
Yeehaw, FL
1101011111110_{2} Posts 
Quote:
If the future weakness is a reduction in brute force effort, then a longer hash key is our safe guard. So let's rule out 32bit hash values. If the future weakness revolves around a small hash value, let's thwart them by making all hash values >= 2^32. If the future weakness results from some rootofunity issue, lets rule out multiples of the PRP base 3. I'd remove multiples of two just for good measure. Removing hashes with more small primes is also possible. In total, this does not greatly reduce the search space for the brute force attacker. I'm happy with 48bit or 64bit (or anything inbetween!). When eliminating 0 mod 3 hashes, the scheme should not be a simple "add 2" as that would favor 2 mod 3 hashes. Further comments? Time to come up with the concrete algorithm? Last fiddled with by Prime95 on 20200624 at 20:09 

20200624, 20:39  #191  
"Will Edgington"
Nov 2010
Utah, USA
18_{16} Posts 
Avoiding multiples or 2 or 3 in hash values
If you just want to eliminate values that are multiples of 2 or 3:
Code:
int add[2*3] = { 1, 0, 3, 2, 1, 0 }; value += add[value % 6]; To avoid possibly exceeding 2^64, the array value could be subtracted instead, sometimes leading to a final value < 2^32. If you also want to eliminate multiples of 5, expand the array to 2*3*5 appropriately.  Will Quote:


20200624, 21:25  #192  
Just call me Henry
"David"
Sep 2007
Cambridge (GMT)
13·19·23 Posts 
Quote:


20200624, 22:54  #193  
"Mihai Preda"
Apr 2015
10001001110_{2} Posts 
Quote:
I propose we use simply SHA3256 truncated to 64bits for the "h" exponents. The chaining of the hash OTOH is done using the full SHA3256. Maybe we should also present our "simple" hash scheme to the larger crypto community and ask them for an attack? 

20200625, 14:14  #194 
"TF79LL86GIMPS96gpu17"
Mar 2017
US midwest
2·5·11·37 Posts 

20200628, 05:48  #195 
"Pavel Atnashev"
Mar 2020
37_{10} Posts 
We've started searching for GFN15 Mega (b^32768+1, 1M digits). b is a hundredbit number, but Pietrzak VDF works just fine with such numbers.

Thread Tools  
Similar Threads  
Thread  Thread Starter  Forum  Replies  Last Post 
phi function  rula  Homework Help  3  20170118 01:41 
delay in crediting?  ixfd64  PrimeNet  7  20081020 20:45 
Why delay between posts?  JHagerson  Forum Feedback  1  20060513 21:30 
Minimum delay between server connections  vaughan  ElevenSmooth  5  20050908 17:17 
Stats delay  ltd  Prime Sierpinski Project  10  20050808 13:38 