| 21 May 2021 |
 sarahjamielewis | *
entangled tags are an invention of yours, right? I don't remember I've seen that idea in the FMD paper.
Yeah
| 17:38:25 |
| sarahjamielewis | One thing to consider for entangling is that you technically only need to match the lowest false positive rate of the group in order to achieve the broadcast (assuming e.g. you are also encrypting messages and the group checks everything they download separately from the tag).
Generating a tag for 5 parties that matches up to 2^-8 verification keys takes only a few seconds (probably faster with avx2). I've also generated a tag matching 10 parties at 2^-2. It is definitely more costly the more parties you have, but I think even non-perfect entangling opens up a few interesting applications. | 17:41:20 |
| sarahjamielewis | * On thing to consider for entangling is that you technically only need to match the lowest false positive rate of the group in order to achieve the broadcast (assuming e.g. you are also encrypting messages and the group checks everything they download separately from the tag).
Generating a tag for 5 parties that matches up to 2^-8 verification keys takes only a few seconds (probably faster with avx2). I've also generated a tag matching 10 parties at 2^-2. It is definitely more costly the more parties you have, but I think even non-perfect entangling opens up a few interesting applications. | 17:42:31 |
| sarahjamielewis | * One thing to consider for entangling is that you technically only need to match the lowest false positive rate of the group in order to achieve the broadcast (assuming e.g. you are also encrypting messages and the group checks everything they download separately from the tag).
Generating a tag for 5 parties that matches up to 2^-8 verification keys takes only a few seconds (probably faster with avx2). I've also generated a tag matching 10 parties at 2^-2. It is definitely more costly the more parties you have, but I think even non-perfect entangling opens up a few interesting applications. | 17:43:03 |
| sarahjamielewis | * On efficiency, I remembered dalek has avx2 support, which pushes down all those figures by over 40% (https://twitter.com/SarahJamieLewis/status/1395610696847556609) | 17:45:43 |
| sarahjamielewis | Also now that 2-party entangling is relatively cheap, I've been thinking about a potential use for them in niwl as an honesty check on mixers/the server : https://twitter.com/SarahJamieLewis/status/1395789753644113926 | 18:01:17 |
|  mconley changed their display name from mconley to mconley|pto. | 20:52:49 |
| 28 May 2021 |
|  Bear ⠅⠑⠧⠊⠝ 🥸 changed their display name from Kevin ⠅⠑⠧⠊⠝ (beardog) to Bear ⠅⠑⠧⠊⠝ 🥸. | 00:47:08 |
 plasmapower | sarahjamielewis I'd heard about the curve25519-dalek ownership dispute but hadn't looked into it too much. You'd recommend the -ng? | 21:15:17 |
| plasmapower | I'll go ahead and merge your brute-force PR and publish a new version, but I'd appreciate your opinion on which I should use in the future | 21:20:27 |
| sarahjamielewis | I moved some personal forks to -ng back in January as I was upgrading rand crates and that work had already been done (at the time), and a couple of other projects I was playing with had also built on the ng crates.
Given that this is security sensitive crypto-infrastructure the whole locking owners out of repos doesn't sit well with me. Given the ownership dispute, and the general lack of communication, I'm inclined to stick with -ng (and in particular the 4.0.1 version) until there is some kind of clarity or at least a major reason to evaluate a significant update (i.e. major feature work or a security fix).
| 22:50:38 |
| 29 May 2021 |
|  Matthew changed their display name from Matthew to Matthew (away). | 05:17:12 |
 ahf | I have seen a lot of people in here talk about curve25519-dalek (and friends), so maybe this is a good place to ask. I'm trying to wrap my head around Ristretto and the API's that are currently available in curve25519-dalek, but either I can't find the right API or it's missing, but I'm trying to find a way to generate a secret key, a public key, and an elligator derived public key representative using the API, but I can only find a hash-to-point function, and I guess what I need here is an encode-to-point and a decode-to-point function. Does anybody know if such functionality is available in other crates or in other implementations of Ristretto or is Ristretto not geared towards this kind of use? | 13:48:26 |
| ahf | I've found some older x25519 elligator implementations, but it sounds like they are either inconsistent with each other or have some flaws in them that makes them unrecommend for use today. | 13:49:21 |
| 1 Jun 2021 |
 István András Seres | FYI the FMD paper has been updated. See the 2nd, 3rd and 4th paragraphs of Section 8.2. There's some discussions about the anonymity guarantees of FMD and there are references to Sarah's simulator and work on FMD. https://eprint.iacr.org/2021/089.pdf | 08:02:14 |
| 3 Jun 2021 |
| mconley changed their display name from mconley|pto to mconley. | 13:01:50 |
| 6 Jun 2021 |
| Matthew changed their display name from Matthew (away) to Matthew. | 22:03:18 |
| 7 Jun 2021 |
|  @vincent:matrix.weekendgunn.it joined the room. | 20:32:22 |
| @vincent:matrix.weekendgunn.it | 23:59:59 |
| 8 Jun 2021 |
| @vincent:matrix.weekendgunn.it | 00:18:57 |
| @vincent:matrix.weekendgunn.it | 00:20:40 |
| @vincent:matrix.weekendgunn.it | 00:24:04 |
|  Vincent joined the room. | 01:29:46 |
| Vincent | 01:43:20 |
| Vincent set their display name to Vincent. | 02:22:21 |
|  filippoc joined the room. | 10:47:46 |
| Vincent changed their profile picture. | 13:33:14 |
| 17 Jun 2021 |
|  yuu changed their display name from yuu to xXLeDesordeCestMoiXx. | 02:12:14 |
| 18 Jun 2021 |
| yuu changed their display name from xXLeDesordeCestMoiXx to xXLeDesordreCestMoiXx. | 13:45:04 |
| 19 Jun 2021 |
| yuu changed their display name from xXLeDesordreCestMoiXx to yuu. | 17:54:28 |
