YAYERKA's comments

>a full repeat instantaneously destroys security with a single pair of signatures

Roughly--assuming ECDSA parameters (H,K,E,q,G)--where H is a hash function, E the Elliptic Curve over finite field K w/ point G of prime order q. Suppose two different messages m and m' have been signed with private key x using the same (non-ephemeral) random nonce value of k.

According to ECDSA Signing these messages m, m' become signatures (r,s), and (r',s') where;

  r = r' = kG,

  s = (H(m) + x*r)/k   mod q,

  s' = (H(m') + x*r)/k  mod q.

  (H(m) + x*r)/s = k = (H(m') + x*r)/s'  mod q.

  x*r(s' - s) = s*H(m') - s'*H(m)  mod q.

Since,

  x = s*H(m') - s'*H(m) / r*(s' - s)  mod q.

https://www.youtube.com/watch?v=PqW8-MUu09c

https://comsecuris.com/research/slides-bignum-bhus2015.pdf

>Some authors even applied the name "kangaroo" to any random walk in a cyclic group. This is zoologically absurd (a kangaroo cannot jump in one bound to another continent) - and mathematically confusing.

Spurred by this thread and especially after studying BSGS and the Pollard Rho for DLP set of algorithms more in depth over the last few days; I found his clarification and justification regarding the "taxonomy" of these methods entertaining and enlightening. Thanks again.

>3.2. Does NSA have an $n^{1/3}$-algorithm for finding elliptic curve discrete logs? ...

In 2013 Bernstein and Lange described such an algorithm albeit with intractable pre-computation costs. [https://www.iacr.org/conferences/asiacrypt2013/slides/44.pdf]

In the paper Koblitz and Menezes say "it is conceivable that the NSA has found (or believes that there might exist) a similar algorithm that requires far less precomputation."

This made we wonder; are there any historic example(s) of an algorithm we have improved over time which lead to the side stepping of a previously unavoidable and large pre-computation?

https://www.cs.princeton.edu/~appel/papers/verif-sha.pdf

>1.12 Definition

>A function f from a set X to a set Y is called a one-way function if f(x) is “easy” to compute for all x \in X but for “essentially all” elements y \in Im(f) it is “computationally infeasible” to find any x \in X such that f(x) = y. [0]

>1.16 Definition

>A trapdoor one-way function is a one-way function f : X -> Y with the additional property that given some extra information (called the trapdoor information) it becomes feasible to find for any given y \in Im(f), an x \in X such that f(x) = y. [0]

[0]; Menezes, A.; Oorschot, P. van; Vanstone, S. (2001). Handbook of Applied Cryptography (5th ed.). CRC Press.

# Opening Remarks with Alex Stamos

https://news.yahoo.com/video/yahoo-trust-unconference-alex-s...

# Trust and the Future of SV with Alex Stamos and Frank Chen

https://news.yahoo.com/video/yahoo-trust-unconference-firesi...

E2E Encryption with Yan Zhu

https://news.yahoo.com/video/yahoo-trust-unconference-e2e-en...

Zerocash with Zooko Wilcox-O’Hearn

https://news.yahoo.com/video/yahoo-trust-unconference-zeroca...

TLS with Adam Langley

https://news.yahoo.com/video/yahoo-trust-unconference-tls-ad...

Secure Messaging with Trevor Perrin

https://news.yahoo.com/video/yahoo-trust-unconference-secure...

Legislation and Let’s Encrypt with the EFF

https://news.yahoo.com/video/yahoo-trust-unconference-legisl...

Not sure about the article; personally it's helped me be able to adapt quickly in lots of foreign places and realize that with a little time and enough "banging your head against a desk" anything can be understood (even Cyrillic alphabets).

        (* generic red-black-tree in Standard Jersey ML *)

        type key = string

        datatype color = R | B

        datatype tree = E | T of (color * tree * key * tree)

        fun rbmem (x, E) = false
          | rbmem (x, T (_,a,y,b)) =
            if x < y then rbmem (x,a)
            else
            if x > y then rbmem (x,b)
            else
            true

        fun balance ( (B,T (R,T (R,a,x,b),y,c),z,d)
                    | (B,T (R,a,x,T (R,b,y,c)),z,d)
                    | (B,a,x,T (R,T (R,b,y,c),z,d))
                    | (B,a,x,T (R,b,y,T (R,c,z,d)))) = T (R,T (B,a,x,b),y,T (B,c,z,d))
                    | balance body = T body

        fun insert (x,s) =
            let fun ins E = T (R,E,x,E)
                  | ins (s as T (color,a,y,b)) =
                    if x < y then balance (color,(ins a),y,b)
                    else if x > y then balance (color,a,y,(ins b))
                    else s
                val T (_,a,y,b) = ins s (* guaranteed to be non-empty *)
            in T (B,a,y,b)
            end

I've used Amazon Linux AMI's since 2012 on several different instances. At first `ps aux` you might think you are using *BSD!

Here are two useful links.

Regarding Amazon Linux AMI security updates; https://alas.aws.amazon.com/

FAQ; https://aws.amazon.com/amazon-linux-ami/faqs/

http://en.wikisource.org/wiki/The_Measure_of_Time

`http://en.wikisource.org/wiki/Science_and_Hypothesis',

`http://en.wikisource.org/wiki/The_Measure_of_Time'.

In French, most of Poincare's original works can be read here;

`http://henripoincarepapers.univ-lorraine.fr/bibliohp/index.p....

It seems warm and fuzzy to think Sam, and the implicit company he keeps (the ultra rich)--who are "leveraging not only their abilities and luck" but already accrued wealth--can and will redistribute it. Anyone who wasn't born yesterday will simply laugh at this prospect.

I'm not sure why Sam feels the need to call what most of the world is doing worthless. I think it's crude and indicative of a narrow social and cultural experience (which surprises me considering his position).

Believe it or not, there are cultures and groups of people who do not revere technology the way most North Americans do.

Also, a good exercise for Sam (and others possessing a similar world view) might be to think about how many "worthless" people and jobs it takes to accomplish the things he does (including this blog post).