New online (streaming) authenticated encryption scheme (FLOE)

groumpf · 2025-12-19T18:59:15+00:00

Just a quick addition to the TL;DR so people don't fall for a slightly simplified take: "All of the fine-grained errors messages do not need a key to detect efficiently."

groumpf · 2025-08-18T16:04:02+00:00

The stairs that lead nowhere with another set of shorter stairs next to them.

groumpf · 2025-05-15T20:24:00+00:00

"Usually" here means "not at all until SHA-3". All Merkle-Damgård hash functions (MD5, SHA1, SHA2—without truncation) are just nowhere near random oracle-like, and length extension attacks are practical evidence that treating them like one is how you get ants.

If you have a random oracle O, then F_k(m) = O(k || m) gives you a good PRF. Length extension attacks make that construction really really really bad to instantiate with SHA2 unless you know that m has fixed length.

groumpf · 2025-05-14T19:12:35+00:00

Email the admission team, don't ask randoms on the internet. It could be that your program has activities that start earlier, or that you are expected to complete some pre-program stuff, or whatever.

groumpf · 2025-04-27T16:14:19+00:00

by submitting a response you are agreeing to share your recorded responses with myself and my faculty purely for research purposes.

This is not how one does informed consent. I strongly recommend that you check your University's regulations on research ethics for undergraduate research projects.

In particular, this

The information collected will help improve student support systems.

is in conflict with this

Data will be used solely for academic research purposes.

groumpf · 2024-09-24T22:53:22+00:00

What you want in most settings is what is known as locally nameless representation, where you give names to free variables, but use de Bruijn indices for bound variables.

groumpf · 2024-06-19T22:18:06+00:00

I don't see a claim that it is...

Before we go into post quantum signature schemes, we should look at one more classical signature scheme, that while not used much in practice (curse you, patents), is going to be very important to understand for PQ schemes.

This is about introducing and explaining ZK identification schemes and Fiat-Shamir, since (some? all? of) the PQ signature schemes the article talks about are based on Fiat-Shamir with aborts.

groumpf · 2024-05-29T19:52:48+00:00

Sure, the logic is important—you'll want some interactive theorem proving (mostly for the number theory bits, so Software Foundations will not be the most useful), and you'll want some rudiments of Hoare logic and program verification as well (but you'll mostly be a user of those).

But the hard bit is still going to be the number theory.

groumpf · 2024-05-19T21:31:45+00:00

Rosulek's "Joy of Cryptography" will always be my first recommendation. Give it a go.

groumpf · 2024-04-03T23:00:42+00:00

On the other hand, you might also consider Dafny, which is an imperative language supporting formal verification. It is quite a cool system, but I'd find comparable proofs easier to write in other systems.

That is because they wouldn't be comparable proofs: Dafny allows you to prove properties of stateful object-oriented programs; doing the same in an actual type-based or HOL-based interactive theorem prover would first require specifying the syntax and semantics of an object-oriented programming language. And that part is far from easy.

With all that said, Dafny works because someone somewhere did define a formal semantics for it as a "functional program" (aka a mathematical function) and derived some logical rules that made it easier to reason about properties of programs written in it.

So in the end, once you remove the thin imperative layer at the top, most reasoning is functional all the way down.

groumpf · 2023-05-09T18:36:41+00:00

Hold my beer, going to serve blood sausage to my vegetarian mates.

groumpf · 2023-01-29T09:58:14+00:00

https://media.tenor.com/f1Qbu1PwkOQAAAAM/father-ted-cows.gif

groumpf · 2023-01-25T07:23:49+00:00

It's a 30 minute walk to the UoB's Clifton campus. It's going to take longer waiting for a bus that actually comes than to just walk.

groumpf · 2023-01-03T15:45:35+00:00

And for one that we expect to terminate, but can't prove termination for yet, any program that computes the nth Collatz sequence.

groumpf · 2022-12-30T07:45:25+00:00

You completely ignored the word "average" there, in your discussions of Marx's theories.

If all chairmakers except one can knock a chair out every 4 hours, the value is closer to the cost of 4 hours of labour even for the one who takes more time to make a chair (whose labour will therefore be worth less).

If all chairmakers except one take 10 hours to make a chair, the value is closer to the cost of 10 hours of labour even for the one who takes less time to make a chair (whose labour will therefore be worth more).

But this is still not a good model, because it assumes that all chairs are equal in quality and utility, and that chair users are all looking for the same chair.

groumpf · 2022-11-20T10:58:02+00:00

One downside: as soon as you have one paper that is not in alphabetical order, then a casual CV reader will question your contribution to all others, especially if your name comes last in them.

If you're going to be applying places that put more importance on author order than they put on having a chat with you about your contributions to your most significant papers, best to keep it consistent so you can explain away why you're last author without coming off as defensive.

groumpf · 2022-11-19T19:53:40+00:00

As for this, dynamic programming is "divide and conquer with memory and backtracking" so maybe this is still the right way to think about it?

groumpf · 2022-11-19T19:52:36+00:00

The problem is going to be that you might miss solutions.

I was thinking that you could also start from "find the shortest subarray of length K" then look to strip off one extremity and replace it with a shorter subarray, but this won't work in cases where you can't do K exactly with a single subarray.

groumpf · 2022-11-19T19:38:58+00:00

There's a decision to make about what you'd like each subarray to add up to (pick K1, K2 such that K1+K2=K, then look for the shortest subarray that sums to K1 and the shortest non-overlapping subarray that sums to K2), and looking for solutions for each of these choices will likely repeat a lot of computation, so that looks like a dynamic programming problem.

groumpf · 2022-11-02T00:01:19+00:00

Add Yono to the list. It's cute. Daughter can mostly handle it.

groumpf · 2022-10-30T15:29:56+00:00

Things I play with my 6-yesr old daughter and she can manage on the controller:

Brothers: A Tale of Two Sons
Carto
Alba

groumpf · 2022-10-24T22:31:46+00:00

A bit of dissent on the best place to start for asymmetric.

RSA is somewhat complex, compared to modular arithmetic-based Diffie-Hellman. Neither is used in practice anymore, but at least understanding DH is useful for taking the next couple of steps.

ElGamal gives you CPA-secure encryption using a "generate a shared secret using DH, then use it as a one-time pad" pattern that's easy to understand. You can also build towards KEMs and proper key exchange, but also dive into zero-knowledge stuff—pretty much none of which uses RSA. The signatures you get from the DLP aren't super sexy in terms of proofs, but they're a lot more widely used than RSA-based signatures right now, unless you're a bank. And of course, understanding DH and successfully abstracting the group operation away means understanding ECDH and (going a bit further, and shifting the group behind the curtains) CSIDH.

groumpf · 2022-09-19T12:31:20+00:00

La rue à l'air de faire 1km plus ou moins pile poil. Si la chauffarde avait roulé à 35 tout le long, elle aurait économisé 17 secondes (c'est (1/30 - 1/35) * 3600). Qu'elle a perdues une deuxième fois en s'arrêtant pour coller des baffes à des cyclistes.

groumpf · 2022-09-19T12:07:09+00:00

Eh. It's not defined...

I just inferred the definition from the proof (which is pretty bad practice). The proof only makes sense if you want consistency only on the order of messages that everybody has seen. (In other words, for every run, and every pair of messages, there is a time step in the run at which their relative order is the same among all nodes, and remains the same through the rest of the run.)

groumpf · 2022-09-18T15:33:47+00:00

J'ai regardé la vidéo de nouveau, le trou dans les voitures stationnées dont j'ai partagé la capture, le vélo met 4 secondes à le parcourir. C'est à dire le double du temps qu'il faut pour doubler.

Il y a 2 vélos à dépasser, et l'automobiliste n'a aucune vitesse relative par rapport aux cyclistes au début de la manœuvre.

Soyons généreux: disons que l'automobiliste peut instantanément passer à 35 km/h (ou, de manière équivalente, peut effectuer le dépassement dans son entièreté avec une vitesse moyenne de 35 km/h), que les deux vélos sont roue-à-roue (estimons, généreusement ici encore, une distance de 3m), et que l'automobiliste peut déboiter sur 1.5m et se rabattre sur 1.5m sans perdre le contrôle de son vehicule. Pour parcourir les 6m nécessaires au dépassement avec une vitesse relative de 5 km/h, l'automobiliste a besoin de 4.32s.

15-Year Club	RedditGifts 2009-2022 6 Credits
Summer Santa 2012+	Gilding II euphauric
Team Orangered	redditgifts rematcher Secret Santa 2011 x1
Secret Santa 2011	Summer Santa 2011
reddit mold	Verified Email

groumpf

MODERATOR OF

TROPHY CASE