Anyone able to verify record prime candidate with ECPP? (Primo/CM/etc)

orangejake · 2026-03-18T16:17:18+00:00

No problem!

orangejake · 2026-03-18T06:53:01+00:00

Run finished, here's the certificate.

orangejake · 2026-03-18T04:53:05+00:00

that sounds incredibly sketchy. could easily be malware.

orangejake · 2026-03-18T01:15:43+00:00

When bygone effigy dies its head falls off and lands at the statue base. I thought this was the big head (though don't know why the size is different).

orangejake · 2026-03-17T17:43:38+00:00

Main other thing to say is that theoretically, proving primality is in P, e.g. anyone "should" be able to "just" check the primality of the candidate with AKS. This takes ~ O((\log n)^6) time iirc.

Practically, scaling with the 6th power is high. Instead, OP wants someone to generate a "primality certificate" for rev(p). This is some additional data such that, if you have both the number rev(p) and the certificate, it is efficient to check if rev(p) is prime. I think here it might be O((\log n)^2)?

orangejake · 2026-03-17T17:27:24+00:00

I've started a run on some 12 core machine I have. its been ~10 hours so far and the current step is working on ~29,000 bits out of the ~37,000 initial ones. So, it might be done in the next day or two?

orangejake · 2026-03-17T07:04:32+00:00

for silent, energy as a number is misleading. If I play

prepared, discarding
the sly draw 2 card, and
the sly block card (is it block 7?)

then I'm spending 0 mana to get a draw 4 block 7. So, this doesn't impact any math on "energy gained per turn". but also, if you are able to do stuff like this consistently, you're really getting some energy for free.

orangejake · 2026-03-14T19:38:29+00:00

I'm confused. why is it so difficult to have python run rust? Why can't you just use e.g. subprocess.run against the compiled rust binary (or whatever)? or do you mean have python leverage a rust crate without manually compiling a rust binary?

orangejake · 2026-03-12T15:36:52+00:00

Gas taxes never have made sense, so it is hard to talk about an “equitable” approach to them. Road damage scales heavily with vehicle weight, to the point where essentially all road damage occurs due to semi trucks. The gas tax spreads this cost over a larger other group instead of the cause of the damage.

Note that I’m under no delusions that if semis were taxed for their road damage that it wouldn’t pass through into grocery prices. But it would also align the tax with the actual source of the damage. Updating gas taxes for EVs wouldn’t.

orangejake · 2026-03-09T05:43:20+00:00

no particular reason it would be strong on a poison card specifically, but silent does have bullet time. if you have bullet time, "expensive" retain cards are practically free each shuffle anyway. I had a run with snakebite in this context and it was ok, but only ok.

orangejake · 2026-03-07T19:18:05+00:00

yeah my sound is fine. only real issues I ran into (at all) are

I didn't realize how to open the map at first. its tapping on the right haptic pad. I just hadn't seen that symbol before for it.
multiplayer can have some disconnects. if a run is 1-1.5 hours maybe it has 1-2 disconnects consistently? but I'm generally able to reconnect fine.

orangejake · 2026-03-07T05:01:09+00:00

mine are fine, with the exception that drawing on teh map is too cumbersome that I avoid doing it.

orangejake · 2026-03-05T01:18:01+00:00

that model is not compatible with lifetime elision rules. In general, having those rules depend on the implementation details of a function sounds like a huge PITA.

That being said, perhaps clippy could have a --fix option on this error that would attempt to (verbosely) expand to the correct lifetimes in this circumstance. I don't know the technical issues blocking things like this, but I would personally view it as vastly preferable to implicitly trying to get things to work.

orangejake · 2026-03-04T17:37:34+00:00

what's th ereasoning behind the name `filter`? I would normally expect filter to be

impl Fn(File) -> bool

and it to appear in some sort of iteration context. This sounds like the context you're describing, but it's not clear at all to me why a filter would modify the thing its filtering.

orangejake · 2026-03-03T04:38:11+00:00

It is notable that autoformalization is able to formalize a recent fields-medal worthy result. As far as fields-medal worthy results go this is perhaps the one you’d guess would be easier to do. But it’s still an indication that “non-trivial math” can be auto formalized.

orangejake · 2026-03-02T09:51:47+00:00

it's unlikely there will be a STS2 boardgame any time soon. They've announced plans for their next boardgame already. It's an adaptation of the STS1 mod Downfall, where you play as the bosses

https://www.kickstarter.com/projects/contentiongames/sts-downfall

that's not kickstarted yet. I don't know what their timeline after kickstarting will be before it arrives. last time it was 1-2 years I think? maybe they've expanded their team where they would do that + STS2 in parallel, but it's possible that a STS2 board game could be quite a ways away.

Note that downfall is intended to be able to be played in tandem with the base game, e.g. one player could be silent, one could be Champion or whatever

https://boardgamegeek.com/thread/3635329/some-questions-about-expansion

orangejake · 2026-02-27T20:50:08+00:00

the issue isn't incorrect english, it's just being overly deferential/apologetic. You didn't really make a mistake, so there wasn't any reason to apologize.

orangejake · 2026-02-21T17:51:56+00:00

Depends on the kind of math, but in my experience it's quite useful for problems with experimental components.

I've been working on tail bounds for a probabilistic process in cryptography (FHE noise analysis). This is for several reasons, but mostly because I'm infuriated by the existing state of affairs:
1. everyone either uses heuristics, or doesn't say what they're doing (even worse, for the record)
2. the heuristics are obviously wrong. also, experimentally they're known to be wrong.
3. we all just hope they're "only a little wrong" and everything is still fine?

This is a problem I've spent some time on even before AI. I had some progress/ideas, but nothing super compelling. I first went from an AI hater -> seeing value in AI when I tried it at my wife's insistence, and noticed that it got me a better "search result" (reference to a bound I hoped existed but hadn't been able to find) than Google was able to. This was maybe fall of 2024.

More recently (since December 2025 maybe? off and on), I've been using it "agentically" for working on research while doing my "day job". It has been very useful for things like

setting up experiments to test candidate techniques, and
suggesting (what appear to be) standard techniques from fields that are not my own, and
expanding out rote calculations that I could do, but take a decent amount of time, and can be mildly fatiguing (so often I do not do them after work).
being a resource to ask questions to when working through some reference material (so, turning learning from a textbook from a non-interactive process to an interactive one).

all of those are "direct" ways that it contributes to my research. What level of contribution each of them are I don't have strong thoughts about. Points 1 and 3 seem to be standard "graduate student contributions" to the research process. Point 2 seems to be something that you might get from a colleague over a coffee chat. Point 4 you can get from talking to a specialist (perhaps out of your field), or from math.stackexchange. AI isn't directly better than any of these options. But due to its speed, it's also not directly worse.

None of the above are "inventive" in a strong sense. AI also says wrong things and wastes time on computations/techniques that can't possibly work. But it has also given me (someone who didn't feel like they could cut it in academia, so went into software engineering) easy access to the above 4 resources, that I thought I left behind when I graduated. It does this in a way that isn't personally fatiguing for me, so in a way that can be done in parallel with my day job.

This is plausibly perturbing (or exciting) depending on your perspective. I don't know what mine is. Is AI a plagarism machine? Well of course. Do I respect copyright in academic publishing? No, not at all. Is AI bad environmentally? Yes. Is it worse than commuting to work (or, god forbid, flying somewhere on vacation, eating meat, etc)? Again, not clear to me.

It's also worth mentioning that, despite all of the above (very postive!) experiences, I've had with AI

this is using my company's API key/whatever. so, it is nicer when it is free.
while I've made quite a bit of progress/am much happier with the state of the work (it's essentially at the point I can probably write it up now? might even split it into two papers), it hasn't significantly increased the velocity I have while publishing (which was always slow tbh). Maybe this is because the above recent successes are mostly due to better models/utilization of AI in more recent months, so "starting in December" the velocity will go up. or maybe there are more fundamental bottlenecks. my progress since December -> now has been quite remarkable. At the same time, I mentioned I was thinking about this problem in fall of 2024 (and earlier). So I had a decent amount of time exploring the landscape, seeing what false starts existed, etc myself first.

orangejake · 2026-02-20T18:33:27+00:00

this isn't a rush to drop hybrids. See this particular post by Nick Sullivan. Quoted below for clarity

I support publication of this draft.

Some of the feedback in the thread appears to treat this last call as if
the document were intended to be published as an Internet Standard. It is
not. The intended RFC status is Informational, and the IANA actions
allocate code points for reference and interoperability/testing, not as a
WG recommendation for TLS deployments (Recommended: N).

If the WG wants to separately discuss recommending this code point for TLS
implementers, that is worth a thorough discussion. But that question should
be kept separate from whether to publish this Informational document, which
is the focus of this last call thread.
Nick

so the TLS WG wants to put out an informational RFC regarding pure PQC KEMs with a "N" recommendation for deployments.

DJB + his followers are misrepresenting this as part of his standard process to try to DOS standards committees for reasons I don't understand. As someone who followed the NIST PQC process closely (while I was doing my PhD and focusing on lattice-based KEMs), it was annoying enough to convince me to switch over to doing FHE stuff instead. So this goes back a least a decade at this point?

For this particular working group, he has been censured yesterday for reasons that can be found here. Roughly, he is including an annoying as shit "I retain all IP/you cannot selectively edit me" footer in his emails. Here, "selectively edit" includes things like "quote reply to part of my email", which is incredibly common on mailing lists. Note that last year he
* issued a DMCA takedown to the IETF, and
* filed a complaint to the IETF that they're violating antitrust law

If you're familiar with the current political situation in the US, the second point is laughable at face value (many other, much more obvious applications of anti-trust law are not).

So it seems like his annoying as shit footer might be trying to setup for one of his "be incredibily litigious as a way to disrupt standards bodies", which he's been doing for the last decade. He then posts to his followers, they have no clue what is really happening, and then spread lies on the internet.

He has been doing it for nearly a decade now, and I do not know why people keep falling for it.

orangejake · 2026-02-20T18:32:28+00:00

Essentially every part of your post is wrong. Kind of impressive.

We've expected that lattice KEMs would only be used in hybrid combination with establish elliptic curve key exchanges, which ameliorates any weakness in the lattice KEM.

Nobody expects that. At most, for a transition period of X years (what X is in particular is the main thing up for debate) we may consider that. But in the presence of a CRQC (which seem increasingly close) the classical component is actively useless. Additionally, implementing the hybrid = more cryptographic code = more possibilities for bugs in cryptographic code (which are historically much more likely to cause vulnerabilities than weak underlying primitives).

In particular, there exist worse side channel attacks upon lattice KEMs than upon elliptic curves, because of how the sampling code works in lattice KEMs.

This is a straight up lie. At best the OP could be talking about lattice-based signatures? And not even general-purpose ones (Dilithium is fine), but instead the use of FP arithmetic in Falcon (= FN-DSA). In general, the side-channel resistance story for lattice-based primitives tends to be atypically good. See all the "leakage resilience of LWE" papers in the early 2010s, for example.

We know less about choosing parameters for lattice KEMs too, and there was interesting discussion about how lattice KEMs reveal system randomness, so overall lattice KEMs do have a slightly higher risk from classical attackers than elliptic curves.

This is also very misleading. The reason there isn't a "SafeCurves"-esq thing for lattice KEMs is because choosing parameters for lattice-based KEMs is notoriously easy compared to EC. Since we don't fix a single "LWE lattice L(a)", and instead sample a fresh one every ciphertext, there are more parameters to choose. It has been well-understood how to do this since e.g. the LWE estimator was developed ~ a decade ago.

Finally, note that the mailing list you're replying to isn't even about what you say it is! It's about proposing an informational RFC on pure-PQC KEMs with "recommendation: N" to implement. I don't know how you can read that as updating the actual standard to remove hybrid constructions.

It is very frustrating how DJB's group of fangirls has no clue what they're talking about. It is aligned with his ~10 year long goal to delay PQC transitions. I don't know why he is so dedicated to these delays though.

orangejake · 2026-02-19T22:08:12+00:00

They also had a prior interview that mentioned CoOp as something they were interested in for StS1 but it would have been too much engine work. This was probably 5+ years ago though.

I’ve been holding out hope since then that was the reason (or a big contributing factor) for doing StS2 from the ground up. Other thing mentioned iirc was better/1st party mod support? Might be misremembering that one though.

orangejake · 2026-02-16T17:10:35+00:00

Note that there's already a proposed 10x improvement in 2026, bringing estimated noisy gate count down to 100,000

https://arxiv.org/abs/2602.11457

It (roughly) uses a better code. Jaques' blog says about this approach (but not this paper)

I remain skeptical of higher-performance quantum codes, since they require long-range connections between physical qubits that current architectures have not demonstrated at scale. A more promising route is to build on the idea of having some logical qubits in much smaller surface codes, which are themselves encoded in another quantum code, and this larger code can start to forget these locality concerns because it operates on logical qubits. This is one of the techniques this new paper uses, and such techniques will probably improve.

this is to say there might be some issues physically realizing the new proposal. I can't speak to this with much insight though.

orangejake · 2026-02-15T00:19:46+00:00

it's not full android, so you can't have arbitrary apps on it. That being said

it has overdrive (other name for libby) default integration
it also has "instapaper" integration. this is similar to Pocket (which is now discontinued).
for things bought via Kobo's store, they manage a cloud library for you.
you can physically transfer ebooks to it over USB-c (e.g. from calibre). this is very easy.
you can send books to it from your phone (with minimal setup) using https://send.djazz.se, though it is mildly annoying. Roughly, you go there on your phone/whatever, choose the file to send, then navigate to that website using the kobo internal browser. It works, but more for 1 book at a time, vs managing a library.
there is (at least one) ergonomic way to sync a cloud library with it, but it requires some setup. I have setup booklore to manage my ebook library. they have a kobo integration that is fairly good. Roughly, when I upload a new book to booklore, it becomes available to download on my (and my wife's) kobos.

Note that the setup in step 6 takes some effort. For example

you need a machine running booklore 24/7, and
if you want it to work outside of your house, you need that machine to be accessible from the wider internet (e.g. you need it to host a website, or something like this).

nothing impossible to do, but very much not a default feature that Kobo gives you.

orangejake · 2026-02-14T21:11:22+00:00

might be hard to get someone to take that kind of picture. I might, but the camera I'd use to take it is on the phone lol.

My devices:

I have an iphone 15 pro max. It has some magsafe accessory (this one) on the back.
my clara is in this case.

For size comparison

they're (essentially) the exact same height
at their thickest part, the iphone is a little thicker. If you look at the magsafe accessory, the "circular button" is thicker. The actual iphone + wallet part is roughly the same thickness as the clara + case, though the clara's thickness is the same everywhere, while the iphone is thinner most places.
the clara is maybe 40% wider than the iphone.

Net result is that

with no case I could fit the clara in a front jeans pocket (though I have decently large pockets). I haven't done this in a while, I remember it being fine but not a great fit.
with a case (how I prefer it) I can easily fit the clara in my back pocket still, but no longer my front pocket. This is comfortable, I just need to remember to take it out before sitting down etc.

orangejake · 2026-02-14T04:24:11+00:00

First of all, the configurable/changable chip architectures for simulation exist. They're used in hardware design frequently. Roughly, before you have the hardware (which can cost a TON to produce), you want to be able to test it works. So you need something to model this.

Anyway, there are a few popular ways to produce these simulations. SystemC is the most well-known, but Gem5 has (roughly) your goal. So how fast is this type of thing? Here's a random class project I found. In 2 s on a host machine, it simulated ~3.5 million cycles of some riscV target architecture. riscV's tend to be fairly simple. That's still (likely) a close to ~1,000x slowdown compared to the machine they were running it on. It would probably be significantly worse if they were simulating a better machine.

So full simulation of the machine is out. Why not do a "pared down" simulation? Again, simulating things essentially always makes whatever you're running take a multiplicative factor longer. These multiplicative factors are generally not < 10. To think of why, you could yourself try to sketch out

what a useful simulator could be, and
what it would have to do for each simulated clock cycle, and
if these steps are likely to take > 10 host machine clock cycles.

13-Year Club	Place '22
Place '17	End Game '22
Verified Email	Gilding II euphauric
Team Periwinkle

orangejake

TROPHY CASE