Cardano : Xmas blown, other statements

Thursday, 19 December, Year 5 d.Tr. | Author: Mircea Popescu

To get that out of the way : we won't be making Christmas.

And now that that's settled, let's go into a little context. Two months ago, when this product was announced, having a company started from scratch design, manufacture and deliver to customers a USB widget made from scratch in two months seemed like insanity.i The reason it seemed like insanity is because it was insanity.

That said, we both believed it is possible. This may be the result of our being young and brash, to avoid saying stupid. On the other hand, it may also be the result of reasonable thinkingii . It is your job, as an investor, to decide which of the two alternatives is more likely, and to price them accordingly, so give this matter some honest thought.iii I can assure you spending that time thinking through this particular instance is worth it, because this is exactly how S.NSA is going to be run for the forseeable future : we won't shy away from pursuing the possible, even if it's insanity.

That said, let me underscore that we could have definitely made Christmas if we weren't delivering the Cardano. Which is to say, if we were willing to compromise on quality and security, we could have sent to market a product which, for the vast majority of the usersiv , would have been indistinguishable from the promised Cardano.

Instead, the RNG was tested and retested and assembled and disassembled and reassembled and so on to the point where we are now deriving 7.999989 bits of entropy per bytev Out of (2013年12月19日 削除) Avalanche (削除ここまで) Johnson noise boards. Every single part of the design has been individually tested, under a microscope, with probes, with other probes and with third probes. No Stone unturnAd!

We've also had some minor friction with the difficulties of operating in the real world, such as suppliers taking time to deliver, and shipping of physical objects not being instantaenous and laser coolant hoses bursting open and sprinkling antifreeze all over the floor, of course. It would be completely disingenuous to claim that these have much to do with the delays in production however : the problems we face are chiefly of our own creation, and principally to be found in our own minds. Which is exactly as it should be.

We're now shooting for January. Which, after all, is barely two weeks away from last October.

———
  1. As per teh logs :

    mike_c Another question you won't answer yet (even though potential investors would love to know), target release date? 2013? 14? 15? Well, not 13.

    mircea_popescu Should be here before Xmas, so you can all make nice gifts to people.
    mike_c No way. Wow.

    []

  2. Something like this : inasmuch as it is possible and catching the Christmas shopping season is a great thing, we should try for it. Well managed stakeholder expectations should keep blowback to a minimum in case of failure. Supposedly we have exceptional, unmatched strengths in PR, which we now have an opportunity to test, which is valuable.

    As an aside : this sort of comment, as to the form but more importantly as to the substance, is not what you'd ever find in common corporate communications, whether they come from the fiat world or from the feeble attempts of the Obsequious Party to transpose all that broken crap into Bitcoin. You traditionally just don't get to see what management was thinking, what the failures were and how they worked and why, but instead get fed a bunch of crap. Breaking with this tradition is quite deliberate innovation on my part, and if yet poorly understood nevertheless in my estimation is a historical shift. For a more in depth discussion of the PR side of things, see the Strategic superiority, a saga article with its follow-ups. []

  3. If you thought the life of the investor is an easy life, just waiting by the poolside for the dividends to roll in, you've been watching too many bad music videos. The life of the investor is the hardest of all, because what he does all day is try to the best of his ability to answer such fundamentally imponderable questions as exemplified above, his work is never done and the welfare of the entire world - especially of those who aren't investors - rests on his shoulders and depends on the overall, aggregated corectness of the answer he gives. It's a big responsibility, being rich, and I would like to take this opportunity to request all those who aren't to observe a moment of silent meditation on the relative importance for them, personally, of all the people that are. Thank you. []
  4. Take this confused fellow as a fine example. No, he doesn't know he's confused, which is exactly what makes the substitution trick so easy, which is generally why the quality of products, and by extension the quality of life, has been collapsing everywhere in the "civilised" world for decades.

    People obviously don't have the time and the resources to put every tomato or flashlight they ever buy through a mass spectrometer and so on and so forth. It's not practical to even contemplate. Nevertheless, this intellectual abdication turning the customer into the consumer is (along with the equivalent intellectual abdication turning the investor into the muppet) chiefly responsible for the sorry state of the world around us today. No, voting doesn't even enter into it, politics is the fifth wheel while economy drives and rules society.

    What to do ? I don't know. []

  5. The most recent ent :

    Entropy = 7.999989 bits per byte.
    Optimum compression would reduce the size of this 17890816 byte file by 0 percent.
    Chi square distribution for 17890816 samples is 274.35, and randomly would exceed this value 19.34 percent of the times.
    Arithmetic mean value of data bytes is 127.5142 (127.5 = random).
    Monte Carlo value for Pi is 3.140690093 (error 0.03 percent).
    Serial correlation coefficient is 0.000254 (totally uncorrelated = 0.0).

    Did you even know this is possible ? Or can you name anyone who comes within two degrees of magnitude ?

    Diehard, since we're on the topic : 

    #=============================================================================#
# dieharder version 3.31.1 Copyright 2003 Robert G. Brown #
#=============================================================================#
 rng_name | filename |rands/second|
 file_input_raw| stereo_z_2_dec| 3.20e+07 |
#=============================================================================#
 test_name |ntup| tsamples |psamples| p-value |Assessment
#=============================================================================#
 diehard_birthdays| 0| 100| 100|0.50177596| PASSED
 diehard_operm5| 0| 1000000| 100|0.00000129| WEAK
 diehard_rank_32x32| 0| 40000| 100|0.10522613| PASSED
 diehard_rank_6x8| 0| 100000| 100|0.09924189| PASSED
 diehard_bitstream| 0| 2097152| 100|0.62514006| PASSED
 diehard_opso| 0| 2097152| 100|0.01224782| PASSED
 diehard_oqso| 0| 2097152| 100|0.02183151| PASSED
 diehard_dna| 0| 2097152| 100|0.49474823| PASSED
diehard_count_1s_str| 0| 256000| 100|0.06220408| PASSED
diehard_count_1s_byt| 0| 256000| 100|0.20098611| PASSED
 diehard_parking_lot| 0| 12000| 100|0.95702998| PASSED
 diehard_2dsphere| 2| 8000| 100|0.33022998| PASSED
 diehard_3dsphere| 3| 4000| 100|0.98402101| PASSED
 diehard_squeeze| 0| 100000| 100|0.00058302| WEAK
 diehard_sums| 0| 100| 100|0.28755272| PASSED
 diehard_runs| 0| 100000| 100|0.05038667| PASSED
 diehard_runs| 0| 100000| 100|0.09322646| PASSED
 diehard_craps| 0| 200000| 100|0.00004705| WEAK
 diehard_craps| 0| 200000| 100|0.01334599| PASSED
 marsaglia_tsang_gcd| 0| 10000000| 100|0.00000000| FAILED
 marsaglia_tsang_gcd| 0| 10000000| 100|0.00000000| FAILED
 sts_monobit| 1| 100000| 100|0.51032516| PASSED
 sts_runs| 2| 100000| 100|0.84314525| PASSED
 sts_serial| 1| 100000| 100|0.65788129| PASSED
 sts_serial| 2| 100000| 100|0.91677515| PASSED
 sts_serial| 3| 100000| 100|0.37269191| PASSED
 sts_serial| 3| 100000| 100|0.94573382| PASSED
 sts_serial| 4| 100000| 100|0.43436523| PASSED
 sts_serial| 4| 100000| 100|0.04859885| PASSED
 sts_serial| 5| 100000| 100|0.29535662| PASSED
 sts_serial| 5| 100000| 100|0.62491480| PASSED
 sts_serial| 6| 100000| 100|0.99374970| PASSED
 sts_serial| 6| 100000| 100|0.65111035| PASSED
 sts_serial| 7| 100000| 100|0.13202759| PASSED
 sts_serial| 7| 100000| 100|0.07121462| PASSED
 sts_serial| 8| 100000| 100|0.64145643| PASSED
 sts_serial| 8| 100000| 100|0.41803955| PASSED
 sts_serial| 9| 100000| 100|0.69706086| PASSED
 sts_serial| 9| 100000| 100|0.97987919| PASSED
 sts_serial| 10| 100000| 100|0.03635437| PASSED
 sts_serial| 10| 100000| 100|0.17417466| PASSED
 sts_serial| 11| 100000| 100|0.45122427| PASSED
 sts_serial| 11| 100000| 100|0.86268254| PASSED
 sts_serial| 12| 100000| 100|0.20714322| PASSED
 sts_serial| 12| 100000| 100|0.56859750| PASSED
 sts_serial| 13| 100000| 100|0.54336148| PASSED
 sts_serial| 13| 100000| 100|0.43241228| PASSED
 sts_serial| 14| 100000| 100|0.74077925| PASSED
 sts_serial| 14| 100000| 100|0.89844957| PASSED
 sts_serial| 15| 100000| 100|0.46207567| PASSED
 sts_serial| 15| 100000| 100|0.69814610| PASSED
 sts_serial| 16| 100000| 100|0.15710384| PASSED
 sts_serial| 16| 100000| 100|0.76796776| PASSED
 rgb_bitdist| 1| 100000| 100|0.16167887| PASSED
 rgb_bitdist| 2| 100000| 100|0.33520833| PASSED
 rgb_bitdist| 3| 100000| 100|0.88656135| PASSED
 rgb_bitdist| 4| 100000| 100|0.96996233| PASSED
 rgb_bitdist| 5| 100000| 100|0.77656640| PASSED
 rgb_bitdist| 6| 100000| 100|0.34492309| PASSED
 rgb_bitdist| 7| 100000| 100|0.89541304| PASSED
 rgb_bitdist| 8| 100000| 100|0.72937297| PASSED
 rgb_bitdist| 9| 100000| 100|0.52460579| PASSED
 rgb_bitdist| 10| 100000| 100|0.21435198| PASSED
 rgb_bitdist| 11| 100000| 100|0.75576751| PASSED
 rgb_bitdist| 12| 100000| 100|0.97690207| PASSED
rgb_minimum_distance| 2| 10000| 1000|0.03806057| PASSED
rgb_minimum_distance| 3| 10000| 1000|0.08314313| PASSED
rgb_minimum_distance| 4| 10000| 1000|0.00122756| WEAK
rgb_minimum_distance| 5| 10000| 1000|0.21491370| PASSED
 rgb_permutations| 2| 100000| 100|0.00096420| WEAK
 rgb_permutations| 3| 100000| 100|0.89350849| PASSED
 rgb_permutations| 4| 100000| 100|0.43208314| PASSED
 rgb_permutations| 5| 100000| 100|0.63790685| PASSED

    Compare this to the results of a similar-sized 32 Mb samble obtained from Fourmilab's HotBits :

    #=============================================================================#
# dieharder version 3.31.1 Copyright 2003 Robert G. Brown #
#=============================================================================#
 rng_name | filename |rands/second|
 file_input_raw| FourmilabHotBits.32| 3.16e+07 |
#=============================================================================#
 test_name |ntup| tsamples |psamples| p-value |Assessment
#=============================================================================#
 diehard_birthdays| 0| 100| 100|0.97810207| PASSED
 diehard_operm5| 0| 1000000| 100|0.00000001| FAILED
 diehard_rank_32x32| 0| 40000| 100|0.00000000| FAILED
 diehard_rank_6x8| 0| 100000| 100|0.22585977| PASSED
 diehard_bitstream| 0| 2097152| 100|0.05263876| PASSED
 diehard_opso| 0| 2097152| 100|0.00000164| WEAK
 diehard_oqso| 0| 2097152| 100|0.00018452| WEAK
 diehard_dna| 0| 2097152| 100|0.07343064| PASSED
diehard_count_1s_str| 0| 256000| 100|0.61838852| PASSED
diehard_count_1s_byt| 0| 256000| 100|0.00001355| WEAK
 diehard_parking_lot| 0| 12000| 100|0.91059716| PASSED
 diehard_2dsphere| 2| 8000| 100|0.02680202| PASSED
 diehard_3dsphere| 3| 4000| 100|0.27168254| PASSED
 diehard_squeeze| 0| 100000| 100|0.00000000| FAILED
 diehard_sums| 0| 100| 100|0.06910440| PASSED
 diehard_runs| 0| 100000| 100|0.44680796| PASSED
 diehard_runs| 0| 100000| 100|0.98000201| PASSED
 diehard_craps| 0| 200000| 100|0.00000019| FAILED
 diehard_craps| 0| 200000| 100|0.00005416| WEAK
 marsaglia_tsang_gcd| 0| 10000000| 100|0.00000000| FAILED
 marsaglia_tsang_gcd| 0| 10000000| 100|0.00000000| FAILED
 sts_monobit| 1| 100000| 100|0.92548082| PASSED
 sts_runs| 2| 100000| 100|0.00000000| FAILED
 sts_serial| 1| 100000| 100|0.69456066| PASSED
 sts_serial| 2| 100000| 100|0.00022837| WEAK
 sts_serial| 3| 100000| 100|0.00006475| WEAK
 sts_serial| 3| 100000| 100|0.46187750| PASSED
 sts_serial| 4| 100000| 100|0.00001796| WEAK
 sts_serial| 4| 100000| 100|0.04192517| PASSED
 sts_serial| 5| 100000| 100|0.00000000| FAILED
 sts_serial| 5| 100000| 100|0.00761729| PASSED
 sts_serial| 6| 100000| 100|0.00000137| WEAK
 sts_serial| 6| 100000| 100|0.49123670| PASSED
 sts_serial| 7| 100000| 100|0.00007570| WEAK
 sts_serial| 7| 100000| 100|0.59487738| PASSED
 sts_serial| 8| 100000| 100|0.05402529| PASSED
 sts_serial| 8| 100000| 100|0.84722663| PASSED
 sts_serial| 9| 100000| 100|0.00784684| PASSED
 sts_serial| 9| 100000| 100|0.48566666| PASSED
 sts_serial| 10| 100000| 100|0.04599012| PASSED
 sts_serial| 10| 100000| 100|0.56543996| PASSED
 sts_serial| 11| 100000| 100|0.53070228| PASSED
 sts_serial| 11| 100000| 100|0.03605884| PASSED
 sts_serial| 12| 100000| 100|0.47944178| PASSED
 sts_serial| 12| 100000| 100|0.30283293| PASSED
 sts_serial| 13| 100000| 100|0.31824257| PASSED
 sts_serial| 13| 100000| 100|0.47247814| PASSED
 sts_serial| 14| 100000| 100|0.78559973| PASSED
 sts_serial| 14| 100000| 100|0.88459449| PASSED
 sts_serial| 15| 100000| 100|0.98743522| PASSED
 sts_serial| 15| 100000| 100|0.86360229| PASSED
 sts_serial| 16| 100000| 100|0.51008511| PASSED
 sts_serial| 16| 100000| 100|0.12008057| PASSED
 rgb_bitdist| 1| 100000| 100|0.99137592| PASSED
 rgb_bitdist| 2| 100000| 100|0.00025939| WEAK
 rgb_bitdist| 3| 100000| 100|0.11368193| PASSED
 rgb_bitdist| 4| 100000| 100|0.00024729| WEAK
 rgb_bitdist| 5| 100000| 100|0.80461904| PASSED
 rgb_bitdist| 6| 100000| 100|0.61728343| PASSED
 rgb_bitdist| 7| 100000| 100|0.00326461| WEAK
 rgb_bitdist| 8| 100000| 100|0.31193867| PASSED
 rgb_bitdist| 9| 100000| 100|0.72468779| PASSED
 rgb_bitdist| 10| 100000| 100|0.85652228| PASSED
 rgb_bitdist| 11| 100000| 100|0.59083335| PASSED
 rgb_bitdist| 12| 100000| 100|0.98879788| PASSED
rgb_minimum_distance| 2| 10000| 1000|0.00544199| PASSED
rgb_minimum_distance| 3| 10000| 1000|0.12709516| PASSED
rgb_minimum_distance| 4| 10000| 1000|0.00000006| FAILED
rgb_minimum_distance| 5| 10000| 1000|0.00000483| WEAK
 rgb_permutations| 2| 100000| 100|0.19688334| PASSED
 rgb_permutations| 3| 100000| 100|0.02445464| PASSED
 rgb_permutations| 4| 100000| 100|0.15673912| PASSED
 rgb_permutations| 5| 100000| 100|0.27246398| PASSED

    Sum-up : 73 tests performed. Cardano RNG : Failed 2, Weak 5, Passed 66. Radioactive decay : Failed 9, Weak 13, Passed 51. Now go take your current entropy source, put it through diehard and see what happens. []

Category: S.NSA
Comments feed : RSS 2.0. Leave your own comment below, or send a trackback.

6 Responses

  1. Does anything ever pass marsaglia_tsang_gcd anyway?

  2. 2
    Mircea Popescu
    Thursday, 19 December 2013

    Not afaik.

  3. Speak of security and encription.. :

    http://www.cs.tau.ac.il/~tromer/acoustic/

    Said problem has been promptly fixed in the GnuPG package

    http://lists.gnupg.org/pipermail/gnupg-devel/2013-December/028102.html

    Wondering if your product needs to consider the implications of the said paper.

  4. 4
    Mircea Popescu
    Friday, 20 December 2013

    To quote the chan,

    00:50:50 (BingoBoingo> ;;later tell asciilifeform The Cardano is going to be soundproof, right? http://it.slashdot.org/story/13/12/18/2122226/scientists-extract-rsa-key-from-gnupg-using-sound-of-cpu
    00:50:51 (gribble> The operation succeeded.
    00:50:51 (mikaeldice> A tiny bounty, but no entry fees. I don't want to take people's money, even if it'd make the challenge more interesting. At the same time, with little to gain, I would make the bounty much smaller
    00:52:03 (mike_c> the gain is proof of your system, right? unless you are expecting to get hacked and the gain is for you to learn about holes.
    00:53:03 (asciilifeform> BingoBoingo: this attack is simply a variant of the traditional 'Differential Power Analysis'
    00:53:15 (mikaeldice> Dual purpose: If nobody hacks it, this adds evidence of 'sufficiency' with the security, and if someone does hack it then I can patch the holes and reinit the prize until no more holes are found
    00:53:17 (BingoBoingo> Ah
    00:53:20 (asciilifeform> the sound is coming from the power supply inductor
    00:53:49 (asciilifeform> this is really from the fact that a pc cpu is a monster hog
    00:54:23 * lewicki (~lewicki@unaffiliated/lewicki) has joined #bitcoin-assets
    00:54:26 (asciilifeform> and typically exists in one of two states - 'halt', with reduced power draw, and 'run' (interrupt throws cpu out of halt state.)
    00:54:42 (asciilifeform> idle loop in modern os scheduler sits the cpu in 'halt'
    00:56:08 (asciilifeform> virtually any device containing a switched power supply 'hisses' this way
    00:56:55 (asciilifeform> there are no inductors (switching power supply or otherwise) in cardano...
    00:57:41 (asciilifeform> nor is the 'low power state' feature of the microcontroller made use of; nor is there an operating system, in the usual sense, or a scheduler...
    00:58:10 * Duffer1 (~chatzilla@c-98-232-231-188.hsd1.or.comcast.net) has joined #bitcoin-assets
    00:58:10 (the20year2> mikaeldice: for us it was just a way to crowdsource funding on something that traditional investors wouldn't bite into
    00:59:29 (the20year2> The hope/assumption in the beginning was that we would be able to outpace the appreciation of bitcoin through the way we are handling real estate. Growth has been fantastic, but it hasn't outpaced bitcoin like we'd hoped. So, then the hope later on, and it hasn't come to fruitition was a reverse hedge against BTC.USD drops like what we've been seeing. I tried to get investments again when BTC hit 1200ドル and few I talked
    00:59:57 (assbot> [MPEX] [S.MPOE] 10724 @ 0.00090502 = 9.7054 BTC [-]
    01:00:58 (assbot> [HAVELOCK] [AM1] 1 @ 0.27 BTC [+]
    01:03:00 (assbot> [MPEX] [S.MPOE] 45400 @ 0.0009093 = 41.2822 BTC [+] {5}
    01:04:02 (zz_> asiclifeform: isn't the CPU running at a few Ghz, while sound (20Khz? What exactly would the cellphone pick up?
    01:05:33 (mike_c> that is actually the crux of the paper.
    01:05:43 (asciilifeform> zz_: it's picking up 'idle' vs 'halted'
    01:05:51 (asciilifeform> from which one can deduce execution path.
    01:05:59 (asciilifeform> this is a variation on the old theme of cache probe attack
    01:06:07 (assbot> [MPEX] [S.MPOE] 8950 @ 0.00090502 = 8.0999 BTC [-]
    01:06:07 (asciilifeform> (as noted in the paper)
    01:06:59 * nubbins` (~nubbins`@stjhnf0148w-142134201245.dhcp-dynamic.FibreOp.nl.bellaliant.net) has joined #bitcoin-assets
    01:07:00 (zz_> didn't read the PDF. Guess that would help.
    01:07:27 (mike_c> tldr: "In a nutshell, the key extraction attack relies on crafting chosen ciphertexts that cause numerical
    01:07:27 (mike_c> cancellations deep inside GnuPG’s modular exponentiation algorithm. This causes the special value
    01:07:27 (mike_c> zero to appear frequently in the innermost loop of the algorithm, where it afects control fow. A single
    01:07:28 (mike_c> iteration of that loop is much too fast for direct acoustic observation, but the efect is repeated and
    01:07:28 (mike_c> amplifed over many thousands of iterations, resulting in a gross leakage effect that is discernible in the
    01:07:28 (mike_c> acoustic spectrum over hundreds of milliseconds"
    01:07:49 (mike_c> that pasted poorly
    01:08:22 (asciilifeform> the bit about leaking electrolytic caps 'buzzing' is unsurprising.
    01:09:04 (mike_c> so the good news, as far as i can tell, is that you have to be decrypting a known, specially crafted message.
    01:09:43 (asciilifeform> 'More generally, we observed strong positive correlation between machine
    01:09:43 (asciilifeform> age, in terms of calendar time and usage, and the cryptanalytic usefulness of their acoustic emanations.'
    01:10:15 (asciilifeform> that statement, even if true - i can almost see the censor's red ink slipping that in.

  1. [...] were you looking for people with tech expertise or with complaint expertise ? anyway, http://trilema.com/2013/cardano-xmas-blown-other-statements/ footnote 5 prolly of most interest to you Rassah: mircea_popescu: Typically they are one and the [...]

  2. [...] of the numerous prototypes as well as all the labour that went into creating this jewel (for it is a jewel) will not be invoiced, on the rationale that tracking all the respective numerous things would add [...]

Add your cents! »
    If this is your first comment, it will wait to be approved. This usually takes a few hours. Subsequent comments are not delayed.

AltStyle によって変換されたページ (->オリジナル) /