Prev: Binary code
Next: question about the Secure Remote Password protocol
From: Joseph Ashwood on 5 Apr 2010 15:10
"Pubkeybreaker" <pubkeybreaker(a)aol.com> wrote in message
news:6ac82392-09d2-429f-b0a6-dd018805831e(a)n6g2000vbf.googlegroups.com...
> "appears to be" is so poorly defined as to
> be meaningless. A layman would interpret "appears to be" as "there
> is
> evidence that the following statement is true".
>
> No such evidence exists.

Other than 2 decades of work, other than every algorithmic optimization on
the nfs-like algorithms, other than even before nfs the algorithms having
close asymptopes. So other than the obviousness of their continual
inter-twining, and the current state of knowledge, and the consistent
matched progess, I'm sure you can claim all you want about there being no
evidence.

> It is not known whether the two problems are P-time equivalent, and
> they do
> NOT "appear to be" so. There is one instance of the DLP which, if it
> runs quickly,
> also means that we can factor quickly.

It has been well established on both sides that a proof exists to prove that
IFP is no more complex than DLP, there is no point in continuing to cling to
that argument.

> There is NO indication
> (except to someone
> as ignorant as you) that factoring quickly leads to a fast method for
> DLP.

Well I suppose if one were inclined to dismiss the last 2 decades or
research, that argument could be made. However, I am not so inclined. At the
current state of knowledge for the last roughly 2 decades it has been the
case that the same algorithm (barring some special optimizations) is the
best known for both problems, and as with any system where it converges, it
is likely to continue to remain converged.

You can continue with your statements, your inability to extrapolate, your
inability to understand the impact of your life's work, I will choose a
different path.
Joe

From: Scott Fluhrer on 5 Apr 2010 15:54

"Joseph Ashwood" <ashwood(a)msn.com> wrote in message
news:D8gun.72192$NH1.50055(a)newsfe14.iad...
> "Pubkeybreaker" <pubkeybreaker(a)aol.com> wrote in message
> news:61ac9911-485d-4f2f-be17-63e8715805fe(a)q23g2000yqd.googlegroups.com...
>> On Apr 2, 8:44 am, "Joseph Ashwood" <ashw...(a)msn.com> wrote:
>>> "Pubkeybreaker" <pubkeybrea...(a)aol.com> wrote in message
>>>
>>> news:7a919ab3-c0c9-4e9e-b3ec-59187f09909f(a)h27g2000yqm.googlegroups.com...
>>>
>>> > Idiot. You have no idea what you are talking about.
>>>
>>> > What you posted "isn't even wrong".
>>>
>>> In that case lets step though the "isn't even wrong," step me when I
>>> lose
>>> you. Of course I could just go back to my original statement "a fast
>>> factoring algorithm will probably not only fell RSA, but also DH,
>>> ElGamal and related technologies" which all have known orders but
>>> where's
>>> the fun in that?
>>
>>
>> You also said:
>>
>> appears to be
>
>> And this is grossly wrong. They are NOT known to be polynomially
>> equivalent.
>
> Now I see where I lost you. You didn't see the "appears to be" as being
> different from "is." You should know by now that if I say "appears to be"
> I do not mean "is" I mean "appears to be"
>
> So exactly where did I actually claim that are polynomially equivalent?
> You'll find I never did, I said they "appear" to be, I said that with
> current algorithms they are,

Actually, Bob is right here. They are not polynomially equivilent with
current algorithms. Polynomially equivilent doesn't mean 'can be solved in
the same O() time', and it doesn't mean that they can be solved with similar
algorithms. Instead, it means that 'given an oracle to one, you can solve
the other in polynomial time'. As Bob points out, that's not known (and we
have no evidence of that).

I suspect what you mean is 'many of the algorithms we have that factor can
be tweaked to solve the integer DLP problem as well; hence if we come up
with a fast algorithm for factoring, it's possible that the algorithm can
also be tweaked to solve integer DLP'. That reasonable as far as it goes
(but note, not all fast factorization algorithms can be tweaked for DLP,
consider ECM), but that's as strong as a statement as we can currently make.

> etc, but I never actually stated they are proven to be the same.
>
> I still stand by the statement, integer DLP and IFP appear to be
> polynomially equivalent, the next evolution in the algorithmic progress
> may separate them again, but for now they appear to be polynomially
> equivalent.

What definition of 'polynomially equivalent' are you using?

--
poncho


From: Pubkeybreaker on 9 Apr 2010 14:10
On Apr 5, 3:10 pm, "Joseph Ashwood" <ashw...(a)msn.com> wrote:
> "Pubkeybreaker" <pubkeybrea...(a)aol.com> wrote in message

> You can continue with your statements, your inability to extrapolate, your
> inability to understand the impact of your life's work, I will choose a
> different path.


Your path is one of ignorance.

I note that you still have not replied to my request for you to
show how a P-time oracle for IFP can be used for prime order group
DLP. You
continue to assert that it can.

What? No pithy comeback?
From: Joseph Ashwood on 10 Apr 2010 00:09
On Apr 9, 11:10 am, Pubkeybreaker <pubkeybrea...(a)aol.com> wrote:
> On Apr 5, 3:10 pm, "Joseph Ashwood" <ashw...(a)msn.com> wrote:
>
> > "Pubkeybreaker" <pubkeybrea...(a)aol.com> wrote in message
> > You can continue with your statements, your inability to extrapolate, your
> > inability to understand the impact of your life's work, I will choose a
> > different path.
>
> Your path is one of ignorance.
>
> I note that you still have not replied to my request for you to
> show how a P-time oracle for IFP can be used for prime order group
> DLP.  You
> continue to assert that it can.
>
> What? No pithy comeback?

We seem to be back to your insistence that I claimed the equivalence
is mathematically proven. I have never claimed this. To quote my
actual claims:
DLP ... appears to be ... equivalent to IFP

a fast factoring algorithm will probably not only fell RSA, but also
DH,
ElGamal and related technologies

proof only goes one direction time(DLP) >= time(IFP)

it currently appears that [IFP and DLP] may in fact be equivalent


So where exactly do I claim their proven equivalence?

Now, since I never claimed what you repeatedly mistakenly believe I
claimed, I really don't see any reason to reply further unless you
actually have anything other than insults to fling. But then again,
all you've ever had in this conversation was self-righteous
indignation, and a mistaken belief that "appears to be" has to mean
"mathematically proven" so I'm not expecting much.
Joe
From: Pubkeybreaker on 10 Apr 2010 15:20
On Apr 10, 12:09�am, Joseph Ashwood <ashw...(a)msn.com> wrote:
> On Apr 9, 11:10�am, Pubkeybreaker <pubkeybrea...(a)aol.com> wrote:
>
> > On Apr 5, 3:10�pm, "Joseph Ashwood" <ashw...(a)msn.com> wrote:
>
> > > "Pubkeybreaker" <pubkeybrea...(a)aol.com> wrote in message
> > >

>
> > Your path is one of ignorance.
>
> > I note that you still have not replied to my request for you to
> > show how a P-time oracle for IFP can be used for prime order group
> > DLP. �You
> > continue to assert that it can.
>
> > What? No pithy comeback?
>
> We seem to be back to your insistence that I claimed the equivalence
> is mathematically proven. I have never claimed this. To quote my
> actual claims:
> DLP ... appears to be ... equivalent to IFP


Weasel words.

You kept arguing, REPEATEDLY, when I and others told you that you
were wrong.

And your comment that I quoted above:

"You can continue with your statements, your inability to extrapolate,
your
> > > inability to understand the impact of your life's work, I will choose a
> > > different path."

implies STRONGLY that you stand by your original erroneous assertion.

I have seen many of your posts over the years. You have repeatedly
made
many erroneous and ignorant assertions.

When are you going to shut up until you learn this subject?

First  |  Prev  | 
Pages: 1 2 3
Prev: Binary code
Next: question about the Secure Remote Password protocol