Skip to content

Instantly share code, notes, and snippets.

Sc00bz / adx.asm
Created March 4, 2023 02:17
"z[] += x[] * y" with ADX instruction set *untested*
# Related to
# // len(z) == len(x)... or len(z) <= len(x) and everything is based on len(z)
# // z[] += x[] * y
# // c = overflow (ie c is "z[len(z)]")
# func addMulVVW(z, x []uint, y uint) (c uint)
# {
lea RSI,[x] # RSI = "&x"
lea RDI,[z] # RDI = "&z"
Sc00bz / double-bs-speke.txt
Last active May 6, 2023 10:32
Double BS-SPEKE is an doubly augmented PAKE
Double BS-SPEKE is BS-SPEKE but with 3DH vs Noise-KN to make it a doubly
augmented PAKE. Double BS-SPEKE is the best doubly augmented PAKE that I know
of. Only problem is there are no proofs, but it's not hard to take the SPEKE
proof, add the OPAQUE proof for OPRF, and it's obvious that the doubly augmented
change makes it doubly augmented. So if anyone knows how to formally state that
in a proof, that would be awesome to have. BS-SPEKE defined on multiplicative
groups can be found here:
Sc00bz /
Created April 9, 2022 04:42
Broken Python: bytearray(), Process(), and Queue() don't like each other
# Prints "done" 4 times then doesn't exit ~50% of the time.
from multiprocessing import Process, Queue
def f(q):
while 1:
data = q.get(False)
Sc00bz / collision.php
Created March 17, 2022 16:09
HMAC-SHA1 Collision
// Collision taken from
// Outputs:
// HMAC-SHA1(key, msg1): 9b4dee1a35fc03786f1162989d1e441ba0e69f4d
// HMAC-SHA1(key, msg2): 9b4dee1a35fc03786f1162989d1e441ba0e69f4d
// HMAC-SHA256(key, msg1): e98a27bd93001cda9810b93c2191f5099817bb31f5445bc12cafd27a78cb4506
// HMAC-SHA256(key, msg2): 97aa871b175a99417f7f1c44ac2793730821caf7da697ff374c60f595ef5173a
Sc00bz / bs-speke-mg.txt
Last active April 24, 2023 10:50
BS-SPEKE is an augmented PAKE and defined on multiplicative groups
BS-SPEKE (defined on multiplicative groups)
BS-SPEKE is a modified B-SPEKE with blind salt (OPRF). Modified B-SPEKE is a
similar change from SPEKE as from SPAKE2 to SPAKE2+ to make it augmented. Doing
this saves a scalar point multiply vs original B-SPEKE with blind salt. BS-SPEKE
is the best augmented PAKE that I know of. Only problem is there are no proofs,
but it's not hard to take the SPEKE proof, add the OPAQUE proof for OPRF, and
it's obvious that the augmented change makes it augmented. So if anyone knows
how to formally state that in a proof, that would be awesome to have. BS-SPEKE
defined on ECC can be found here:
Sc00bz / cpace-mg.txt
Last active January 31, 2023 16:16
CPace is a balanced PAKE and defined on multiplicative groups
CPace (defined on multiplicative groups)
CPace is the best balanced PAKE that I know of. CPace defined on ECC can be
found here:
Costs per step
A: - *^^
B: *^ ^
Sc00bz / srp6b.txt
Last active September 21, 2024 21:22
SRP6b is an augmented PAKE
SRP is deprecated.
Use BS-SPEKE defined on multiplicative groups:
Or better BS-SPEKE defined on ECC:
Sc00bz / aucpace.txt
Created February 2, 2020 19:42
AuCPace is an augmented PAKE
AuCPace with blind salt (OPRF) is the best augmented PAKE that I know of that
comes with a proof.
Costs per step
C: H*i fffI*i*iH**[ii]
S: f*iH***[iii] f*i
*: Scalar point multiply
Sc00bz / cpace.txt
Last active October 8, 2021 17:20
CPace is a balanced PAKE
CPace is the best balanced PAKE that I know of. CPace defined on multiplicative
groups can be found here:
Costs per step
A: - fH**[ii]
B: H*i f*i
Sc00bz / Ed25519-optimization.txt
Last active December 24, 2019 15:42
Ed25519 optimization that really only helps with embedded processors
Awhile ago I found this pointless optimization for Ed25519 because it only saves a few
multiples. Also it doesn't help much unless you're on a 32bit or 8bit processor then it
kinda helps, but since you do 4x more doubles than adds it really isn't noticeable. Also
you can precalculate T*(2*-121665/121666) so it only helps on the initial 3 adds when
building 1*P, 2*P, 3*P, ... 8*P. If you store 60833*(Y-X), 60833*(Y+X), 121666*Z, 121665*T
then it's a little less work than storing Y-X, Y+X, 2*Z, k*T. Well this really only helps
if you are on an embedded processor and don't have the RAM to build the 1*P, 2*P, 3*P, ...
8*P lookup table. So it's not completely pointless.
This is from the Explicit-Formulas Database with d = -121665/121666