Since Shamir Secret Sharing is information-theoretically secure (if you do not know k points from the k-out-of-n secret then all secrets are equally plausible even when bruteforcing), the bitsize of your field can be whatever you want (but obviously bigger than the bitsize of your secret, you can't hide 100 bits in a finite field of 5 elements).

Usually, you don't want an attacker to be able to bruteforce your secret (while the scheme is ITS, your secret typically isn't, e.g. the seed of your wallet), hence randomness can be added to your secret and the bitsize of the field is taken big enough to thwart these attacks.

Depending on your attack model, an 80-bits or 128-bits field is more than secure enough, hence a share bitsize slightly above 80 or 128 bits.

And regarding quantum computer, since the scheme is ITS no attacks can exist.

Example: "I need to solve problem A. Problem A can be formulated in this way. This way is similar to a project I did a few years ago, if I remember correctly I had done B and C. However B would not work in the current situation, but would it not though? The issue is that it clashes with component X and Y. What about C? Hmm maybe but I needed approval from Z." etc. All of these thoughts are written down, without filter.

Forcing me to write down has two effects. The first one, slow down my thoughts, because discarding idea B after only 0.1 second of consideration is not productive if you do not explicitly think about why it is a bad idea, and consider the bad idea anyways. The second one is that writing down (especially manual writing and not keyboard typing, for reasons I cannot explain) allows you to think more deeply about your ideas, to envision it in different ways, not only the first way that popped to your mind. I think that keyboard writing requires too much of my brainpower compared to handwriting.

Moreover, in these sessions, having the possibility to look back to a previous idea immediately is extremely useful, and cannot be attained if you use an erasable surface rather than a notebook.

I have to say though that I very rarely look back to what I wrote after the session took place, unless I need to get back to the exact same problem.

A smoking gun would be, for instance, Facebook observing that most of their ads are scam, that the cost of fixing this exceeds by far "the cost of any regulatory settlement involving scam ads.", and to conclude that the company’s leadership decided to act only in response to impending regulatory action.

https://www.reuters.com/investigations/meta-is-earning-fortu...

Basically, the story goes that the good brahmin, for all his wealth and intelligence, is miserable, whereas the stupid beggar down the street is very happy. While the brahmin accepts that the beggar is objectively happier than him, he would never swap places with her.

It made me realise that the quest for intelligence is fundamentally different from the quest for happiness, and even to this day I still take the story in consideration when making life choices. I do not believe that intelligence forbids happiness, simply that if you spend too much time trying to be right, you don't spend enough trying to be happy. Of course trying to be right can make you happy, but in the general case you always need to remember to take a step back.

* "Rubber bouncy at Heathrow removal" on Google had 3 links, including the one about SFO from which chatGPT took a tangent. While ChatGPT provided evidence for the latest removal date being of 2024, none was provided for the lower bound. I saw no date online either. Was this a hallucination?

* A reverse image lookup of the building gave me the blog entry, but also an Alamy picture of the Blade (admittedly this result can have been biased by the fact the author already identified the building as the blade)

* The starbucks pop Google search led me to https://starbuckmenu.uk/starbucks-cake-pop-prices/. I will add that the author bitching to ChatGPT about ChatGPT hidden prompts in the transcript is hilarious.

I get why people prefer ChatGPT. It will do all the boring work of curating the internet for you, to privde you with a single answer. It will also hallucinate every now and then but that seems to be a price people are willing to pay and ignore, just like the added cost compared to a single Google search. Now I am not sure how this will evolve.

Back in the days, people would tell you to be weary of the Internet and that Wikipedia thing, and that you could get all the info you need from a much more reliable source at the library anyways, for a fraction of the cost. I guess that if LLMs continue to evolve, we will face the same paradigm shift.

But admitting FB did publicly say they manipulate their users' emotions for engagement, and a law is passed preventing that. How do you assess that the new FB algorithm is not manipulating emotions for engagement? How do you enforce your law? If you are not allowed to create outrage, are you allowed to promote posts that expose politicians corruption? Where is the limit?

Once again, I hate these algorithms. But we cannot regulate by saying "stop being evil", we need specific metrics, targets, objectives. A law too broad will ban Google as much as Facebook, and a law too narrow can be circumvented in many ways.

[0] https://www.wsj.com/tech/facebook-algorithm-change-zuckerber...

Or do we only ban websites that design their algorithms to trigger strong emotional emotions? How do you define that? Even Musk doesn't go around saying that the algorithm is modified to promote alt right, instead he pretends it is all about "bringing balance back". Furthermore, I would argue that systems based on votes such as Reddit or HN are much more likely than other systems to push such content. We could issue a regulation to ban specific platforms or websites (TikTok, X...) by naming them individually, but that would probably go against many rules of free competition, and would be quite easily circumvented.

Not that I disagree on the effect of social medias on society, but regulating this is not as easy as "let's ban the algorithm".

And since most people click on accept, websites don't really care either.

Newer regulations also mandate that "reject all cookies" should be a one click action but surprisingly compliance is low. Once again, the enemy of the customer here is the company, not the eu regulation.

Exactly. Homomorphism was first seen as a weakness in encryption, since it implies malleability. For instance, in the one-time pad encryption where you XOR your message with the secret key, flipping a bit in the ciphertext will result in same bit being flipped in the decryption. The attacker does not know what the end result is, but knows that the bit has been flipped, hence OTP encryption is malleable. This is enough for some attacks. With FHE encryption you have a bit of the same, from Enc(a) and Enc(b) it is easy to create Enc(a+b), hence is malleable too.

Cryptography uses several security levels. The top one for encryption is NM-CCA2 (non-malleability under chosen ciphertext attack). For instance, RSA-OAEP is NM-CCA2 secure. Since FHE schemes are malleable, they are not NM-CCA2 secure. However, a slightly lower security notion is IND-CPA (indistinguishability under chosen plaintext attack). FHE schemes are IND-CPA secure. Furthermore, IND-CPA security is shown to be equivalent to semantic security, which means that given a ciphertext the attacker cannot know any bit of information about the underlying cleartext.

Hence, FHE schemes guarantee that for all the ciphertexts they receive, the attacker cannot know anything about the underlying cleartexts. You can run a ton of operations on the ciphertexts, let's say run a homomorphic LLM, the attacker will still have no idea about what the final output is. Hence, in the model where you consider that the attacker has full control over the LLM, will behave honestly but will try to learn your secrets, you are fine. However, in the model where an attacker runs a MITM and just wants to disrupt the numbers you get back from the LLM, then you are not fine, since this encryption is malleable (in theory we could add some verifiable execution proofs but that is another topic).

As you say, everything is a tradeoff.

The first FHE scheme required keys of several TB/PB, bootstrapping (an operation that is pivotal in FHE schemes, when too many multiplications are computed) would take thousands of hours. We are now down to keys of "only" 30 MB, and bootstrapping in less than 0.1 second.

Hopefully progress will continue and FHE will become more practical.

Comments URL: https://news.ycombinator.com/item?id=43642480

Points: 3

# Comments: 2

A few years ago Excel and some other softwares started to be locale dependent and I never wanted to burn my computer this much

Have you heard of Australia? https://www.sydney.edu.au/news-opinion/news/2018/03/13/gun-l...

Only for big enough apartments. 20m² appartements do not go for under 850€, ie around 42€/m². Granted these flats are too small to even have a laundry machine, let alone a laundry folding robot.