hi in \monero\external\supercop\crypto-sign\ed25519 there are two implementations:

- amd64-51-30k

- amd64-64-24k

What is the difference?

sech1 maybe you know?

<v​tnerd:monero.social> One uses 51bit limbs with a 30k precomputation table, and the other uses 64 bit limbs with a 24k precomputation table. They have different performance characteristics on different cpus. The larger table thrashes the cache more, but has less less overflow scenarios on 64 bit integers

<v​tnerd:monero.social> There's a utility to benchmark the two to determine which is best for your cpu

Are both implementations for linux only?

Or maybe only for AMD cpu's?

<v​tnerd:monero.social> They are for x86-64 only, so amd and Intel. It is currently limited to system V calling convention due to assembly files. So it could work on Linux, bsd, and macos - let me check what systems it is currently enabled for though

<v​tnerd:monero.social> They should be enabled for bsd and macos as well. Only windows builds should be omitted right noe

<v​tnerd:monero.social> *now

There is also an implementation in src\crypto\crypto.cpp which implementation is it?

64bit limbs right?

<v​tnerd:monero.social> No that is basically "ref10" which has 32bit limbs and 32 bit integers

hmm

<v​tnerd:monero.social> I'm planned (at some point) a donna64 investigation for use in LWS scanning - it should see speed improvements on all 64 but processors and oses

Which implementation would be faster if the CPU supports it?

64bit limbs?

<v​tnerd:monero.social> *bit

<v​tnerd:monero.social> Yes. You can test the speed difference with the benchmark utility - it provides comparisons against each 64 bit implementation and the basic ref10/32bit implementation

Where do I find the benchmark utility?

<v​tnerd:monero.social> I forget the speed difference, let me see if it's in the notes somewhere

Yes please

Both 51limbs and 64bit limbs should be faster than the 32bit limb implementation as long as the CPU supports 64bit integers, I assume.

vtnerd still there?

<v​tnerd:monero.social> Yes. The benchmark utility is built with the tests - or `make monero-wallet-crypto-bench`. Look in the `tests/` folder of the cmake output directory for the executable with the same name.

<v​tnerd:monero.social> monero-project/monero #6337

I currently have some issues with vscode cmake. Can you show me your benchmark results?

Ah, it looks like there is a benchmark

<v​tnerd:monero.social> Just did, look in the above link for results with a Ryzen 3900x. It's ~146% slower to use the 32bit code. The real scan time was improved by 28%

<v​tnerd:monero.social> We didn't see optimal gains because of how the blocks are fetched, something the new scanner for fcmp++ should improve further

I see, thanks

where can I find the new scanner for fcmp++?

<v​tnerd:monero.social> Uh, it's really not available yet. I guess you could look in jbermans repo

<v​tnerd:monero.social> The latest is here github.com/j-berman/monero

<v​tnerd:monero.social> There's also github.com/seraphis-migration/monero

<v​tnerd:monero.social> I'm not sure of the status of either repo tbh, jberman would probably be the best contact for that

where are the main changes?

<v​tnerd:monero.social> His irc handle is the same

<v​tnerd:monero.social> You'd have to ask him directly, I'm not sure which of his branches is the best. The earlier ones with `seraphis` in the name wouldve been the related ones, but he may have abandoned that for something involving `fcmp` in the name

ahh ok

<v​tnerd:monero.social> github.com/j-berman/monero/tree/ser…phis_lib_scanner_blockchain_scanner

Who exactly is Justin Berman?

<v​tnerd:monero.social> That branch is probably a good start until he responds. There's several folders labeled seraphis which should support "legacy" and seraphis scanning. The seraphis branches have gone stale as development shifted to something called fcmp

hmm

<v​tnerd:monero.social> A dev that is CCS funded to work on monero

<v​tnerd:monero.social> More specifically his work is now focused on integrating fcmp++ so that monero no longer uses ring signatures in favor of including all outstanding outputs as candidates for spending (similar to zcash shielded pools)

I see

What is the the issue with RingSIG?

Also is zcash not beeing spammed?

I wonder why

there is also qhasm stuff in external\supercop\ why another implementation?

<v​tnerd:monero.social> qhasm stuff? You mean in `src/amd64`? I tried to minimize changes to the supercop upstream directories, and put some new assembly files in that folder. And the assembly files are mostly copy-paste anyway

<v​tnerd:monero.social> Ring signatures have a smaller anonymity set that can theoretically be attacked if someone dominates the txes in my every block (i.e. they create lots of dummy transactions). FCMP is harder to defeat since the spend can from _any_ prior output/tx

<j​berman:monero.social> For fcmp++'s, we're implementing a merkle tree for all outputs in the chain. Full-wallet scanners need to keep track of every received output's complete path in the merkle tree (scanning isn't implemented yet)

<j​berman:monero.social> We've been discussing an optimized approach in the no-wallet-left-behind channel. @jeffro256 proposed full wallets keep a pruned tree saved

<j​berman:monero.social> I believe this can work by keeping all members of the right-most path in the tree for each block saved, up to some reorg depth

<j​berman:monero.social> I wrote up this description (slightly modified) and sent the description to @dangerousfreedom who's aiming to tackle this (it doesn't account for reorg handling as written): paste.debian.net/1324876

nice jberman

jberman where can I find the implementation for fcmp++ in your repository?

<j​berman:monero.social> the fcmp++ branch

in here right?

<j​berman:monero.social> no that branch doesn't have any fcmp related stuff implemented

<j​berman:monero.social> github.com/j-berman/monero/tree/fcmp%2B%2B

can you ahhhh

<j​berman:monero.social> this branch^ I just linked includes daemon-side changes to sync the merkle tree, no scanning or wallet-side changes implemented in there

now I see

in fcmp

jberman do you have a youtube channel by any chance explaining these implementations?

<j​berman:monero.social> however as noted in that paste I linked above, I think some functions I wrote there could be reused for wallet sync too, when it's implemented

or docs?

<j​berman:monero.social> @kayabaNerve wrote a good specification of fcmp++'s here: github.com/kayabaNerve/fcmp-ringct/blob/develop/fcmp%2B%2B.pdf

<j​berman:monero.social> section 6 includes integration-related changes. the scanner stuff is a little out of date since the discussions on the optimized approach are relatively fresh

<j​berman:monero.social> I intend to write docs explaining my implementation too soon

jberman do you have twitter or where do we get notifications about your work?

*or X

<j​berman:monero.social> we have meetings in the no-wallet-left-behind channel every Monday at 18:00 UTC, and meetings in the monero-research-lab every Wednesday at 17:00 UTC

<j​berman:monero.social> meeting logs are posted here: monero-project/meta #1045

<j​berman:monero.social> I'm not really active on twitter

jberman - noted, thanks

which CPU's work better with 64-64-24k? and which work better with 64-51-30k?

which rule determines that?

<v​tnerd:monero.social> bench.cr.yp.to/impl-sign/ed25519.html

<v​tnerd:monero.social> Typically the 64-51-30k variant is just slightly faster on some Intel cpus

<v​tnerd:monero.social> As you can see it's never by much

thanks vtnerd

so if I interpret that graph correctly the 64-64-24k variant is the best algorithm available

because it has the lowest trycycles on most cpus

(using it on a CPU in which 64-51-30k would be better would just increase the speed slightly over using 64-64-24k on these CPU's)

so I also understand from this that the 64-64-24k algorithm would also work on these CPU's

(almost as well)

<v​tnerd:monero.social> Yes, the monero wallet and the supercop cmake code default to 64-64-24k for this reason

great! I am really new to this source code, so I am learning this just now

<r​edhawk18:matrix.org> Hey is there a protocol on how to connect to a pool? Currently I'm trying to test a web socket connection but before I can even send the json needed to login the pool closes the socket. Does anyone know why this happens?

<r​edhawk18:matrix.org> I read here that everything is done with a tcp socket which is what a web socket should be so I'm confused.

<r​edhawk18:matrix.org> monero.stackexchange.com/questions/…communicate-with-a-pool/10869#10869

<r​edhawk18:matrix.org> I visited the pool channel and noticed that it wasn't really the type of discussion that would be needed to ask highly technical questions.