# Toltec Sorcery

Like any good book review ought to do, this one starts out with "here's the books I'm talking about" and "here's a way to verify you have the same ones I read".  In this case the books are decent OCR scans and so who knows, perhaps are different in more substantial ways than the few typos from other editions.  At any rate, here they are.

OK lets begin.

When discussing books about magic or sorcery, in which a student studies from masters and becomes at least somewhat proficient in the art, three sets come to mind, in order of my personal recommendation:

3) The Harry Potter Series (J.K. Rowling)
2) The Earthsea Series (Ursula LeGuin)
1) The Don Juan Series (Carlos Castenada)

Of these three, the Don Juan series stands out as by far the most interesting in my mind and it is the subject of this review.  The Harry Potter series is entertaining, well written, and I enjoyed it, but it does little to inspire the reader in other ways.  Much of the lore therein (broomsticks, gnomes, spells, potions, etc.) is quite old but the history is not explored in the books apart from using the lore itself in a modern context.  Why does the broomstick make you fly?  A reader of Harry Potter might not realize that Datura is the active ingredient which is rubbed on the broomstick and topically applied to genitalia using the stick.  OK, the movie might have a different character if this were explicit.  Flight by use of Datura is specifically addressed in book 1 of the don Juan series.

The Earthsea series has a plot very similar to Harry Potter in many ways, and is perhaps unique among these three in that much of the later action takes place away from the teachers or masters of magic as the protagonist deals with things on his own.  There is a little more interest in terms of decisions the hero (Ged) must make about when to use magic, how to overcome his troubles in personal struggles, etc.

Your first hint that the third set here stands apart from the others is that it is often found on the "New Age" shelf in bookstores rather than the "Fiction" shelf.  This is because much of the themes and discussion in the book are of what might be described as of a "self-help" nature.  How to get your life in order, how to live like a warrior, how to find your power and will, etc.  In this regard one might take the book as somewhat similar to "The Celestine Prophecy" (also found nearby in bookstores) in that the author has very interesting ideas about psychology and anthropology and uses a story to tell these ideas to the reader.  However, every book in the series (apart from the 1st perhaps) is very clear that it is about lessons in sorcery taught by a sorcerer.  The name "Toltec" first appears in the 6th book.  While the main protagonist (the teacher and man of knowledge don Juan Matus) grew up as a Yaqui indian, he is very clear that his knowledge and the teachings which are the subject of the book are not of that tradition but of a far more ancient line of knowledge.

Another thing that sets these books apart from the others is that the sorcerer's apprentice is not one of the top students.  In fact, the apprentice (in this case the author, as the book is written in the 1st person) is the worst student that his teachers have had.  The teachers, don Juan Matus and don Genaro, are generally at a loss for how power could have led them to such an inept student.  At one point don Juan says that he teaches Carlos solely for the exercise in self control required to deal with such an inept student.  This is a useful technique in the story because the reader, not being a sorceror, feels a clear sympathy with poor Carlitos.

Perhaps the most famous thing about these books is that they are the source for the Star Wars idea of "the force".  This idea was taken by George Lucas (who did site the Carlos Castenada books as the influence) directly from what don Juan calls power.  Not much of a renaming effort there, is it.  If you are familiar with "the force" you are familiar with power.  The sorcerors in these books work to learn how to listen to and use power, and how to store personal power.  You could also extend this further and say the the Jedi are Toltec Sorcerers.

There are also numerous other terms of great importance to the story which are always italicized.  The technique works well as the reader learns quickly the difference between seeing and seeing, not doing and not-doing, amongst other things.  It takes Carlos a few books to start to learn to see, a skill which enables a man of knowledge to know things directly and to observe the form of things directly.  One example is that when you see a person you see them as a luminous egg composed of luminous fibers with various characteristics depending on the health, history, and current power of the person you are looking at.  But I digress, and I don't want to spoil it for you.

It's hard to write a review of this series because it touches a lot of areas.  One could view the books as being about pedagogy, as they are about an ancient line of wisdom, how it is passed on, how even the most stubborn students can be taught, how to select students, and so on.  How it that most people will remain muggles, trapped in the 1st attention until the moment of death.

However these books could also be viewed as being about consciousness, as the lessons always revolve around a very loose "what is my concept of reality" theme.  On this topic there are a number of very useful vocabulary words introduced to describe conscious (and unconscious) thought.  The "assembly point" refers to that point (in some space) in which the signals from senses and nerve networks come together to produce a current "now" as seen by an individual.  Much of the early books talk about how the assembly point can be shifted and different perspectives reached, through the techniques taught by don Juan.

The consciousness of man is divided in to 8 components (will, feeling, dreaming, seeing, talking, reason, tonal, and nagual), and their connections drawn - these conclusions only being explicitly reached in the 5th book.  In my opinion this is a better effort than e.g. that of Freud and Jung (who is in fact mentioned once or twice) and the terms are at the very least quite useful in describing certain aspects of psychology.  Every one of these terms is expounded upon in various contexts, and applicable to many more.

Carlos Castenada uses a technique in writing these books that we might refer to as "method writing".  He uses full immersion.  He becomes the character.  The stories consumed his whole life, if we are to believe certain biographical reports.  Further, one often gets the impression that while writing earlier books he really didn't know what was going to happen later.  Much of the time don Juan and don Genaro are forced to trick Carlos, and because Carlos is tricked, the reader also is tricked.

Most reviewers were also tricked!  For example, many people imagine these books are about hallucinogenic plants.  In fact, only the first book contains lessons using peyote, datura, and the "little smoke" (a mixture containing mushrooms).  [Correction: the third book also includes some use of the "little smoke"].  These materials are referred to as "power plants".  However, if one actually reads the books it is quite clear that the sorcerer, the man of knowledge, practices his or her art in complete sobriety.  Don Juan tells Carlos "I gave you power plants because you were dumb".  Most students don't require them to move forward in their lessons.  Personally I know of no other book series so inspiring of sobriety.

Another way reviewers have been tricked is that they truly take all the stories at face value, and attempt to deny them.  "Carlos made up these characters" they say, with snide expressions on their face.  "Scam alert!".  This is comical in light of the fact that the books are more fanciful than either Harry Potter or the Wizard of Earthsea.  Strange creatures from other dimensions (the "allies" for example, which don Juan and don Genaro are able to capture in gourds and wear on their belts), repeated jumping up and down tall cliffs, being able to travel instantaneously great distances, and being in two places at once (the double), as well as thousand year old plus sorcerers all appear in these books.  And that's just getting started!  Whether these stories are "made up" is for you to decide, but it seems an odd critique.

Some reviewers also criticize the books by citing the source material which Carlos used in his research.  Apparently various Yogi texts as well as anthropological surveys were used.  Oh noes!  In my mind, this just makes the books better.  Research is not a crime.

Because there is no real "plot" in the traditional sense (no Voldemort or continuity of antagonist), and the author doesn't waste any time with adolescent bullshit like harping on sexual relationships, you can basically read these books in any order.  However you might want to read them chronologically to get the background required, though every one opens with a section to bring a reader up to speed at least enough to follow.  In my opinion the climax is reached in "Tales of Power".  Later books get more fanciful, and stay interesting, but also might be somewhat more contrived.  The "art of dreaming" is one of the wildest tales ever, right up there with the "dream quest of the unknown kadath" of HP Lovecraft.

Finally, if you do read, take special note of Genaro.  He is one of the greatest characters of all time.  He not only has remarkable superhero powers (e.g. can appear anywhere if you just "call" him) but is always smiling and a great joker, and showing his love for life and the Earth in fabulous ways.  He is an impeccable warrior.  Oh, and when he takes a shit there is thunder and the ground shakes 🙂  At one point he hides Carlos' car inside his hat.  I'll let you enjoy how that one turns out.

# It's the economy, stupid!

So many public coins out there!  Unfortunately, a lot of them have suffered from a problem of not considering the long term economics of their supply.  Even bitcoin in fact, the original public coin, leaves something to be desired in this arena.  Lets take a closer look.

The issue is the money supply, and the release thereof.  This is something called monetary policy, and with public coins this is a real thing rather than a subterfuge.  We say "real thing" because it can be verified by any observer.  How many tokens are outstanding?  What is the rate at which they are issued and the rules governing said release?  With a public coin, we answer these questions precisely.

Perhaps some examples are in order.  Ethereum has presented a novel system allowing different types of transactions which could perhaps enable a lot of neat stuff.  There has been a lot of work put into this system.  But what is the token's monetary supply curve?  The same thing Dogecoin used (and 42coin).  Large initial supply, extremely rapid falloff, followed by infinite inflation at a fixed rate thereafter.  !?!

Peercoin and Primecoin are two innovative coins, peercoin being the first proof of stake coin and primecoin being the first non-hash-based proof of work.  Brilliant work.  But what was chosen for the distribution of the supply?  An imprecise tie with a certain network parameter.  Money supply creation is likely to reduce with Moore's law, but with no definitive cap. !?!

How about bitcoin?  The first public coin caps the supply at 21 million coins and distributes them over 120 years.  Sounds much better, doesn't it!  HOWEVER, the first half of the supply was distributed in just four years, the next quarter in the next four years, and so on in a geometric series.  This distribution seems to me to be very front-weighted, heavily favoring the early adopters at the expense of later users and later coin security.

What about litecoin?  Litecoin copies exactly and with no change the release curve of bitcoin.  Namecoin also copies this monetary policy exactly.

Lets look at some extreme cases, such as Next and Ripple.  These tokens use a capped supply but released ALL the coins at once.  The release was infinitely front-weighted, or 100% premined.  Later security comes only at the will of centralization or of the wishes of bagholders to keep the network alive.

Despite the fact that pundits often complain of the front-heavy bitcoin reward curve, I know of no coin with a longer term release schedule than bitcoin.  Well, apart from woodcoin.  Woodcoin is capped at 27 million LOG but takes 250 million years to release them all.  Half the supply is released over the first 300 years.  The money supply increases logarithmically, using a harmonic series.

Another set of examples worth looking at are IGotSpots coins such as "10k" and "Balls".  These are also set-rate inflation coins with no cap (like DOGE, ETH, PPC, and many others) except the rate is extremely high - thousands of times higher.  This makes these coins demonstrate much more quickly (thousands of times more quickly) what eventually happens to a token with such a release curve.

Before we finish our examples here, lets consider two other popular coins, M0-USD and M1-USD (also known as Tide-USD and Bezel-USD).  Yes these are separate coins, as you can tell by looking at estimates of their supplies.  Note that these are estimates, because both coins are private - nobody can know how many are released.  It can take years - decades - for massive issuance to trickle down to popular markets and become visible.

Remember this stuff about supply and demand?  It turns out that supply will be important to the economics (and price) of any exchange commodity.  Certainly hype, FUD, PnD, advertising, and other factors do influence exchange prices.  But in the end, the supply itself is going to be a definitive factor.  There's no getting around that in the long term.

Coinbase security vs. limited supply

This is the tradeoff which one has to consider; which makes or breaks a public coin.  Part of the brilliance of Satoshi's bitcoin is the incentivising of transaction security with the distribution of new coin.  The coinbase rewards the miner.  If you reward the miners too much coin, there is rapid inflation of the money supply, and the value of an individual token drops.  However, if you reward them too little - they don't do enough work to secure the network against double spends.  A little over a year ago we looked at how this tradeoff affects security.

A lot of coins ignore monetary policy and focus on marketing, branding, logos, niche use, anonymity, and other things.  Private coins (fiat) hide monetary policy completely.  In the end, it will be this policy that comes back to bite us.  Coin devs and investors beware: it's the economy, stupid!

# Peter and the Wolf

"Peter and the wolf" is right up there on the list of the greatest compositions of all time.  This is one of my favorite performances of it, narrated by Ralph Richardson with the London Symphony Orchestra conducted by Malcolm Sargent.  The piece is billed as being for "Children of All Ages", and it really is.  Like all great works of art it can be appreciated at any level, from barely knowing what the instruments are to detailed harmonic analysis.  Go, try to play some of it.  You'll find it's trickier than it sounds.  For the latter, we are lucky that Prokofiev penned his own piano reduction of the piece.

Sadly in the world of orcs "children's" is a word suffix that often means "of the worst possible quality".  See "childrens TV", "childrens menu", and even "childrens music" around Isengard and Mordor to see what kind of nonsense might befall you.  Those of you who wish to escape the cycle will be therefore glad to have a gem like this one.  It can be listened to thousands of times and every one will be time much better spent than any time in front of a TV or listening to  a 1 cent transistor power a 2 cent speaker in repeated dumbed-down disneyfied approximations of music.

The scariest part is when Peter warns the bird about the cat.  Brace yourself for those orchestra and cymbal hits.  There are many short cadenzas you might not even notice in passing but which stick with you.  After the first section of the bird introducing itself, there is an absolutely beautiful four bars of Andantino, come prima which capture brilliantly the peaceful meadow.  Two solitary grace notes by the bird cap them off before we are back to Peter's frolicking.  What a flute part!  That bird is always nearby watching in almost every scene.

It's hard to criticize this thing, though it's stubborn refusal to adhere to standard form might be a bit offsetting.  The ending is foreshadowed almost exactly as the hunters come out of the woods, but then an elaborate parade is staged and Sergei goes off a bit towards the end; perhaps this walk to the zoo is a bit too much for a conservative old dwarf like myself.  At least they don't kill the wolf.  The kettle drums aren't really so scary, a poor approximation of the armed orc.  The wolf appears to be singing Peter's song, and what is up with that duck still singing from the wolf's belly as an ending?  We are overjoyed to hear the oboe again but still, what is going on here?  And where is grandfather, he appears to be part cat at the end?  It comes to an abrupt close mid-procession.  Somebody go write a sequel already!  Are there no composers among us up to this task?

# secp256k1 vs. p256

Round 1!  (pun intended)

A recent conversation brought this snippet in:

...prime256v1 is not a widely used curve for altcoins and is regarded as very unsafe to use...

Every six months or so I return to this topic and repeat the research again, similar to the way I re-derive e.g. the quadratic equation and the chain rule every six months or so just to make sure nothing has changed.  So this time I figure I should document some of the discussion for future me and other researchers to speed the process along.

The issue is why Satoshi chose to use the elliptic curve known as secp256k1 as the basis for the elliptic curve digital signature algorithm (ECDSA) proving ownership of coin in BTC, and why I chose to use a different curve (prime256v1 aka X9_62_prime256v1 aka P256).  Satoshi's choice has been the source of endless speculation in various forums, and his stated reason "It was lying around" doesn't help much.

There is a broader discussion here of digital signature algorithms in general, and why ECC should be used over the easier-to-understand RSA.  As usual with cryptography, general distrust and unknown aspects of the discussion can lead one into a rabbit hole.  Personally I like the way ECDSA lets me easily verify the entropy on key generation:  It's a lot easier for me to pick a random number between 1 and 2^256 than it is for me to pick two random 256 bit primes.  Consider that the former can be done very quickly with dice and a pencil, no further hardware required.

But lets leave that discussion aside for now.  There are a few ways to evaluate this kind of thing.  The general problem is that one can only prove a cryptosystem is broken, not that it isn't.  There are a few ways however that we can have some good evidence that a cryptosystem isn't broken:

1.  --  Reputation - some people you trust say so
2.  --  Theory - logically it can be demonstrated to be at least as hard a something else
3.  --  Observation - a lot of people (including yourself) are using it to secure valuables which hackers want

If we are true scientists, with plenty of time on our hands, we ignore reputation almost entirely, only using it as a guide for what to consider first.  Double-blind peer review is the standard with which science would be best served.  But if reputation is your cup of tea, a decent review of these curves with an eye towards what various "authorities" have stated on the matter is here:

http://infosecurity.ch/20100926/not-every-elliptic-curve-is-the-same-trough-on-ecc-security/

The conclusion there is that the woodcoin curve X9_62_prime256v1 appears better than the bitcoin curve.  Well maybe.  There is also an inverse argument which suggests that what those authorities say should be taken as implicitly false (follow the white rabbit!).

As to the theory, sadly no proofs exist (even for RSA!), but there is plenty to read on the topic and it is well worthwhile to do so.

Let's go ahead and look at the curves themselves.  Both curves have the form:

$E: y^2=x^3+ax+b (mod p)$

With a generator point (Gx, Gy), a prime order n, and an integer cofactor h.

I'll use a snippet from logaddress.org which shows all curve parameters for both curves:

ec.secNamedCurves = {
// used by Bitcoin
/*"secp256k1": function () {
// p = 2^256 - 2^32 - 2^9 - 2^8 - 2^7 - 2^6 - 2^4 - 1
var p = ec.fromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEFFFFFC2F");
var a = BigInteger.ZERO;
var b = ec.fromHex("7");
var n = ec.fromHex("FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141");
var h = BigInteger.ONE;
var curve = new ec.CurveFp(p, a, b);
var G = curve.decodePointHex("04"
+ "79BE667EF9DCBBAC55A06295CE870B07029BFCDB2DCE28D959F2815B16F81798"
return new ec.X9Parameters(curve, G, n, h);
}*/
// used by Woodcoin
"secp256v1": function () {
// p = ???
var p = ec.fromHex("FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFF");
var a = ec.fromHex("FFFFFFFF00000001000000000000000000000000FFFFFFFFFFFFFFFFFFFFFFFC");
var b = ec.fromHex("5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B");
var h = BigInteger.ONE;
var curve = new ec.CurveFp(p, a, b);
var G = curve.decodePointHex("04"
+ "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296"
+ "4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5");
return new ec.X9Parameters(curve, G, n, h);
}
};


The most obvious difference here is the a and b parameters.  The Koblitz curve has no linear paramater (a=0) and a constant parameter (b=7).  I personally have verified that this parameter is prime.  Compare this to the random parameter used in P256 (b=5AC635D8AA3A93E7B3EBBD55769886BC651D06B0CC53B0F63BCE3C3E27D2604B).  Which looks more secure upon first inspection?

This simplicity of a and b in secp256k1 leads to certain properties such as a faster-time signature verification and other tricks, but also leads to a faster Pollard's Rho algorithm to solve the discrete logarithm problem, that is to break the crypto.  Apparently it's not that much faster (less than a factor of 2 even), according to some authorities (unconfirmed by me).

Another thing we should note here is that the numbers from the P256 curve come from a random seed, in which SHA1 is applied to obtain them:

SEED=c49d3608 86e70493 6a6678e1 139d26b7 819f7e90

which can be verified using some code I'm happy to share with you if you ask.

In theory it could be possible to pick exactly the right seed (SHA1 is to some extent broken after all) such that the resulting parameters yield a backdoored curve.  However, seeing as no method is known (to me at least) for making such a backdoored curve - even when picking parameters by hand (that isn't trivially noticed), this seems untenable.  At any rate, this kind of criticism can equally be applied to secp256k1.

Finally to the "observation".  What have we observed?  Personally I have not seen any of these curves broken.  Both are used to secure a large amount of assets of various types, but the very public nature of bitcoin (the 1st and by far largest public coin) leads one to believe that secp256k1 is now very well tested.

Conclusions?  There's sadly not much I can conclude from this.  If there were really serious doubts as to the usability and security of one set of elliptic curve parameters over another, we would use a script function which allowed a user to specify for a given TXO which curve would be used.  As it stands, other attacks are likely far easier at present, side channel, broken implementation, system level backdoors, and of course rubber hoses and red-hot pokers.  If you do have some reason to doubt secp256k1, even at some small percentage of your portfolio epsilon, you don't have much choice at the moment in public coins other than cryptonote or woodcoin.

Here's links to references I read in the last week or so on the topic, I'm not going to give you a formal list of references because I'm too lazy.  Mea culpa.

http://safecurves.cr.yp.to/complete.html

https://tools.ietf.org/html/draft-ietf-msec-mikey-ecc-03

https://perso.univ-rennes1.fr/sylvain.duquesne/master/standards/sec2_final.pdf

http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdfo

http://www.secg.org/sec2-v2.pdf

http://research.microsoft.com/pubs/204914/734.pdf

http://eprint.iacr.org/2015/1018.pdf

https://cryptoexperts.github.io/million-dollar-curve/specifications/2016-02-01_trap-me-if-you-can.pdf