The Swift SDK for Android
swift.org
I invited strangers to message me through a receipt printer
aschmelyun.com
Harnessing America's Heat Pump Moment
heatpumped.org
Twake Drive – An open-source alternative to Google Drive
github.com
How to Make a Smith Chart
johndcook.com
First Shape Found That Can't Pass Through Itself
quantamagazine.org
Why formalize mathematics – more than catching errors
rkirov.github.io
Public Montessori programs strengthen learning outcomes at lower costs: study
phys.org
Mesh2Motion – Open-source web application to animate 3D models
mesh2motion.org
Random Numbers from Hard Problems: LWE Toy RNG
blog.s20n.dev
A “knot dominated era” may have existed in the early universe: study
phys.org
Mosquitoes discovered in Iceland for the first time
cnn.com
Why can't transformers learn multiplication?
arxiv.org
'Attention is all you need' coauthor says he's 'sick' of transformers
venturebeat.com
Valetudo: Cloud replacement for vacuum robots enabling local-only operation
valetudo.cloud
Cheap DIY solar fence design
joeyh.name
Asahi Linux Still Working on Apple M3 Support, M1n1 Bootloader Going Rust
phoronix.com
Show HN: MacOS Live Screensaver – A screensaver that plays live video streams
github.com
Counter-Strike's player economy is in a multi-billion dollar freefall
polygon.com
Padlet (YC W13) Is Hiring in San Francisco and Singapore
padlet.jobs
Debian Technical Committee overrides systemd change
lwn.net
ChunkLLM: A Lightweight Pluggable Framework for Accelerating LLMs Inference
arxiv.org
TLDR - this RNG is completely and totally broken.
First, I don't think the error term is contributing much to the solution. It almost never affects the high bit. In addition, it isn't fed back into updating the secret vectors, so I think an analysis can pretend it doesn't exist.
The nonlinear step where each value is squared looks questionable to me. You will only produce quadratic residues (https://en.wikipedia.org/wiki/Quadratic_residue) when you square the numbers. This roughly halves the number of possibilities.
So what this really boils down to is this:
You have a matrix G and a vector s and a prime p. You repeatedly compute s' = Gs (Hadamard) Gs mod p. Each time you run this step you are projecting into a space with dimensionality (p/2)^N from a space p^N. My guess is that most operations will get trapped into short cycles.
Using you example values, after 10 iterations it gets to [9, 16, 13, 8]. This then repeats with a cycle length of 20. Given 4 values with p = 17 you could get up to 83520 values before repeating.
In some random tests, 6 values with p=97 enters a cycle at iteration 3802 even though there were 832,972,004,929 values.
6 values with p=271 enters a cycle at iteration 166,684 even though there were 396,109,944,105,121 values.