
SageMath – Open-Source Mathematical Software System - lainon
https://www.sagemath.org/
======
lvh
Sage is wonderful. It has a huge number of uses but I mostly use it for
cryptography. Sage has the best (certainly open source) support I know of for
a myriad of things like group theory and elliptic curves. Here's a short
example for how easy it is to play around with a tiny elliptic curve:

    
    
      sage: p = 19; p.is_prime()
      True
      sage: K = GF(p); K
      Finite Field of size 19
      sage: E = EllipticCurve(K, [5, 9]); E
      Elliptic Curve defined by y^2 = x^3 + 5*x + 9 over Finite Field of size 19
      sage: E.count_points(), E.order(), E.gens()
      (19, 19, [(4 : 6 : 1)])
    

There are far too many things to name that sage can do, but the CLI has a
great autocomplete. Here's an example: let's say you have ECDH with point
compression, and you specify only an x coordinate. Point compression limits
the effectiveness of invalid curve attacks, where an attacker gives you a
maliciously picked Diffie-Hellman value that isn't actually on the curve
you're supposed to be on. However, if the x coordinate doesn't map to a point
on the curve, it's necessarily on its "nontrivial quadratic twist". Sage makes
this easy to play with because sage makes pretty much everything easy to play
with:

    
    
      sage: E.lift_x(6, all=True)
      []
      sage: E.quadratic_twist()
      Elliptic Curve defined by y^2 = x^3 + 6*x + 13 over Finite Field of size 19
      sage: E.quadratic_twist().lift_x(6, all=True)
      [(6 : 6 : 1), (6 : 13 : 1)]
    

If you want to do a full-on invalid curve attack, the easiest way to do that
is with Sage. You look up how the explicit formulas work in the EFD[efd], you
write a ladder, you figure out how to create other elliptic curves for which
the short Weierstrass doubling formulas still work (which parameter doesn't
appear in the formula?), and then just let sage generate every possible curve
and see which ones have the poor cryptographic properties you're after.

There's a reason the introduction to Cryptopals Set 8[set8] sends with the
words:

> By the time you're done, you will have written an ad hoc, informally-
> specified, bug-ridden, slow implementation of one percent of SageMath.

[efd]: [https://www.hyperelliptic.org/EFD/g1p/auto-
shortw.html](https://www.hyperelliptic.org/EFD/g1p/auto-shortw.html)

[set8]: [https://cryptopals.com/sets/8](https://cryptopals.com/sets/8)

~~~
mmirate
Aren't both of those attacks all-but-negated by djb's Curve25519?

~~~
lvh
Effectively, yes. Curve25519 has a few tricks that make this hard to do: it
defines a curve compression format that mandates using 32-byte public keys and
uses a single-coordinate ladder. It has the same property that points not on
the curve are on the twist, but the twist is also secure. Curve25519's main
innovation was to make the secure thing the default and the obvious thing to
do: it was not the first twist-secure curve, it was not the first curve to
have point compression that forces a point to be on the curve or the twist,
plain old NIST P-256 had both of thsose. We also had a 1-coordinate ladder for
Weierstrass prior to Curve25519, but it was far less used than effective point
compression. But it is true that it is not incorrect to use P-256 without
point compression which makes it easy to have these sorts of problems, and it
is incorrect to do so in Curve25519, because the spec encompasses more than
just the mathematical object of the curve.

Curve25519 and its sister curve Ed25519 are really good at what they were
designed for. Unfortunately people also use them for things that they're not
good at, and then you get bugs like the Monero double spend. Montgomery curves
necessarily don't have cofactor 1 -- so that's an example of a bug that could
only have occurred on X25519.

------
williamstein
Hi - I am the guy who started Sage. If you have any questions I can try to
answer them here.

~~~
roenxi
So I used Sage a lot when I was an undergraduate, but now use anything else
available because the Debian Archive never seems to have a working sagemath
package (eg, I just typed "sagemath" into my terminal right now and got a
crash on initilisation).

Something seems a bit weird about that to me, because when I used it ~8 years
ago Sage was great and none of the features I care about changed.

Do can I get a meta-comment on why Sage might struggle to get packaged for
Debian in the way that, eg, Octave/maxima/R/etc do?

~~~
antt
Scientific software has strong dependencies on the specific versions of
software used. The debian package needs to play nice with a couple of hundred
packages which are not the ones sage is building against upstream.

In sage 5.x the source code was quite small compared to today and could be
patched with some effort. Today the project is huge and this would be
impossible for one person to do.

It's vastly easier to just install sage using their own scripts from source
and have some libraries duplicated. The sage source code build script is one
of the simplest to use.

------
noobermin
When I was in college, about six or so years ago, I used Sage for my physics
classes. At some point I stopped using it because it didn't really stand up to
Mathematica, which we got for free. My professor said, funnily enough, "sage
has been taken over by mathematicians!" talking about how it has a lot of
support for math uses but not as much for things like solving ODEs that is
more of use for physicists and engineers. It's funny now seeing most of the
comments here talking about crypto, which I read about in examples for Sage at
the time (finite fields) whilst not knowing what it could be used for other
than research.

These days I'm a computational scientist, so I end up using numeric tools
anyway (numpy is my life). That said, it'd be great to have access to an open
source symbolic tool for the times I need them. How has Sage improved for
engineer/science types in the last few years?

~~~
antt
If you know what you're doing the axiom bindings make it the most powerful cas
in terms of symbolic manipulation.

Mathematica is optimized for giving you results you need in undergrad classes.
Sage is not optimized at all, but can solve problems useful to researchers.

It's the difference between osx and linux.

~~~
ChrisLomont
>Mathematica is optimized for giving you results you need in undergrad classes

What makes you think this? Mathematica is used in all sorts research projects,
technical fields, finance, and so on. I've seen Mathematica required or
recommended in many, many job listings, especially for quants. I've never seen
Sage there.

For evidence, here [1] is what you get for searching for Mathematica on
Indeed.com. Note pretty much every one of those jobs lists several math
related packages. Not one mentions Sage.

Unfortunately you cannot run the same search on Sage, since there is an ERP
package that shows up instead. However, from browsing those listing again I
find zero hits for the math package Sage.

[1]
[https://www.indeed.com/jobs?q=Mathematica&l=](https://www.indeed.com/jobs?q=Mathematica&l=)

[1]
[https://www.indeed.com/jobs?q=Mathematica&l=](https://www.indeed.com/jobs?q=Mathematica&l=)

~~~
antt
The languages themselves. To evaluate most simple integrals in mathematica you
just put them in and all the corner cases are assumed away for you. For sage
and the axiom binding you need to make those assumptions explicit. Pretty much
everything in mathematica assumes you're working on the real numbers, pretty
much nothing in sage does:
[http://doc.sagemath.org/html/en/tutorial/tour_rings.html](http://doc.sagemath.org/html/en/tutorial/tour_rings.html)

Most math quants use is at the undergrad level, the finance industry in
general is pretty backwards. A very large chunk of it is run on spreadsheets
that are passed around in emails. I've worked in it and having seem what it
takes to run some of the clients spreadsheets still gives me nightmares.

Again, the difference between osx and linux.

\---

To clarify what I mean by undergrad level: Something that is taught to some
undergrads in some degree.

Someone who specialized in pure symbolic mathematics is likely to see
integrals in their last year that other people will not see until they start
doing postdoc work.

~~~
ChrisLomont
>Most math quants use is at the undergrad level, the finance industry in
general is pretty backwards

Do you have any idea what a quant is? I have a PhD in math, and am decently
well versed in the math quants use, and it's nothing like undergrad math. Many
of the people I got PhD's with became quants, and we've had plenty of
discussions on the math they use.

Quants build models using math far beyond what an undergrad learns, including
tools such as martingales, stochastic calculus, Black-Scholes (and vast
generalizations), Brownian motion, Stochastic differential Equations,
numerical methods (usually much more advanced than an undergrad will see), and
more.

Quant jobs usually want a PhD in math or related field. If an undergrad math
degree covered what they needed they'd not require a PhD for most positions.

What do you think a quant does?

Here's a site [1] for quant jobs. Probably none for someone with only an
undergrad math degree.

[1] [http://www.quantfinancejobs.com/](http://www.quantfinancejobs.com/)

~~~
antt
There's a number of things to disentangle in that post.

1). The domain you posted is for sale and appears to be broken or slow. Given
it uses aspx and a Microsoft stack that's ten years out of date I'd say it's
perfectly representative of the state of the larger finance industry.

2). What is a quant. Depends on the job. I was hired as a quant for risk
management then got switched to algos when the pm found out I have a lot of
hard real time experience with Linux. The first job was all discrete math, the
second was optimizing x86 assembly.

3). Credential inflation is real. The application of the maths you talked
about was something I saw first hand. The assumptions under which the formal
models would work were so thread bare a stiff breeze would tear them down
quote Keynes:

>The object of our analysis is, not to provide a machine, or method of blind
manipulation, which will furnish an infallible answer, but to provide
ourselves with an organised and orderly method of thinking out particular
problems; and, after we have reached a provisional conclusion by isolating the
complicating factors one by one, we then have to go back on ourselves and
allow, as well as we can, for the probable interactions of the factors amongst
themselves. This is the nature of economic thinking. Any other way of applying
our formal principles of thought (without which, however, we shall be lost in
the wood) will lead us into error. It is a great fault of symbolic pseudo-
mathematical methods of formalising a system of economic analysis, such as we
shall set down in section vi of this chapter, that they expressly assume
strict independence between the factors involved and lose all their cogency
and authority if this hypothesis is disallowed; whereas, in ordinary
discourse, where we are not blindly manipulating but know all the time what we
are doing and what the words mean, we can keep 'at the back of our heads' the
necessary reserves and qualifications and the adjustments which we shall have
to make later on, in a way in which we cannot keep complicated partial
differentials 'at the back' of several pages of algebra which assume that they
all vanish. Too large a proportion of recent 'mathematical' economics are
merely concoctions, as imprecise as the initial assumptions they rest on,
which allow the author to lose sight of the complexities and interdependencies
of the real world in a maze of pretentious and unhelpful symbols.

The above is still excellent advice, most often never followed. Of course the
lunch talks we had were very interesting, completely divorced from reality,
but very interesting.

4). Most undergrads will never see the mathematics. True. But some will. My
numerical methods 4th year project was a symplectic integrator for the
gravitational interaction between Jupiter, Mars, the Sun and the asteroid
belt. It wasn't new research, the results were known 50 years ago, but it was
on par with the state of the art in industry in terms of complexity of
implementation (cleanness of implementation was a completely different thing,
while not spaghetti code it's rightly never seen the light of day).

~~~
ChrisLomont
1) Irrelevant. Care to post all these quant jobs that can be done with
undergrad math? I just posted a lot requiring a PhD.

2) >The first job was all discrete math, the second was optimizing x86
assembly.

I suspect you didn't have the math so ended up pushed to the programming side,
right? If so, how can you judge what math a quant uses?

3) >Credential inflation is real.

Job requirements are real too. Keynes was not a quant, and his quote is
irrelevant compared to simply addressing the point. If you're simply going to
start quoting random people instead of addressing he issue then we'll be here
forever.

4). > Most undergrads will never see the mathematics. True.

Didn't you just write "Most math quants use is at the undergrad level"? If
it's undergrad level math, won't most undergrads see it? If most won't see it,
perhaps it's taught more often in graduate level courses (which it is).

Just curious - since you worked as a quant, can you explain in your own words
the importance and mechanism of Black-Scholes? And if that's too easy, how
about explaining more recent generalizations?

~~~
antt
>I suspect you didn't have the math so ended up pushed to the programming
side, right? If so, how can you judge what math a quant uses?

The compensation was 30% higher.

You're arguing in bad faith here so I'm done.

~~~
ChrisLomont
>The compensation was 30% higher.

Then you weren't what most places call a quant. You were a programmer at a
financial company with a toe in finance.

Did you use the math tools above or not? If you didn't how are you able to
judge their efficacy?

>You're arguing in bad faith here so I'm done.

Convenient considering above you routinely did not address your claims,
reversed positions, and discounted jobs on a quant site because the tech stack
was aspx.

I figured your position may have been borne from not knowing the other side
and from career sour grapes.

------
yesenadam
I downloaded Sage a few years ago, when I was getting into algebraic number
theory. That was my first experience with Python, notebooks, numpy/scipy etc.
Now I do almost all my programming - which is mostly maths-related graphics
and image manipulation/processing, but all kinds of stuff - with Sage, in
Cython. Usually with the CLI (and a text editor), occasionally with the
notebook (to run individual lines and for the better error messages). I love
being able to choose the C or Python way to do something. I can quickly get
from initial idea to working program, and it runs _fast_.

It's just a pleasure to use. Thank you williamstein!!

------
placebo
It's great to see lots of amazing projects and that people get to have more
choice and can avoid being locked into one solution, but one thing I'd like to
see more in a description of any product (open source or not) especially when
there's a learning curve involved, is the use cases where it would make more
sense to take on the effort involved in the learning curve for this particular
product rather than others that seems similar to it (at least to the
uninitiated).

~~~
lvh
I'll give it a shot: Sage is what happens when you build a computer algebra
system on a giant pile of existing open source libraries and give it a nice,
consistent interface and a ton of starving postdocs to write cool integrations
and features.

If you're a programmer and you've used Mathematica or Maple and you've ever
found yourself wishing that you'd have something like that except in a real
programming environment, Sage is it. Sage is Python (with some syntactical
extensions).

------
messe
Sage is something I keep meaning to learn.

Every time I've tried it though, it just didn't feel as polished and
integrated as Mathematica.

~~~
sdenton4
Unfortunately, the Mathematica language is a 'write-only' language; reading
and debugging code months after use is... difficult. And that means it's hard
to build up libraries which depend on libraries. The Sage community is great,
and pushes a lot of code for research problems; things that are technically
possible in Mathematica, which someone might work up into a notebook at some
point, with a lot of effort, grow into reliable libraries in Sage.

~~~
sampo
It is true that stuff like (to take a random example)

    
    
        Total@Map[Function[{L}, Min @@ Table[dist[func[Array[c[#, k]&, n]]][L], {k, m}]], dd]
    

is normal and common in Mathematica code. Like with Perl, the culture has
started from small scripts making heavy use of shorthands provided by the
language, and slowly evolved to writing larger codebases.

Some of this can, on an individual level, be fixed by adopting a clearer
coding style. But like Perl 5, the language kind of lures you to use the
shorthands a lot.

~~~
gh02t
It's also cultural- line breaks, indentations, and parenthesis help a _lot_ to
make Mathematica more readable, but there's a strong tendency to do things in
one liners like you show. Even the official docs are like this. I think even
then it can have some readability problems, but it would certainly improve
things quite a bit if the community would use a better style.

------
severine
2011 discussion:
[https://news.ycombinator.com/item?id=2088871](https://news.ycombinator.com/item?id=2088871)

------
partycoder
The initial issue with Sage was its packaging due to its large number of
dependencies. That is largely a non-issue now for the end user.

Now there is also SageMathCloud, that makes it even more convenient to adopt.

~~~
pitiburi
You are waaaay outdated. "SageMathCloud is Now CoCalc" since May 2017. Go
google it. And it's not free _at all_, except for very basic stuff. Your
pricing depends on what you need, from hundreds to thousands of dollars. Not a
criticism, only a heads up for the guys reading the comments.

~~~
jimhefferon
CoCalc is an open source system. It is convenient to pay for a setup, which is
how they hope to get revenue to pay developers.

~~~
williamstein
We also provide a nice easy to install Docker image of Cocalc here:
[https://github.com/sagemathinc/cocalc-
docker](https://github.com/sagemathinc/cocalc-docker)

------
thereticent
Please donate. I just donated $50 to start things out.

