Saying that something 'glows in the dark' implies interference, so unfortunately, within cryptography, it has become an industry term as well as metaphor.
Other examples are the 'mystery padding' in keccak vs sha3.
It's imageboard/IRC slang, you won't find any documentation on it because it's an intentionally obfuscated/dogwhistle phrase intended to only 'make sense' to other browsers who've stuck around long enough to get spoonfed.
Using the term 'dogwhistle' seems like a divisive way to discount what I said. Do you care to articulate yourself in a way that addresses the actual substance of what I said, or is this it?
Glowing is not cryptographic jargon. It's a word used years ago by the developer of TempleOS in a livestream to describe CIA operators. He said he could tell who was CIA because they would glow in the dark. Users of the 4chan technology board witnessed this and it became a meme.
To say something glows means to suggest the US three letter agencies are interfering with it. If some cryptography glows, it means it's been compromised by US authorities. Glowies are the operators themselves.
It's a reference to schizophrenic Terry Davis (rip), author of TempleOS, who said CIA agents would glow in the dark, and got popularized through the 4chan /g/ board.
I vouched for a few of his comments as well. I definitely think about how a quirk of biology or environment could flip the wrong switch in my brain.
There are millions of sob stories. I don't do as much as I could, but I do more than nothing to help people out. That one, Terry Davis, keeps me up at night sometimes.
If we were not meant to distinguish creation from creator, we'd be in a world of trouble. Also, he was quite ill, I'm not sure we can fault him for some of his mannerisms while also admiring his ambition and skill.
Glowie refers to a fed, it started with the templeos guy but is more general now. Glowing means its a fed op to weaken crypto, kinda like the dual ec fiasco.
They're saying they don't trust that the constants defining the curve were chosen non-maliciously. The NSA has, in the past, standardized protocols that contained intentional backdoors embedded into the constants used in the definition [1]. Because of things like that, it's desirable for cryptographic protocols to use constants chosen in some way that makes backdooring intractable [2].
4chan's technology board were, let's say, huge fans of Terry Davis, developer of TempleOS. One day during his livestream he said he could see the CIA operators while driving because they would glow in the dark.
Now whenever someone is suspected of being an intelligence agency operator, people reply with pictures of a literal glowing person. Usually happens when someone spreads FUD about technology that's believed to be secure. It is assumed that these agencies are running psychological operations in online communites with the intent to dissuade the use of technology that could defeat them.
Glowing in the dark is something people say when they refer to people from intelligence services. The idea is they stick out when doing dark/stealthy stuff.
“Glows” for something tampered with or “glowies”for agents of three letter agencies doing the tampering is an imageboard culture term first coined by Terry Davis (1969-2018), the iconic developer of TempleOS, who made the probably fantastical but apparently not metaphorical claim that he could distinguish CIA agents from regular people because CIA agents “glowed in the dark”.
After it’s controversial debut on 4chan, Davis’s unsupported claim of selective unexplained human photoluminescence quickly became a meme in imageboard culture. Since imageboard culture is intersectional with software development culture, the terms have worked their way into defacto terminology among a subset of developers that work on things often thought of as adversarial at times to state interests, encrypted chat and cryptocurrency being among these.
The term has bled out some and finds spotty support among other developers in tangential contact. The future of the term is uncertain, as it’s use remains largely isolated despite being canonical since 2017.
Being powers of 2 is more efficient because computer memory/buses/caches are aligned to those sizes. It does not necessarily imply that they are less secure than with fields of non-power-of-2 sizes. There might even be a security benefit to having these canonical sizes because it simplifies implementation and makes it easier to perform constant-time operations across different hardware. If you consider that some hardware has additional costs to reading non-aligned memory, you open up the possibility for timing-attacks and other implementation bugs brought about by additional complexity. Sometimes simple is better.
The bitcoin wiki explicitly says that secp256k1 is not characteristic 2:
> secp256k1 has characteristic p, it is defined over the prime field ℤp. Some other curves in common use have characteristic 2, and are defined over a binary Galois field GF(2^n), but secp256k1 is not one of them.
Wikipedia, honestly. For background math you may want to rely on the citations or other provided texts but a lot of articles have great examples sections.
But... I think you need a more coherent goal than just "understand the math." You can superficially understand the math when guided, but without any reason to retain it I am not sure what you will gain from the experience.
On my journey into this secret world I sadly had to conclude that understanding of the needed math was severely lacking, and that I'd have to start far back to ever get a grasp on it. But on the flipside it has motivated me to learn a bunch of things I never thought I would when I was younger, and also to program things that I never in my life thought I'd be able to.
This blog post from Cloudflare proved incredibly useful to me when I was trying to understand this stuff for the first time. The animated gifs about halfway down the page are particularly useful: https://blog.cloudflare.com/a-relatively-easy-to-understand-...
Trying to render them in code, or with Desmos, is quite enlightening. Cryptographic tools are also helpful for testing it out in practise, such as OpenSSH. Then read up on the various forums and the Bitcoin Wiki, and try to make your own implementation to generate an address. Next step is trying out other cryptos and their algos, if that's the route you want to take.
Garbage spam page. This shouldn't be on HN. There is a common trend for people to take highly technical subjects do a tiny amount of research and then spam up some page (often full of plagiarism) in order to add bulk to their sites. This is especially common in the "defi / ico" fraud ecosystem.
In this case the article is so poorly researched that even though it says fairly little it manages to make outright false claims about basic facts, e.g. "secp256k1 is a Koblitz curve which is defined in a characteristic 2 finite field, while secp256r1 is a prime field curve"-- which is false, secp256k1 uses a prime field.
Because this isn't getting enough attention, let me point out that nullc is Gregory Maxwell, Bitcoin core developer. The parent comment is the most informed comment here and you should upvote it.
Well, I'm not actually answering the question. :) (and former Bitcoin developer would be more accurate!)
Really people can mostly just speculate on the subject, or offer why they might have chosen it: Satoshi never said much about his choice-- he certainly never said in public that he was concerned with NSA tampered parameters.
I think it was a good choice at the time, esp. now after the expiration of the GLV patent. And the fact that there is no opportunity for NSA tampering scaremongering is a nice feature, but that's my opinion and I have no reason to believe it was Satoshi's.
If he was careful, probably he would have used Tor for his searches.
But I think that NSA-level organization knows who Satoshi is. It's hard to imagine how one would be able to work on such a project, without any background that could be tracked.
Bitcoin seems to have been developed by Hal and Satoshi working together with Satoshi being the only other plausible person if you look at the Wikipedia article on him.
It's not that hard if you're careful. The last line of defence of using a well-chosen set of WiFi hotspots, auto-generated MAC addresses, and an otherwise silent Linux distro is pretty impenetrable even if all other proxy layering is somehow compromised.
Provided you're disciplined enough to properly containerize all ongoing sessions, of course. Careful planning is all it takes.
I don't think there was much "oh no, I didn't realize that yet" with Satoshi. He seemed to have been the epitome of meticulously planning/scheming things well in advance.
But at some point he had to gain this knowledge in this space, and it wasn't instantly that he might have thought to make a cryptocurrency. He didn't start from birth covering his tracks.
Yes but he only has to make it so that there are dozens of people who might plausibly be Satoshi. Which, as far as a decade of scrutiny could uncover, he managed to do.
Only from the outset as lay people we don't know who he is. I'm sure his identity is known by intelligence agencies who have tooling that we aren't privy to.
Not sure what the context of your question is, but using Windows for the same purpose is probably doable too. It's just that Linux makes it a lot easier to ensure that your OS isn't any chattier on the network layer than it needs to be. I personally wouldn't feel comfortable trying to be an anonymous Windows user if the stakes were as high as we're alluding to here.
> But I think that NSA-level organization knows who Satoshi is.
I'm willing to believe that, but probably not in the way you intended. Obviously the actual truth is unknowable so I am not trying to promote any Theories here and am not fond of anyone who does. However I am willing to entertain reasonably-grounded heterodox speculation and hope you all will indulge me with the same :)
One thing I find very interesting about Bitcoin is how most people seem to automatically assume Satoshi is an individual person due to bearing the name of an individual. I Know Myself well enough to admit how much I love a good underdog story about a smart person-like-myself who's upsetting the status quo, Sticking It To The Man, and/or Raging Against the Machine like Snowden. Doubly so when The Man is the monetary system that hurt my family so badly in the 2008 crash, so I Want To Believe in the (2008) Bitcoin origin story and giving power back to the people. Has it? I guess for a few.
As you mentioned, Tor and cryptocurrency usage go hand-in-hand for certain people and certain classes of transactions. Tor is an admitted creation of the US intelligence community, ostensibly for deployed agents as a sort of bidirectional modern-day Numbers Station. I have to ask myself if that intelligence community would allow the continued existence of such a thing if it came to be used in ways that harmed the USA's agendas. Maybe it would be worth it for them, but again it is unknowable: https://www.bloomberg.com/news/articles/2014-01-23/tor-anony... (http://archive.today/WR9X1)
I know the value proposition of Bitcoin et al for me an an individual, but lately I've been thinking about plausible ways cryptocurrency could simultaneously create incentives/outcomes benefiting others. Cryptocurrency mining sure has done a good job eliminating public availability of general-purpose computing resources since miners will find and exploit them. That kind of thing helps push us all into the open arms of the Tier-1 Internet gatekeepers like AWS and Cloudflare and away from a distributed network where all peers could be equal. Even Github Actions got bitten by this: https://www.bleepingcomputer.com/news/security/github-action...
Privately-owned general-purpose computing seems to be under attack as well. There's no emotion more motivating than fear, and the constant news about CryptoLocker-style ransonware attacks could help manufacture consent for "trusted" computing platforms à la M1 Macs and Windows 11, even among techies who would usually be vehemently against those kind of creeping restrictions. I guess it's an acceptable compromise if it Keeps Me Safe. There wouldn't even be a need for an intelligence community to get their hands dirty since the monetary incentive makes crypto malware inevitable.
What if an intelligence community wanted to buy up a bunch of parallel computing hardware supply (e.g. GPUs) for years without everybody questioning it? Even I don't think twice about blaming miners for the out of control pricing and availability, but I've been reading articles since like 2013 about how ASIC miners spell the end for profitable GPU Bitcoin mining. Aaaany day now would be great. I guess it's all those other coins. Again, unknowable.
I'll stop here since this is rambling and probably too close to Theory territory, but I've been thinking about my assumptions a lot lately and these are a few of them.
The article basically says that Satoshi went for secp256k1 because for secp256r1 the constants were defined by the NIST under the possible influence of the NSA.
I don't think it is a good argument, I invite every one to take a look at the DES S-Box constants.
Many people believed that those were backdoor constants that the NSA planted into the algorithm as there was no explanation on how and why they were chosen.
Many years later it turned out that they were picked carefully to protect against differential-linear attacks. An attack only the NSA knew back then.
So they gave out safe S-Box constants, and all those who distrusted them and picked random/other S-Boxes were actually screwed, this is really ironic.
Right except on the other hand, look at the whole Dual_EC_DRBG fiasco where the NSA gave instructions for how one could pick parameters, but also offered their own suggestion (in some standards, one had to use the suggested parameters.)
The bit about choosing parameters suggests that the NSA didn’t have a benevolent reason to choose those parameters, and the evidence of that algorithm being exploited in the wild suggests that the NSA may have chosen their parameters with that exploit in mind.
"of never putting out Cryptography that could be broken by any other actor than the NSA itself. "
If the only obstacle for others is "unknown Math" - then surely you can rule the script kiddies out, but I believe there are quite some other clever people with strong Math background around, who do not work exclusively for the NSA.
The Dual_EC exploit was possible not because the NSA were cleverer than everyone else but because they wrote the standard and chose the parameters. The parameters involved two points, P and Q, on an elliptic curve group with rank 1 and prime order. Because of these properties there must be some number e such that P = Q^e (written P = e * Q in the common elliptic curve group notation) but it is hard to find e from only P and Q (this is the discrete log problem for this EC group and it, or its close relative the Diffie–Hellman, problem being hard is a common foundation for security in cryptography.) However if you are choosing the parameters, you can just choose Q and e and compute P = Q^e yourself.
The Juniper hack (where their firewall product had a backdoor injected) was enabled by someone breaking into the company and modifying the parameters for Dual_EC_DRBG. It was sufficient for the algorithm to allow for a backdoor for there to be problems. Presumably it would have been caught sooner had the hack required a backdoor to be hidden in the source code and not some bytes that looked like a magic constant.
Dual_EC_DRBG is bad because someone with access to Junipers source repos was able to backdoor their implementation? Do you realise how preposterous that sounds?
> Presumably it would have been caught sooner had the hack required a backdoor to be hidden in the source code and not some bytes that looked like a magic constant.
… but that’s exactly the reason Satoshi distrusted the NSA. All else being equal, what possible incentive is there to design Bitcoin in a way that might theoretically be vulnerable to the NSA?
Lots of money? If you can short cut mining, it's cleaner black money than dealing drugs or people, probably. And if you can steal from someone else's address, maybe that's even better... You can seize funds with no red tape. Or mete out that capability to allies etc. Why wouldn't the NSA want to support a parallel financial system that criminals flock to? Just like why wouldn't the NSA want to covertly support encrypted messaging apps or the FBI do that...
If the standard is that you attach a copy of your message encrypted with an NSA-provided public key, and only the NSA has access to the private key, then being good at math won’t help Russia or China.
Obviously the NSA couldn’t get people to use such a standard but they managed to slip something like that into Dual_EC and had success in getting people to use it.
Thanks for the context. I’m still pessimistic about them as unelected ultra powerful blameless immortal all seeing eyes - but I get that good people might make the same decisions with the same info.
The r-curve parameters were apparently chosen by picking a random number, and hashing it, which somehow "proves" no nefarious play. Problem is that one could keep picking random numbers, hashing them, to get curve parameters vulnerable to an attack not commonly known. There is no attempt to explain how these numbers were chosen, or to use a nothing-up-my-sleeve number.
From "SEC 2: Recommended Elliptic Curve Domain Parameters":
"... one type being parameters associated with a Koblitz
curve and the other type being parameters chosen verifiably at random"
"Verifiably random parameters offer some additional conservative features. These parameters are chosen from a seed using SHA-1 as specified in ANSI X9.62 [X9.62]. This process ensures that the parameters cannot be predetermined."
The trick here is to not use a random number as the input. Instead you pick some meaningful input. Say the string "secure random 256 bit curve parameters". You then hash that meaningful string to get a random number that is much harder to manipulate by brute force.
Parameters generated this way are called "nothing up your sleeve" numbers.
Couldn't you generate an arbitrarily large number of variations of vaguely human meaningful sentences, until one of them ended up with a convenient hash? The sentence you wrote as an example sounds like something an ML model would spit out.
Yesterday I texted my coworker a suggestion to dockerize his yocto build so that it would work better in vagrant on a lambda server in the cloud. It's borderline these days, but he realized I was being facetious. He retorted with a serious comment about 500 lines of typescript to run 5 lines of bash.
With "meaningful input" one usually means some prime number or the eg. first X digits of a constant like pi. (and if you chose a strange prime or constant, people would also ask questions)
This generally narrows down the options to something were relatively little trickery is possible: keep in mind that the eg. hashes used to break some encryption would have to be very specific so that the algorithm isn't trivially broken to begin with.
The more important part about nothing-up-my-sleeve is really the justification for choosing a particular hash/number. If, let's say your algorithm needs a prime with at least 10 digits and you pick the first prime with 10 digits nobody asks questions. If you picked the 16th, then people would ask questions.
Similarly, if you can pick any arbitrary ten digit number and you pick the first 10 digits of pi, nobody will ask questions. If you picked the million'th to million-and-tenth digit of pi people would asks questions.
"meaningful" has to be understood more as "from a pool of constants that leave little room for (mallicious) adjustment". The abstracter the number, the higher the potentially used searchspace.
109 comments
[ 3.0 ms ] story [ 182 ms ] threadk curve
r curve [1]https://www.johndcook.com/blog/2018/08/21/a-tale-of-two-elli...Other examples are the 'mystery padding' in keccak vs sha3.
To say something glows means to suggest the US three letter agencies are interfering with it. If some cryptography glows, it means it's been compromised by US authorities. Glowies are the operators themselves.
Source: am cryptographer
My main familiarity with it is from imageboard culture, where (mostly) reactionaries use it to accuse each other of being feds.
Given that "glows in the dark" typically refers to fluorescence[1], where does the interference comes in?
[1]: https://en.wikipedia.org/wiki/Fluorescence
https://www.urbandictionary.com/define.php?term=Glows%20in%2...
Terry is/was an HN native, too.
Upvoting all of his shadowbanned stuff that was half-way decent and lucid was a hobby of mine. It still makes me feel good to think about it.
Godspeed Terry.
https://news.ycombinator.com/item?id=7818823
There are millions of sob stories. I don't do as much as I could, but I do more than nothing to help people out. That one, Terry Davis, keeps me up at night sometimes.
https://news.ycombinator.com/threads?id=losethos
https://news.ycombinator.com/threads?id=TerryADavis
https://news.ycombinator.com/threads?id=TempleOS
1: https://en.wikipedia.org/wiki/Dual_EC_DRBG
2: https://en.wikipedia.org/wiki/Nothing-up-my-sleeve_number
https://www.reddit.com/r/lastimages/comments/2obp6s/last_kno...
Later the phrase was seen on a t-shirt in a candid photo of a very attractive Japanese woman posted to engrish.com, and went viral.
Then 4chan picked it up.
And now it’s here.
Now whenever someone is suspected of being an intelligence agency operator, people reply with pictures of a literal glowing person. Usually happens when someone spreads FUD about technology that's believed to be secure. It is assumed that these agencies are running psychological operations in online communites with the intent to dissuade the use of technology that could defeat them.
After it’s controversial debut on 4chan, Davis’s unsupported claim of selective unexplained human photoluminescence quickly became a meme in imageboard culture. Since imageboard culture is intersectional with software development culture, the terms have worked their way into defacto terminology among a subset of developers that work on things often thought of as adversarial at times to state interests, encrypted chat and cryptocurrency being among these.
The term has bled out some and finds spotty support among other developers in tangential contact. The future of the term is uncertain, as it’s use remains largely isolated despite being canonical since 2017.
Isn't this enough?
Secp256k1's base field size is a 256-bit prime. What does he mean?
> secp256k1 has characteristic p, it is defined over the prime field ℤp. Some other curves in common use have characteristic 2, and are defined over a binary Galois field GF(2^n), but secp256k1 is not one of them.
https://en.bitcoin.it/wiki/Secp256k1
I'd like to get a grasp on this from first principles. Thank you!
[1]:https://cacr.uwaterloo.ca/ecc/
But... I think you need a more coherent goal than just "understand the math." You can superficially understand the math when guided, but without any reason to retain it I am not sure what you will gain from the experience.
This has been my experience with almost everything I ever learned about math, much of which I have unfortunately not retained.
In this case the article is so poorly researched that even though it says fairly little it manages to make outright false claims about basic facts, e.g. "secp256k1 is a Koblitz curve which is defined in a characteristic 2 finite field, while secp256r1 is a prime field curve"-- which is false, secp256k1 uses a prime field.
Really people can mostly just speculate on the subject, or offer why they might have chosen it: Satoshi never said much about his choice-- he certainly never said in public that he was concerned with NSA tampered parameters.
I think it was a good choice at the time, esp. now after the expiration of the GLV patent. And the fact that there is no opportunity for NSA tampering scaremongering is a nice feature, but that's my opinion and I have no reason to believe it was Satoshi's.
Or perhaps to rephrase, are there are any trustworthy sites covering similar topics?
But I think that NSA-level organization knows who Satoshi is. It's hard to imagine how one would be able to work on such a project, without any background that could be tracked.
https://evanhatch.medium.com/len-sassaman-and-satoshi-e483c8...
https://satoshi.nakamotoinstitute.org/posts/bitcointalk/541/
Provided you're disciplined enough to properly containerize all ongoing sessions, of course. Careful planning is all it takes.
So not Windows?
I'm willing to believe that, but probably not in the way you intended. Obviously the actual truth is unknowable so I am not trying to promote any Theories here and am not fond of anyone who does. However I am willing to entertain reasonably-grounded heterodox speculation and hope you all will indulge me with the same :)
One thing I find very interesting about Bitcoin is how most people seem to automatically assume Satoshi is an individual person due to bearing the name of an individual. I Know Myself well enough to admit how much I love a good underdog story about a smart person-like-myself who's upsetting the status quo, Sticking It To The Man, and/or Raging Against the Machine like Snowden. Doubly so when The Man is the monetary system that hurt my family so badly in the 2008 crash, so I Want To Believe in the (2008) Bitcoin origin story and giving power back to the people. Has it? I guess for a few.
As you mentioned, Tor and cryptocurrency usage go hand-in-hand for certain people and certain classes of transactions. Tor is an admitted creation of the US intelligence community, ostensibly for deployed agents as a sort of bidirectional modern-day Numbers Station. I have to ask myself if that intelligence community would allow the continued existence of such a thing if it came to be used in ways that harmed the USA's agendas. Maybe it would be worth it for them, but again it is unknowable: https://www.bloomberg.com/news/articles/2014-01-23/tor-anony... (http://archive.today/WR9X1)
I know the value proposition of Bitcoin et al for me an an individual, but lately I've been thinking about plausible ways cryptocurrency could simultaneously create incentives/outcomes benefiting others. Cryptocurrency mining sure has done a good job eliminating public availability of general-purpose computing resources since miners will find and exploit them. That kind of thing helps push us all into the open arms of the Tier-1 Internet gatekeepers like AWS and Cloudflare and away from a distributed network where all peers could be equal. Even Github Actions got bitten by this: https://www.bleepingcomputer.com/news/security/github-action...
Privately-owned general-purpose computing seems to be under attack as well. There's no emotion more motivating than fear, and the constant news about CryptoLocker-style ransonware attacks could help manufacture consent for "trusted" computing platforms à la M1 Macs and Windows 11, even among techies who would usually be vehemently against those kind of creeping restrictions. I guess it's an acceptable compromise if it Keeps Me Safe. There wouldn't even be a need for an intelligence community to get their hands dirty since the monetary incentive makes crypto malware inevitable.
What if an intelligence community wanted to buy up a bunch of parallel computing hardware supply (e.g. GPUs) for years without everybody questioning it? Even I don't think twice about blaming miners for the out of control pricing and availability, but I've been reading articles since like 2013 about how ASIC miners spell the end for profitable GPU Bitcoin mining. Aaaany day now would be great. I guess it's all those other coins. Again, unknowable.
I'll stop here since this is rambling and probably too close to Theory territory, but I've been thinking about my assumptions a lot lately and these are a few of them.
You have to remember how obscure it was initially, and it's not like it involved terrorism or obviously a thread to national security.
I don't think it is a good argument, I invite every one to take a look at the DES S-Box constants. Many people believed that those were backdoor constants that the NSA planted into the algorithm as there was no explanation on how and why they were chosen. Many years later it turned out that they were picked carefully to protect against differential-linear attacks. An attack only the NSA knew back then. So they gave out safe S-Box constants, and all those who distrusted them and picked random/other S-Boxes were actually screwed, this is really ironic.
https://en.wikipedia.org/wiki/S-box
The bit about choosing parameters suggests that the NSA didn’t have a benevolent reason to choose those parameters, and the evidence of that algorithm being exploited in the wild suggests that the NSA may have chosen their parameters with that exploit in mind.
The NSA has a track record of never putting out Cryptography that could be broken by any other actor than the NSA itself.
If the only obstacle for others is "unknown Math" - then surely you can rule the script kiddies out, but I believe there are quite some other clever people with strong Math background around, who do not work exclusively for the NSA.
> Presumably it would have been caught sooner had the hack required a backdoor to be hidden in the source code and not some bytes that looked like a magic constant.
Have you seen what real life bugdoors look like?
Obviously the NSA couldn’t get people to use such a standard but they managed to slip something like that into Dual_EC and had success in getting people to use it.
Instead they seemingly wanted to exploit anyone who didn’t use their constants, I guess?
From "SEC 2: Recommended Elliptic Curve Domain Parameters":
"... one type being parameters associated with a Koblitz curve and the other type being parameters chosen verifiably at random"
"Verifiably random parameters offer some additional conservative features. These parameters are chosen from a seed using SHA-1 as specified in ANSI X9.62 [X9.62]. This process ensures that the parameters cannot be predetermined."
Parameters generated this way are called "nothing up your sleeve" numbers.
Yesterday I texted my coworker a suggestion to dockerize his yocto build so that it would work better in vagrant on a lambda server in the cloud. It's borderline these days, but he realized I was being facetious. He retorted with a serious comment about 500 lines of typescript to run 5 lines of bash.
"aes" is better than "aes is the best!" which is better than "aes123884586314745"
This generally narrows down the options to something were relatively little trickery is possible: keep in mind that the eg. hashes used to break some encryption would have to be very specific so that the algorithm isn't trivially broken to begin with.
The more important part about nothing-up-my-sleeve is really the justification for choosing a particular hash/number. If, let's say your algorithm needs a prime with at least 10 digits and you pick the first prime with 10 digits nobody asks questions. If you picked the 16th, then people would ask questions.
Similarly, if you can pick any arbitrary ten digit number and you pick the first 10 digits of pi, nobody will ask questions. If you picked the million'th to million-and-tenth digit of pi people would asks questions.
"meaningful" has to be understood more as "from a pool of constants that leave little room for (mallicious) adjustment". The abstracter the number, the higher the potentially used searchspace.
Many applications use a second generator H, which must be an unknown multiple of G. This is achieved by defining it as essentially SHA256(G).