codex-storage
/
constantine
mirror of https://github.com/codex-storage/constantine.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

constant cosmetics

This commit is contained in:
Mamy André-Ratsimbazafy 2021-01-24 12:57:13 +01:00
parent 75493dfb5b
commit 98a4b2f91a
No known key found for this signature in database
GPG Key ID: 7B88AD1FE79492E1
5 changed files with 27 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
constantine/arithmetic/bigints.nim
View File

@ -104,7 +104,7 @@ func copyTruncatedFrom*[dBits, sBits: static int](dst: var BigInt[dBits], src: B
for wordIdx in 0 ..< min(dst.limbs.len, src.limbs.len): for wordIdx in 0 ..< min(dst.limbs.len, src.limbs.len):
dst.limbs[wordIdx] = src.limbs[wordIdx] dst.limbs[wordIdx] = src.limbs[wordIdx]
for wordIdx in min(dst.limbs.len, src.limbs.len) ..< dst.limbs.len: for wordIdx in min(dst.limbs.len, src.limbs.len) ..< dst.limbs.len:
dst.limbs[wordIdx] = SecretWord(0) dst.limbs[wordIdx] = Zero
# Comparison # Comparison
# ------------------------------------------------------------ # ------------------------------------------------------------
@ -317,14 +317,14 @@ func bit*[bits: static int](a: BigInt[bits], index: int): Ct[uint8] =
## (b255, b254, ..., b1, b0) ## (b255, b254, ..., b1, b0)
const SlotShift = log2(WordBitWidth.uint32) const SlotShift = log2(WordBitWidth.uint32)
const SelectMask = WordBitWidth - 1 const SelectMask = WordBitWidth - 1
const BitMask = SecretWord 1 const BitMask = One
let slot = a.limbs[index shr SlotShift] # LimbEndianness is littleEndian let slot = a.limbs[index shr SlotShift] # LimbEndianness is littleEndian
result = ct(slot shr (index and SelectMask) and BitMask, uint8) result = ct(slot shr (index and SelectMask) and BitMask, uint8)
func bit0*(a: BigInt): Ct[uint8] = func bit0*(a: BigInt): Ct[uint8] =
## Access the least significant bit ## Access the least significant bit
ct(a.limbs[0] and SecretWord(1), uint8) ct(a.limbs[0] and One, uint8)
# Multiplication by small cosntants # Multiplication by small cosntants
# ------------------------------------------------------------ # ------------------------------------------------------------

20
constantine/arithmetic/limbs.nim
View File

@ -67,7 +67,7 @@ func setZero*(a: var Limbs) =
func setOne*(a: var Limbs) = func setOne*(a: var Limbs) =
## Set ``a`` to 1 ## Set ``a`` to 1
a[0] = SecretWord(1) a[0] = One
when a.len > 1: when a.len > 1:
zeroMem(a[1].addr, (a.len - 1) * sizeof(SecretWord)) zeroMem(a[1].addr, (a.len - 1) * sizeof(SecretWord))
@ -76,7 +76,7 @@ func czero*(a: var Limbs, ctl: SecretBool) =
# Only used for FF neg in pure Nim fallback # Only used for FF neg in pure Nim fallback
# so no need for assembly # so no need for assembly
for i in 0 ..< a.len: for i in 0 ..< a.len:
ctl.ccopy(a[i], SecretWord 0) ctl.ccopy(a[i], Zero)
# Copy # Copy
# ------------------------------------------------------------ # ------------------------------------------------------------
@ -147,15 +147,15 @@ func eq*(a: Limbs, n: SecretWord): SecretBool =
func isOne*(a: Limbs): SecretBool = func isOne*(a: Limbs): SecretBool =
## Returns true if ``a`` is equal to one ## Returns true if ``a`` is equal to one
a.eq(SecretWord(1)) a.eq(One)
func isOdd*(a: Limbs): SecretBool = func isOdd*(a: Limbs): SecretBool =
## Returns true if a is odd ## Returns true if a is odd
SecretBool(a[0] and SecretWord(1)) SecretBool(a[0] and One)
func isEven*(a: Limbs): SecretBool = func isEven*(a: Limbs): SecretBool =
## Returns true if a is even ## Returns true if a is even
not SecretBool(a[0] and SecretWord(1)) not SecretBool(a[0] and One)
# Bit manipulation # Bit manipulation
# ------------------------------------------------------------ # ------------------------------------------------------------
@ -341,7 +341,7 @@ func prod*[rLen, aLen, bLen: static int](r: var Limbs[rLen], a: Limbs[aLen], b:
mul_asm(r, a, b) mul_asm(r, a, b)
else: else:
# We use Product Scanning / Comba multiplication # We use Product Scanning / Comba multiplication
var t, u, v = SecretWord(0) var t, u, v = Zero
staticFor i, 0, min(a.len+b.len, r.len): staticFor i, 0, min(a.len+b.len, r.len):
const ib = min(b.len-1, i) const ib = min(b.len-1, i)
@ -352,11 +352,11 @@ func prod*[rLen, aLen, bLen: static int](r: var Limbs[rLen], a: Limbs[aLen], b:
r[i] = v r[i] = v
v = u v = u
u = t u = t
t = SecretWord(0) t = Zero
if aLen+bLen < rLen: if aLen+bLen < rLen:
for i in aLen+bLen ..< rLen: for i in aLen+bLen ..< rLen:
r[i] = SecretWord 0 r[i] = Zero
func prod_high_words*[rLen, aLen, bLen]( func prod_high_words*[rLen, aLen, bLen](
r: var Limbs[rLen], r: var Limbs[rLen],
@ -380,7 +380,7 @@ func prod_high_words*[rLen, aLen, bLen](
# i.e. prod_high_words(result, P, a, w) # i.e. prod_high_words(result, P, a, w)
# We use Product Scanning / Comba multiplication # We use Product Scanning / Comba multiplication
var t, u, v = SecretWord(0) # Will raise warning on empty iterations var t, u, v = Zero # Will raise warning on empty iterations
var z: Limbs[rLen] # zero-init, ensure on stack and removes in-place problems var z: Limbs[rLen] # zero-init, ensure on stack and removes in-place problems
# The previous 2 columns can affect the lowest word due to carries # The previous 2 columns can affect the lowest word due to carries
@ -397,7 +397,7 @@ func prod_high_words*[rLen, aLen, bLen](
z[i-lowestWordIndex] = v z[i-lowestWordIndex] = v
v = u v = u
u = t u = t
t = SecretWord(0) t = Zero
r = z r = z

6
constantine/arithmetic/limbs_montgomery.nim
View File

@ -138,7 +138,7 @@ func montyMul_FIPS(r: var Limbs, a, b, M: Limbs, m0ninv: BaseType) =
# https://eprint.iacr.org/2013/882.pdf # https://eprint.iacr.org/2013/882.pdf
var z: typeof(r) # zero-init, ensure on stack and removes in-place problems in tower fields var z: typeof(r) # zero-init, ensure on stack and removes in-place problems in tower fields
const L = r.len const L = r.len
var t, u, v = SecretWord(0) var t, u, v = Zero
staticFor i, 0, L: staticFor i, 0, L:
staticFor j, 0, i: staticFor j, 0, i:
@ -149,7 +149,7 @@ func montyMul_FIPS(r: var Limbs, a, b, M: Limbs, m0ninv: BaseType) =
mulAcc(t, u, v, z[i], M[0]) mulAcc(t, u, v, z[i], M[0])
v = u v = u
u = t u = t
t = SecretWord(0) t = Zero
staticFor i, L, 2*L: staticFor i, L, 2*L:
staticFor j, i-L+1, L: staticFor j, i-L+1, L:
mulAcc(t, u, v, a[j], b[i-j]) mulAcc(t, u, v, a[j], b[i-j])
@ -157,7 +157,7 @@ func montyMul_FIPS(r: var Limbs, a, b, M: Limbs, m0ninv: BaseType) =
z[i-L] = v z[i-L] = v
v = u v = u
u = t u = t
t = SecretWord(0) t = Zero
discard z.csub(M, v.isNonZero() or not(z < M)) discard z.csub(M, v.isNonZero() or not(z < M))
r = z r = z

6
constantine/elliptic/ec_endomorphism_accel.nim
View File

@ -85,7 +85,7 @@ func decomposeEndo*[M, scalBits, L: static int](
when babai(F)[i][1]: when babai(F)[i][1]:
# prod_high_words works like logical right shift # prod_high_words works like logical right shift
# When negative, we should add 1 to properly round toward -infinity # When negative, we should add 1 to properly round toward -infinity
alphas[i] += SecretWord(1) alphas[i] += One
# We have k0 = s - 𝛼0 b00 - 𝛼1 b10 ... - 𝛼m bm0 # We have k0 = s - 𝛼0 b00 - 𝛼1 b10 ... - 𝛼m bm0
# and kj = 0 - 𝛼j b0j - 𝛼1 b1j ... - 𝛼m bmj # and kj = 0 - 𝛼j b0j - 𝛼1 b1j ... - 𝛼m bmj
@ -339,7 +339,7 @@ func scalarMulEndo*[scalBits; EC](
# we need the base miniscalar (that encodes the sign) # we need the base miniscalar (that encodes the sign)
# to be odd, and this in constant-time to protect the secret least-significant bit. # to be odd, and this in constant-time to protect the secret least-significant bit.
let k0isOdd = miniScalars[0].isOdd() let k0isOdd = miniScalars[0].isOdd()
discard miniScalars[0].cadd(SecretWord(1), not k0isOdd) discard miniScalars[0].cadd(One, not k0isOdd)
var recoded: GLV_SAC[M, L] # zero-init required var recoded: GLV_SAC[M, L] # zero-init required
recoded.nDimMultiScalarRecoding(miniScalars) recoded.nDimMultiScalarRecoding(miniScalars)
@ -511,7 +511,7 @@ func scalarMulGLV_m2w2*[scalBits; EC](
# we need the base miniscalar (that encodes the sign) # we need the base miniscalar (that encodes the sign)
# to be odd, and this in constant-time to protect the secret least-significant bit. # to be odd, and this in constant-time to protect the secret least-significant bit.
let k0isOdd = miniScalars[0].isOdd() let k0isOdd = miniScalars[0].isOdd()
discard miniScalars[0].cadd(SecretWord(1), not k0isOdd) discard miniScalars[0].cadd(One, not k0isOdd)
var recoded: GLV_SAC[2, L] # zero-init required var recoded: GLV_SAC[2, L] # zero-init required
recoded.nDimMultiScalarRecoding(miniScalars) recoded.nDimMultiScalarRecoding(miniScalars)

16
tests/t_bigints.nim
View File

@ -157,7 +157,7 @@ proc mainArith() =
let expected = BigInt[256].fromHex"7fffffff80000000800000000000000000000000800000000000000000000000" let expected = BigInt[256].fromHex"7fffffff80000000800000000000000000000000800000000000000000000000"
discard a.add(SecretWord 1) discard a.add(One)
check: bool(a == expected) check: bool(a == expected)
proc mainMul() = proc mainMul() =
@ -534,7 +534,7 @@ proc mainModularInverse() =
let M = BigInt[16].fromUint(2017'u16) let M = BigInt[16].fromUint(2017'u16)
var mp1div2 = M var mp1div2 = M
discard mp1div2.add(SecretWord 1) discard mp1div2.add(One)
mp1div2.shiftRight(1) mp1div2.shiftRight(1)
let expected = BigInt[16].fromUint(1969'u16) let expected = BigInt[16].fromUint(1969'u16)
@ -549,7 +549,7 @@ proc mainModularInverse() =
let M = BigInt[381].fromUint(2017'u16) let M = BigInt[381].fromUint(2017'u16)
var mp1div2 = M var mp1div2 = M
discard mp1div2.add(SecretWord 1) discard mp1div2.add(One)
mp1div2.shiftRight(1) mp1div2.shiftRight(1)
let expected = BigInt[381].fromUint(1969'u16) let expected = BigInt[381].fromUint(1969'u16)
@ -565,7 +565,7 @@ proc mainModularInverse() =
let M = BigInt[16].fromUint(383'u16) let M = BigInt[16].fromUint(383'u16)
var mp1div2 = M var mp1div2 = M
discard mp1div2.add(SecretWord 1) discard mp1div2.add(One)
mp1div2.shiftRight(1) mp1div2.shiftRight(1)
let expected = BigInt[16].fromUint(106'u16) let expected = BigInt[16].fromUint(106'u16)
@ -580,7 +580,7 @@ proc mainModularInverse() =
let M = BigInt[381].fromUint(383'u16) let M = BigInt[381].fromUint(383'u16)
var mp1div2 = M var mp1div2 = M
discard mp1div2.add(SecretWord 1) discard mp1div2.add(One)
mp1div2.shiftRight(1) mp1div2.shiftRight(1)
let expected = BigInt[381].fromUint(106'u16) let expected = BigInt[381].fromUint(106'u16)
@ -595,7 +595,7 @@ proc mainModularInverse() =
let M = BigInt[381].fromHex("0x1a0111ea397fe69a4b1ba7b6434bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9feffffffffaaab") let M = BigInt[381].fromHex("0x1a0111ea397fe69a4b1ba7b6434bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9feffffffffaaab")
var mp1div2 = M var mp1div2 = M
discard mp1div2.add(SecretWord 1) discard mp1div2.add(One)
mp1div2.shiftRight(1) mp1div2.shiftRight(1)
let expected = BigInt[381].fromHex("0x0636759a0f3034fa47174b2c0334902f11e9915b7bd89c6a2b3082b109abbc9837da17201f6d8286fe6203caa1b9d4c8") let expected = BigInt[381].fromHex("0x0636759a0f3034fa47174b2c0334902f11e9915b7bd89c6a2b3082b109abbc9837da17201f6d8286fe6203caa1b9d4c8")
@ -612,7 +612,7 @@ proc mainModularInverse() =
var mp1div2 = M var mp1div2 = M
mp1div2.shiftRight(1) mp1div2.shiftRight(1)
discard mp1div2.add(SecretWord 1) discard mp1div2.add(One)
let expected = BigInt[16].fromUint(0'u16) let expected = BigInt[16].fromUint(0'u16)
var r = canary(BigInt[16]) var r = canary(BigInt[16])
@ -627,7 +627,7 @@ proc mainModularInverse() =
var mp1div2 = M var mp1div2 = M
mp1div2.shiftRight(1) mp1div2.shiftRight(1)
discard mp1div2.add(SecretWord 1) discard mp1div2.add(One)
let expected = BigInt[381].fromUint(0'u16) let expected = BigInt[381].fromUint(0'u16)
var r = canary(BigInt[381]) var r = canary(BigInt[381])