* consistent naming for dbl-width
* Isolate double-width Fp2 mul
* Implement double-width complex multiplication
* Lay out Fp4 double-width mul
* Off by p in square Fp4 as well :/
* less copies and stack space in addition chains
* Address https://github.com/mratsim/constantine/issues/154 partly
* Fix#154, faster Fp4 square: less non-residue, no Mul, only square (bit more ops total)
* Fix typo
* better assembly scheduling for add/sub
* Double-width -> Double-precision
* Unred -> Unr
* double-precision modular addition
* Replace canUseNoCarryMontyMul and canUseNoCarryMontySquare by getSpareBits
* Complete the double-precision implementation
* Use double-precision path for Fp4 squaring and mul
* remove mixin annotations
* Lazy reduction in Fp4 prod
* Fix assembly for sum2xMod
* Assembly for double-precision negation
* reduce white spaces in pairing benchmarks
* ADX implies BMI2
* Fix#114 - Negating 0 left the prime modulus, which is working most of the time for everything except for comparison. (also somehow triggers and workaround weird compiler bug where exceptions tracking is activated in macros and all the curve enums were stringified as their ordinal value)
* https://github.com/mratsim/constantine/issues/136 was also fixed, add to anti-regression
* add comment in test
* Fix the pure Nim fallback as well
* Pin nim-serialization. Workaround #113 and https://github.com/status-im/nim-serialization/issues/33
* Need to workaround nimble installing dependency multiple times
* non-interactive
* UB sanitizer missing on mingw
* Fix OpenSSL benchmark on non-Linux platforms
* Accelerate CI:
- Skip 32-bit on 64-bit tests
- Only test leaf functionality.
* Don't define -fstack-protector-all with MinGW
* skip line functions and cyclotomic tests (already tested in pairing) + only compile the benches don't run them.
* Implement a Sage codegenerator for frobenius constants
* Sage codegen for pairings
* Autogen of endomorphism acceleration constants
* The autogen fixed a copy-paste bug in lattice decomposition. We can use conditional negation now and save an add+dbl in scalar mul
* small fixes
* sage code for square root bls12-377 is not old
* readme updates
* Provide test suggestions for derive_frobenius
* indentation + add equation form to sage
* Sage test vector generator
* Use the json vectors
- includes type system workaround: generic sandwich https://github.com/nim-lang/Nim/issues/11225
- converting NimNode to typedesc: https://github.com/nim-lang/Nim/issues/6785
* Delete old sage code
* Install nim-serialization and nim-json-serialization in CI
* CI nimble install force yes
* Add Fp, Fp2, Fp6 support for BW6-761
* Add G1 for BW6-761
* Prepare to support G2 twists on the same field as G1
* Remove a useless dependent type for lines
* Implement G2 for BW6-761
* Fix Line leftover
* Reorg line functions to allow for Jacobian eval
* 2x faster Miller loop!!! with fused line eval double
* Support Line Double Fusion for D-Twists
* Implement fused line addition
* add Sage for constant time tonelli shanks
* Fused sqrt and invsqrt via Tonelli Shanks
* isolate sqrt in their own folder
* Implement constant-time Tonelli Shanks for any prime
* Implement Fp2 sqrt for any non-residue
* Add tests for BLS12_377
* Lattice decomposition script for BLS12_377 G1
* BLS12-377 G1 GLV ok, G2 GLV issue
* Proper endomorphism acceleration support for BLS12-377
* Add naive pairing support for BLS12-377
* Activate more bench for BLS12-377
* Fix MSB computation
* Optimize final exponentiation + add benches
* Implement optimized final exponentiation for BN254-Nogami
* And BN254 Snarks support
* Optimize D-Twist sparse Fp12 x line multiplication
* Move quadruple/octuple and add to Github issues: https://github.com/mratsim/constantine/issues/88 [skip ci]
* Pairing - initial commit
- line functions
- sparse Fp12 functions
* Small fixes:
- Line parametrized by twist for generic algorithm
- Add a conjugate operator for quadratic extensions
- Have frobenius use it
- Create an Affine coordinate type for elliptic curve
* Implement (failing) pairing test
* Stash pairing debug session, temp switch Fp12 over Fp4
* Proper naive pairing on BLS12-381
* Frobenius map
* Implement naive pairing for BN curves
* Add pairing tests to CI + reduce time spent on lower-level tests
* Test without assembler in Github Actions + less base layers test iterations
* Implement double-width field multiplication for double-width towering
* Fp2 mul acceleration via double-width lazy reduction (pure Nim)
* Inline assembly for basic add and sub
* Use 2 registers instead of 12+ for ASM conditional copy
* Prepare assembly for extended multiprecision multiplication support
* Add assembly for mul
* initial implementation of assembly reduction
* stash current progress of assembly reduction
* Fix clobbering issue, only P256 comparison remain buggy
* Fix asm montgomery reduction for NIST P256 as well
* MULX/ADCX/ADOX multi-precision multiplication
* MULX/ADCX/ADOX reduction v1
* Add (deactivated) assembly for double-width substraction + rework benches
* Add bench to nimble and deactivate double-width for now. slower than classic
* Fix x86-32 running out of registers for mul
* Clang needs to be at v9 to support flag output constraints (Xcode 11.4.2 / OSX Catalina)
* 32-bit doesn't have enough registers for ASM mul
* Fix again Travis Clang 9 issues
* LLVM 9 is not whitelisted in travis
* deactivated assembler with travis clang
* syntax error
* another
* ...
* missing space, yeah ...
* Proof-of-Concept Assembly code generator
* Tag inline per procedure so we can easily track the tradeoff on tower fields
* Implement Assembly for modular addition (but very curious off-by-one)
* Fix off-by one for moduli with non msb set
* Stash (super fast) alternative but still off by carry
* Fix GCC optimizing ASM away
* Save 1 register to allow compiling for BLS12-381 (in the GMP test)
* The compiler cannot find enough registers if the ASM file is not compiled with -O3
* Add modsub
* Add field negation
* Implement no-carry Assembly optimized field multiplication
* Expose UseX86ASM to the EC benchmark
* omit frame pointer to save registers instead of hardcoding -O3. Also ensure early clobber constraints for Clang
* Prepare for assembly fallback
* Implement fallback for CPU that don't support ADX and BMI2
* Add CPU runtime detection
* Update README closes#66
* Remove commented out code
* Add test case for #30 - Euler's criterion doesn't return 1 for a square
* Detect #42 in the test suite
* Detect #43 in the test suite
* comment in sqrt tests
* Add #67 to the anti-regression suite
* Add #61 to the anti-regression suite
* Add #62 to anti-regression suite
* Add #60 to the anti-regression suite
* Add #64 to the test suite
* Add #65 - case 1
* Add #65 case 2
* Add #65 case 3
* Add debug check to isSquare/Euler's Criterion/Legendre Symbol
* Make sure our primitives are correct
* For now deactivate montySquare CIOS fix#61#62
* Narrow down #42 and #43 to powinv on 32-bit
* Detect #42#43 at the fast squaring level
* More #42, #43 tests, Use multiplication instead of squaring as a temporary workaround, see https://github.com/mratsim/constantine/issues/68
* Prevent regression of #67 now that squaring is "fixed"
* Split elliptic curve tests to better use parallel testing
* Add support for printing points on G2
* Implement multiplication and division by optimal sextic non-residue (BLS12-381)
* Implement modular square root in 𝔽p2
* Support EC add and EC double on G2 (for BLS12-381)
* Support G2 divisive twists with non-unit sextic-non-residue like BN254 snarks
* Add EC G2 bench
* cleanup some unused warnings
* Reorg the tests for parallelization and to avoid instantiating huge files
* Add MultiScalar recoding from "Efficient and Secure Algorithms for GLV-Based Scalar Multiplication" by Faz et al
* precompute cube root of unity - Add VM precomputation of Fp - workaround upstream bug https://github.com/nim-lang/Nim/issues/14585
* Add the φ-accelerated lookup table builder
* Add a dedicated bithacks file
* cosmetic import consistency
* Build the φ precompute table with n-1 EC additions instead of 2^(n-1) additions
* remove binary
* Add the GLV precomputations to the sage scripts
* You can't avoid it, bigint multiplication is needed at one point
* Add bigint multiplication discarding some low words
* Implement the lattice decomposition in sage
* Proper decomposition for BN254
* Prepare the code for a new scalar mul
* We compile, and now debugging hunt
* More helpers to debug GLV scalar Mul
* Fix conditional negation
* Endomorphism accelerated scalar mul working for BN254 curve
* Implement endomorphism acceleration for BLS12-381 (needed cofactor clearing of the point)
* fix nimble test script after bench rename
* Add sage script for BN254
* Implement (failing) scalar multiplication tests
* Add a first test against sagemath
* Finish the tests against SAGE for BN254
* Add significant test coverage of scalar multiplication with reference checks for BN254_Snarks and BLS12_381
* Elliptic curve and Twisted curve templates - initial commit
* Support EC Add on G2 (Sextic Twisted curve for BN and BLS12 families)
* Refactor the config parser to prepare for elliptic coefficient support
* Add elliptic curve parameter for BN254 (Snarks), BLS12-381 and Zexe curve BLS12-377
* Add accessors to curve parameters
* Allow computing the right-hand-side of of Weierstrass equation "y² = x³ + a x + b"
* Randomized test infrastructure for elliptic curves
* Start a testing suite on ellptic curve addition (failing)
* detail projective addition
* Fix EC addition test (forgot initializing Z=1 and that there ar emultiple infinity points)
* Test with random Z coordinate + add elliptic curve test to test suite
* fix reference to the (deactivated) addchain inversion for BN curves [skip ci]
* .nims file leftover [skip ci]
* Lay out the refactoring objectives and tradeoffs
* Refactor the 32 and 64-bit primitives [skip ci]
* BigInts and Modular BigInts compile
* Make the bigints test compile
* Fix modular reduction
* Fix reduction tests vs GMP
* Implement montegomery mul, pow, inverse, WIP finite field compilation
* Make FiniteField compile
* Fix exponentiation compilation
* Fix Montgomery magic constant computation for 2^64 words
* Fix typo in non-optimized CIOS - passing finite fields IO tests
* Add limbs comparisons [skip ci]
* Fix on precomputation of the Montgomery magic constant
* Passing all tests including 𝔽p2
* modular addition, the test for mersenne prime was wrong
* update benches
* Fix "nimble test" + typo on out-of-place field addition
* bigint division, normalization is needed: https://travis-ci.com/github/mratsim/constantine/jobs/298359743
* missing conversion in subborrow non-x86 fallback - https://travis-ci.com/github/mratsim/constantine/jobs/298359744
* Fix little-endian serialization
* Constantine32 flag to run 32-bit constantine on 64-bit machines
* IO Field test, ensure that BaseType is used instead of uint64 when the prime can field in uint32
* Implement proper addcarry and subborrow fallback for the compile-time VM
* Fix export issue when the logical wordbitwidth == physical wordbitwidth - passes all tests (32-bit and 64-bit)
* Fix uint128 on ARM
* Fix C++ conditional copy and ARM addcarry/subborrow
* Add investigation for SIGFPE in Travis
* Fix debug display for unsafeDiv2n1n
* multiplexer typo
* moveMem bug in glibc of Ubuntu 16.04?
* Was probably missing an early clobbered register annotation on conditional mov
* Note on Montgomery-friendly moduli
* Strongly suspect a GCC before GCC 7 codegen bug (https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87139)
* hex conversion was (for debugging) not taking requested order into account + inlining comment
* Use 32-bit limbs on ARM64, uint128 builtin __udivti4 bug?
* Revert "Use 32-bit limbs on ARM64, uint128 builtin __udivti4 bug?"
This reverts commit 087f9aa7fb40bbd058d05cbd8eec7fc082911f49.
* Fix subborrow fallback for non-x86 (need to maks the borrow)
* Set up CI with Azure Pipelines
[skip ci]
* Add task for testing without GMP
* Add C++ testing + no GMP on windows
* Add the Nim wrapper for GMP to Azure build
* Add Azure badge
* Fix nimble test tasks
* Workaround windows path in Azure
* Fix nim binaries path and mingw on 32-bit
* add stew test dependency
* Fix nim/nimble path
* disable GMP tests on windows
Mamy Ratsimbazafy