273 Commits

Author SHA1 Message Date
mratsim
1383aae105 Remove outdated TODOs [skip ci]
- noinline consts: https://github.com/nim-lang/RFCs/issues/257
2020-10-11 21:33:59 +02:00
Mamy Ratsimbazafy
6530596032
Endomorphism acceleration for BN254-Nogami (#102) 2020-10-10 18:53:48 +02:00
Mamy Ratsimbazafy
a2f46f77b7
Sage constants & tests codegen (#101)
* Implement a Sage codegenerator for frobenius constants

* Sage codegen for pairings

* Autogen of endomorphism acceleration constants

* The autogen fixed a copy-paste bug in lattice decomposition. We can use conditional negation now and save an add+dbl in scalar mul

* small fixes

* sage code for square root bls12-377 is not old

* readme updates

* Provide test suggestions for derive_frobenius

* indentation + add equation form to sage

* Sage test vector generator

* Use the json vectors
- includes type system workaround: generic sandwich https://github.com/nim-lang/Nim/issues/11225
- converting NimNode to typedesc: https://github.com/nim-lang/Nim/issues/6785

* Delete old sage code

* Install nim-serialization and nim-json-serialization in CI

* CI nimble install force yes
2020-10-10 16:19:23 +02:00
Mamy Ratsimbazafy
71bb4c799a
BW6-761 part 1 (#100)
* Add Fp, Fp2, Fp6 support for BW6-761

* Add G1 for BW6-761

* Prepare to support G2 twists on the same field as G1

* Remove a useless dependent type for lines

* Implement G2 for BW6-761

* Fix Line leftover
2020-10-09 07:51:47 +02:00
Mamy André-Ratsimbazafy
49164b66d8
fix testing canary 2020-10-05 22:20:29 +02:00
Mamy Ratsimbazafy
d622f48507
Unsed imports cleanup (#97) 2020-10-04 17:33:17 +02:00
Mamy Ratsimbazafy
fc1c3472ce
Fused projective line eval (#96)
* Reorg line functions to allow for Jacobian eval

* 2x faster Miller loop!!! with fused line eval double

* Support Line Double Fusion for D-Twists

* Implement fused line addition
2020-10-04 09:39:02 +02:00
Mamy Ratsimbazafy
986245b5c1
Jacobian coordinates (#95)
* Add projective-> affine bench

* Add conditional copy and div2 benches

* Fp4 benchmarks

* Constant-time Jacobian addition

* Jacobian doubling

* Use a simpler Add+Dbl complete formula

* Update tests

* Fix conditional negate

* Rollaback complete addition, we were only handling curve coef a == 0
2020-10-02 00:01:09 +02:00
Mamy André-Ratsimbazafy
0effd66dbd
SWei -> SHortW, weierstrass -> shortweierstrass 2020-09-27 23:02:48 +02:00
Mamy Ratsimbazafy
51586c7272
Merge pull request #94 from mratsim/reorg-curves-constants
Reorg curves constants
2020-09-27 22:31:13 +02:00
Mamy André-Ratsimbazafy
39ac014dfe
small fixes 2020-09-27 21:24:54 +02:00
Mamy André-Ratsimbazafy
00fa1ea7b6
Move pairings 2020-09-27 21:00:35 +02:00
Mamy André-Ratsimbazafy
2721131168
Move curve specific square root 2020-09-27 17:55:31 +02:00
Mamy André-Ratsimbazafy
204c72b811
again leftovers 2020-09-27 17:55:09 +02:00
Mamy André-Ratsimbazafy
48bab72d1f
cleanup leftover from BN curve inversion 2020-09-27 17:39:45 +02:00
Mamy André-Ratsimbazafy
8a456b84db
Move inversions curve-specific routines to the curve folder 2020-09-27 17:37:02 +02:00
Mamy André-Ratsimbazafy
3f48a590e8
Move assembly to their own folder 2020-09-27 17:25:21 +02:00
Mamy André-Ratsimbazafy
03d58ac1e7
Standardize constants names 2020-09-27 17:18:14 +02:00
Mamy André-Ratsimbazafy
f864fb20ec
Remove unused BN inversion 2020-09-27 16:17:13 +02:00
Mamy André-Ratsimbazafy
d04ccdd578
Move the cubic root to GLV files 2020-09-27 16:01:31 +02:00
Mamy André-Ratsimbazafy
34eb6fcfbd
Move GLV constants 2020-09-27 15:39:12 +02:00
Mamy André-Ratsimbazafy
e676e06959
move frobenius macros 2020-09-27 15:06:16 +02:00
Mamy André-Ratsimbazafy
fd45a790eb
Consolidated curve-specific Frobenius in a curve folder 2020-09-27 14:46:54 +02:00
Mamy André-Ratsimbazafy
92183c8b05
Remove unused curves 2020-09-27 13:13:45 +02:00
Mamy Ratsimbazafy
0e4dbfe400
BLS12-377 (#91)
* add Sage for constant time tonelli shanks

* Fused sqrt and invsqrt via Tonelli Shanks

* isolate sqrt in their own folder

* Implement constant-time Tonelli Shanks for any prime

* Implement Fp2 sqrt for any non-residue

* Add tests for BLS12_377

* Lattice decomposition script for BLS12_377 G1

* BLS12-377 G1 GLV ok, G2 GLV issue

* Proper endomorphism acceleration support for BLS12-377

* Add naive pairing support for BLS12-377

* Activate more bench for BLS12-377

* Fix MSB computation

* Optimize final exponentiation + add benches
2020-09-27 09:15:14 +02:00
Mamy André-Ratsimbazafy
ac37b55aa1
publish the lattice decomposition finder mentioned in https://github.com/scipr-lab/zexe/issues/267 2020-09-26 15:33:41 +02:00
Mamy Ratsimbazafy
6ecbedbd09
Mixed addition (#90)
* ptrettier comments

* Implement mixed addition on G1

* Test for mixed addition in G2 and use it for Miller Loop
2020-09-26 09:16:29 +02:00
Mamy Ratsimbazafy
03ecb31c57
Pairings for BN254-Nogami and BN254-Snarks (#86)
* Implement optimized final exponentiation for BN254-Nogami

* And BN254 Snarks support

* Optimize D-Twist sparse Fp12 x line multiplication

* Move quadruple/octuple and add to Github issues: https://github.com/mratsim/constantine/issues/88 [skip ci]
2020-09-25 21:58:20 +02:00
Mamy Ratsimbazafy
f78ed23dad
Pairing optim (#85)
* Fix fp12 Frobenius map

* Implement cyclotomic subgroup acceleration

* make cyclotomic squaring in-place

* Add back out-place cycl squaring and add cyclotomic inverse

* Implement state-of-the-art BLS12-381 final exponentiation

* save a cyclotomic squaring

* Accelerate sparse line multiplication in Miller loop

* Add pairing bench

* fix comments
2020-09-24 17:18:23 +02:00
Mamy André-Ratsimbazafy
0c18f4436c
Frobenius map over fp12 (works for power 1 and 3 but not 2) 2020-09-23 01:21:35 +02:00
Mamy André-Ratsimbazafy
406d999a9b
Higher-power frobenius applications 2020-09-23 00:55:32 +02:00
Mamy Ratsimbazafy
d84edcd217
Naive pairings + Naive cofactor clearing (#82)
* Pairing - initial commit
- line functions
- sparse Fp12 functions

* Small fixes:
- Line parametrized by twist for generic algorithm
- Add a conjugate operator for quadratic extensions
- Have frobenius use it
- Create an Affine coordinate type for elliptic curve

* Implement (failing) pairing test

* Stash pairing debug session, temp switch Fp12 over Fp4

* Proper naive pairing on BLS12-381

* Frobenius map

* Implement naive pairing for BN curves

* Add pairing tests to CI + reduce time spent on lower-level tests

* Test without assembler in Github Actions + less base layers test iterations
2020-09-21 23:24:00 +02:00
Mamy Ratsimbazafy
28e83e7b49
Faster inversion with addition chains (#80) 2020-09-04 19:04:32 +02:00
Mamy André-Ratsimbazafy
c2313ad697
5.3x faster test suite.
The running time of the test suite has increased significantly with:
- new tests (for example scalar mul implementations)
- new tests that stresses the whole stack/tower
- x3 randomizers for fuzzing
- new CI and platforms: Total 16x runs per commit

This would let all tests take less than 10 min on CI even non-parallelized one like on Windows.
2020-09-03 23:30:39 +02:00
Mamy Ratsimbazafy
85d365359d
Endomorphism G2 (#79)
* Clear cofactor in BN254 G2 testgen and frobenius

* Implement G2 endomorphism acceleration in Sage

* Somewhat working accelerated scalar mul G2 (2.2x) faster
- OK for BN254_Snarks
- Some test failing for BLS12-381

* Fix negative miniscalars by adding an extra bit of encoding

* Cleanup accel params

* Small recoding optimizations
2020-09-03 23:10:48 +02:00
Mamy André-Ratsimbazafy
92939d40fb
deactivated Linux 32-bit tests on Azure for now 2020-09-01 14:17:38 +02:00
Mamy André-Ratsimbazafy
437a61bd93
Bash ~_~ .... Azure 32-bit (+ fix BN inversion alternative path) 2020-09-01 13:40:39 +02:00
Mamy André-Ratsimbazafy
303ce5b74c
Fix GCC 32-bit script install 2020-09-01 12:33:41 +02:00
Mamy André-Ratsimbazafy
5c1c4e40eb
and a missed UCPU 2020-09-01 11:53:58 +02:00
Mamy André-Ratsimbazafy
9976ac70bf
Add gcc -m32 to path in Azure 2020-09-01 10:29:02 +02:00
Mamy André-Ratsimbazafy
42e05af698
Add PowerPC64 support badge to the README 2020-08-31 23:38:58 +02:00
Mamy André-Ratsimbazafy
a6e980c866
Deactivate s390x - https://github.com/nim-lang/Nim/issues/15253 2020-08-31 23:36:23 +02:00
Mamy Ratsimbazafy
4a308c2148
Frobenius endomorphism ψ = φ−1 πp φ (psi = untwist-Frobenius-Twist) (#78)
* Sage script for frobenius isogeny

* Implement ψ (Psi) - Untwist-Frobenius-Twist Endomorphism on G2

* Implement sparse mul for frpbenius endomorphism

* Implement optimized psi2
2020-08-31 23:18:48 +02:00
Mamy André-Ratsimbazafy
c8e4346414
Fix UCPU for Linux i386 in Azure 2020-08-31 23:18:16 +02:00
Mamy André-Ratsimbazafy
54af3579f2
Add PowerPC LittleEndian and s390x (big-endian) to the Travis test suite 2020-08-31 23:13:16 +02:00
Mamy André-Ratsimbazafy
e3e9fc0e7f
Add Linux 32-bit to Azure 2020-08-31 23:04:41 +02:00
Mamy André-Ratsimbazafy
f57a7bfd77
Deactivate windows 32-bit tests for the time being 2020-08-31 22:47:57 +02:00
Mamy André-Ratsimbazafy
66d9799918
cleanups [skip ci] 2020-08-25 01:01:38 +02:00
Mamy Ratsimbazafy
6ac974d65e
Windowed GLV acceleration - 25% faster signing on G1 (#74)
* Fix 8x bigger than necessary encoding size of miniscalars in scalar mul

* initial windowed GLV-SAC implementation

* Simplify table encoding to match k0 without flipping bits
2020-08-25 00:02:30 +02:00
Mamy André-Ratsimbazafy
00ff599106
Fix 8x bigger than necessary encoding size of miniscalars in scalar mul 2020-08-24 18:31:27 +02:00