Commit Graph

288 Commits

Author SHA1 Message Date
Mamy André-Ratsimbazafy a02dd19d36
Compendium of pairing-based cryptography optimizations 2021-01-23 15:46:41 +01:00
Mamy Ratsimbazafy 638cb71e16
Fr: Finite Field parametrized by the curve order (#115)
* Introduce Fr type: finite field over curve order. Need workaround for https://github.com/nim-lang/Nim/issues/16774

* Split curve properties into core and derived

* Attach field properties to an instantiated field instead of the curve enum

* Workaround https://github.com/nim-lang/Nim/issues/14021, yet another "working with types in macros" is difficult https://github.com/nim-lang/RFCs/issues/44

* Implement finite field over prime order of a curve subgroup

* skip OpenSSL tests on windows
2021-01-22 00:09:52 +01:00
Mamy Ratsimbazafy ac6300555a
Fix test suite (#116)
* Pin nim-serialization. Workaround #113 and https://github.com/status-im/nim-serialization/issues/33

* Need to workaround nimble installing dependency multiple times

* non-interactive

* UB sanitizer missing on mingw

* Fix OpenSSL benchmark on non-Linux platforms

* Accelerate CI:
- Skip 32-bit on 64-bit tests
- Only test leaf functionality.

* Don't define -fstack-protector-all with MinGW

* skip line functions and cyclotomic tests (already tested in pairing) + only compile the benches don't run them.
2021-01-21 21:25:42 +01:00
Mamy Ratsimbazafy 023e690efc
Fix #111 2021-01-11 08:25:02 +01:00
Mamy Ratsimbazafy 29fffecc93
Update README.md 2021-01-06 19:27:16 +01:00
Mamy André-Ratsimbazafy a5c1d077fb
deal with DLL mess for OpenSSL test 2021-01-03 21:50:22 +01:00
Mamy André-Ratsimbazafy e89429e822
SHA256 Hash function 2020-12-15 19:18:36 +01:00
Mamy André-Ratsimbazafy c89c78d2d9
Typo Borrow instead of Carry in return type 2020-12-13 18:57:23 +01:00
Mamy Ratsimbazafy a022db1c08
Sqrt fp2 acceleration (#109)
* Use sqrt.square() == a instead of sqrt * invsqrt = -1 (Euler criterion) for sqrt existence.

* Accelerate sqrt_fp2 by 33%
2020-12-13 17:08:32 +01:00
Mamy André-Ratsimbazafy f0b18ecfe0
Github Actions add-path is gone https://github.blog/changelog/2020-10-01-github-actions-deprecating-set-env-and-add-path-commands/ 2020-12-13 15:28:51 +01:00
Mamy André-Ratsimbazafy 13e6b7dfe6
Travis pricing change, keep only ARM64 and PPC64 2020-12-12 19:47:45 +01:00
mratsim 45ef3a65e0 Skip 32-bit tests on 64-bit machines (too long) 2020-10-31 14:51:17 +01:00
Mamy Ratsimbazafy 244f58350c
Implement BW6-761 Endomorphism acceleration (#104)
* Implement BW6-761 GLV on G1 + Psi Untwist-Frobenius-Twist

* Fix frobenius constants for embedding degree != 12

* Fix test type/parsing issues

* Generalize frobenius map coefficient formula

* Fix Frobenius Psi generalization

* Don't confuse t and trace of frobenius + update scalarMul to use Frobenius on Fp Twist

* Fix ec_sage type definition

* fix decription [skip ci]

* update comment [skip ci]

* typo

* restore frobenius tests iterations
2020-10-13 23:58:35 +02:00
mratsim 7f0f511760 Fix Readme Github Action link [skip CI] 2020-10-11 22:04:13 +02:00
Mamy Ratsimbazafy 7826c40e26
Unify GCC and Clang ASM (#103)
* GCC-10 on Mac seems to require this syntax instead of the "+"

* update comment
2020-10-11 21:36:16 +02:00
mratsim 1383aae105 Remove outdated TODOs [skip ci]
- noinline consts: https://github.com/nim-lang/RFCs/issues/257
2020-10-11 21:33:59 +02:00
Mamy Ratsimbazafy 6530596032
Endomorphism acceleration for BN254-Nogami (#102) 2020-10-10 18:53:48 +02:00
Mamy Ratsimbazafy a2f46f77b7
Sage constants & tests codegen (#101)
* Implement a Sage codegenerator for frobenius constants

* Sage codegen for pairings

* Autogen of endomorphism acceleration constants

* The autogen fixed a copy-paste bug in lattice decomposition. We can use conditional negation now and save an add+dbl in scalar mul

* small fixes

* sage code for square root bls12-377 is not old

* readme updates

* Provide test suggestions for derive_frobenius

* indentation + add equation form to sage

* Sage test vector generator

* Use the json vectors
- includes type system workaround: generic sandwich https://github.com/nim-lang/Nim/issues/11225
- converting NimNode to typedesc: https://github.com/nim-lang/Nim/issues/6785

* Delete old sage code

* Install nim-serialization and nim-json-serialization in CI

* CI nimble install force yes
2020-10-10 16:19:23 +02:00
Mamy Ratsimbazafy 71bb4c799a
BW6-761 part 1 (#100)
* Add Fp, Fp2, Fp6 support for BW6-761

* Add G1 for BW6-761

* Prepare to support G2 twists on the same field as G1

* Remove a useless dependent type for lines

* Implement G2 for BW6-761

* Fix Line leftover
2020-10-09 07:51:47 +02:00
Mamy André-Ratsimbazafy 49164b66d8
fix testing canary 2020-10-05 22:20:29 +02:00
Mamy Ratsimbazafy d622f48507
Unsed imports cleanup (#97) 2020-10-04 17:33:17 +02:00
Mamy Ratsimbazafy fc1c3472ce
Fused projective line eval (#96)
* Reorg line functions to allow for Jacobian eval

* 2x faster Miller loop!!! with fused line eval double

* Support Line Double Fusion for D-Twists

* Implement fused line addition
2020-10-04 09:39:02 +02:00
Mamy Ratsimbazafy 986245b5c1
Jacobian coordinates (#95)
* Add projective-> affine bench

* Add conditional copy and div2 benches

* Fp4 benchmarks

* Constant-time Jacobian addition

* Jacobian doubling

* Use a simpler Add+Dbl complete formula

* Update tests

* Fix conditional negate

* Rollaback complete addition, we were only handling curve coef a == 0
2020-10-02 00:01:09 +02:00
Mamy André-Ratsimbazafy 0effd66dbd
SWei -> SHortW, weierstrass -> shortweierstrass 2020-09-27 23:02:48 +02:00
Mamy Ratsimbazafy 51586c7272
Merge pull request #94 from mratsim/reorg-curves-constants
Reorg curves constants
2020-09-27 22:31:13 +02:00
Mamy André-Ratsimbazafy 39ac014dfe
small fixes 2020-09-27 21:24:54 +02:00
Mamy André-Ratsimbazafy 00fa1ea7b6
Move pairings 2020-09-27 21:00:35 +02:00
Mamy André-Ratsimbazafy 2721131168
Move curve specific square root 2020-09-27 17:55:31 +02:00
Mamy André-Ratsimbazafy 204c72b811
again leftovers 2020-09-27 17:55:09 +02:00
Mamy André-Ratsimbazafy 48bab72d1f
cleanup leftover from BN curve inversion 2020-09-27 17:39:45 +02:00
Mamy André-Ratsimbazafy 8a456b84db
Move inversions curve-specific routines to the curve folder 2020-09-27 17:37:02 +02:00
Mamy André-Ratsimbazafy 3f48a590e8
Move assembly to their own folder 2020-09-27 17:25:21 +02:00
Mamy André-Ratsimbazafy 03d58ac1e7
Standardize constants names 2020-09-27 17:18:14 +02:00
Mamy André-Ratsimbazafy f864fb20ec
Remove unused BN inversion 2020-09-27 16:17:13 +02:00
Mamy André-Ratsimbazafy d04ccdd578
Move the cubic root to GLV files 2020-09-27 16:01:31 +02:00
Mamy André-Ratsimbazafy 34eb6fcfbd
Move GLV constants 2020-09-27 15:39:12 +02:00
Mamy André-Ratsimbazafy e676e06959
move frobenius macros 2020-09-27 15:06:16 +02:00
Mamy André-Ratsimbazafy fd45a790eb
Consolidated curve-specific Frobenius in a curve folder 2020-09-27 14:46:54 +02:00
Mamy André-Ratsimbazafy 92183c8b05
Remove unused curves 2020-09-27 13:13:45 +02:00
Mamy Ratsimbazafy 0e4dbfe400
BLS12-377 (#91)
* add Sage for constant time tonelli shanks

* Fused sqrt and invsqrt via Tonelli Shanks

* isolate sqrt in their own folder

* Implement constant-time Tonelli Shanks for any prime

* Implement Fp2 sqrt for any non-residue

* Add tests for BLS12_377

* Lattice decomposition script for BLS12_377 G1

* BLS12-377 G1 GLV ok, G2 GLV issue

* Proper endomorphism acceleration support for BLS12-377

* Add naive pairing support for BLS12-377

* Activate more bench for BLS12-377

* Fix MSB computation

* Optimize final exponentiation + add benches
2020-09-27 09:15:14 +02:00
Mamy André-Ratsimbazafy ac37b55aa1
publish the lattice decomposition finder mentioned in https://github.com/scipr-lab/zexe/issues/267 2020-09-26 15:33:41 +02:00
Mamy Ratsimbazafy 6ecbedbd09
Mixed addition (#90)
* ptrettier comments

* Implement mixed addition on G1

* Test for mixed addition in G2 and use it for Miller Loop
2020-09-26 09:16:29 +02:00
Mamy Ratsimbazafy 03ecb31c57
Pairings for BN254-Nogami and BN254-Snarks (#86)
* Implement optimized final exponentiation for BN254-Nogami

* And BN254 Snarks support

* Optimize D-Twist sparse Fp12 x line multiplication

* Move quadruple/octuple and add to Github issues: https://github.com/mratsim/constantine/issues/88 [skip ci]
2020-09-25 21:58:20 +02:00
Mamy Ratsimbazafy f78ed23dad
Pairing optim (#85)
* Fix fp12 Frobenius map

* Implement cyclotomic subgroup acceleration

* make cyclotomic squaring in-place

* Add back out-place cycl squaring and add cyclotomic inverse

* Implement state-of-the-art BLS12-381 final exponentiation

* save a cyclotomic squaring

* Accelerate sparse line multiplication in Miller loop

* Add pairing bench

* fix comments
2020-09-24 17:18:23 +02:00
Mamy André-Ratsimbazafy 0c18f4436c
Frobenius map over fp12 (works for power 1 and 3 but not 2) 2020-09-23 01:21:35 +02:00
Mamy André-Ratsimbazafy 406d999a9b
Higher-power frobenius applications 2020-09-23 00:55:32 +02:00
Mamy Ratsimbazafy d84edcd217
Naive pairings + Naive cofactor clearing (#82)
* Pairing - initial commit
- line functions
- sparse Fp12 functions

* Small fixes:
- Line parametrized by twist for generic algorithm
- Add a conjugate operator for quadratic extensions
- Have frobenius use it
- Create an Affine coordinate type for elliptic curve

* Implement (failing) pairing test

* Stash pairing debug session, temp switch Fp12 over Fp4

* Proper naive pairing on BLS12-381

* Frobenius map

* Implement naive pairing for BN curves

* Add pairing tests to CI + reduce time spent on lower-level tests

* Test without assembler in Github Actions + less base layers test iterations
2020-09-21 23:24:00 +02:00
Mamy Ratsimbazafy 28e83e7b49
Faster inversion with addition chains (#80) 2020-09-04 19:04:32 +02:00
Mamy André-Ratsimbazafy c2313ad697
5.3x faster test suite.
The running time of the test suite has increased significantly with:
- new tests (for example scalar mul implementations)
- new tests that stresses the whole stack/tower
- x3 randomizers for fuzzing
- new CI and platforms: Total 16x runs per commit

This would let all tests take less than 10 min on CI even non-parallelized one like on Windows.
2020-09-03 23:30:39 +02:00
Mamy Ratsimbazafy 85d365359d
Endomorphism G2 (#79)
* Clear cofactor in BN254 G2 testgen and frobenius

* Implement G2 endomorphism acceleration in Sage

* Somewhat working accelerated scalar mul G2 (2.2x) faster
- OK for BN254_Snarks
- Some test failing for BLS12-381

* Fix negative miniscalars by adding an extra bit of encoding

* Cleanup accel params

* Small recoding optimizations
2020-09-03 23:10:48 +02:00