Commit Graph

306 Commits

Author SHA1 Message Date
Mamy Ratsimbazafy e23f990280
Tower drop concepts (#153)
* Fix affine instantiation

* drop concept from the codebase

* Remove alignment requirement, this cases problem in sequences on 32-bit for t_fp12_anti_regression

* slight sparse optim
2021-02-07 14:03:56 +01:00
Mamy André-Ratsimbazafy ffc77cd087
Fix cofactor in BW6-761 naive final exp (but still buggy - see #152) 2021-02-07 10:24:52 +01:00
Mamy Ratsimbazafy 258e7e516f
[WIP] Pairings for bw6 761 (#108)
* Prepare BW6-761 pairing constants

* Extract the basic miller loop from pairings

* template and method call syntax issue

* Layout pairing for BW6-761

* Fix rebasing woes

* Try to match the paper (still buggy)

* Stash BW6-761
2021-02-07 09:46:41 +01:00
Mamy Ratsimbazafy 54887b1777
[Research] KZG polynomial commitment - part 1 FFT (#151)
* FFT compiles, now on to debugging ... [skip CI]

* Fix FFT and add bench [skip ci]

* rename + add KZG resources

* rename fft_fr

* Implement FFT on elliptic curves =)

* FFT G1 bench
2021-02-06 22:11:17 +01:00
Mamy Ratsimbazafy 94419db783
Arg aliasing in elliptic curves (#150)
* Jacobian addition can handle aliasing fine

* handle aliasing and use less mem for Jacobian double

* Handle aliasing for Projective EC
2021-02-06 19:32:44 +01:00
Mamy André-Ratsimbazafy 5710a961a1
Rename ECP_ShortW_Proj -> ECP_ShortW_Prj 2021-02-06 16:29:53 +01:00
Mamy Ratsimbazafy c312210878
Rework towering (#148)
* naive removal of out-of-place mul by non residue

* Use {.inline.} in a consistent manner across the codebase

* Handle aliasing for quadratic multiplication

* reorg optimization

* Handle aliasing for quadratic squaring

* handle aliasing in mul_sparse_complex_by_0y

* Rework multiplication by nonresidue, assume tower and twist use same non-residue

* continue rework

* continue on non-residues

* Remove "NonResidue *" calls

* handle aliasing in Chung-Hasan SQR2

* Handla aliasing in Chung-Hasan SQR3

* Use one less temporary in Chung Hasan sqr2

* handle aliasing in cubic extensions

* merge extension tower in the same file to reduce duplicate proc and allow better inlining

* handle aliasing in cubic inversion

* drop out-of-place proc from BigInt and finite fields as well

* less copies in line_projective

* remove a copy in fp12 by lines
2021-02-06 16:28:38 +01:00
Mamy André-Ratsimbazafy 2c5e12d5f8
Workaround aliasing in Fp12[BLS12-377] inversion, fix #147 2021-02-02 12:53:36 +01:00
Mamy Ratsimbazafy 83dcd988b3
FpDbl revisited (#144) - 7% perf improvement everywhere, up to 30% in double-width primitives
* reorg mul -> limbs_double_width, ConstantineASM CttASM

* Implement squaring specialized scalar path (22% faster than mul)

* Implement "portable" assembly for squaring

* stash part of the changes

* Reorg montgomery reduction - prepare to introduce Comba optimization

* Implement comba Montgomery reduce (but it's slower!)

* rename t -> a

* 30% performance improvement by avoiding toOpenArray!

* variable renaming

* Fix 32-bit imports

* slightly better assembly for sub2x

* There is an annoying bottleneck

* use out-of-place Fp assembly instead of in-place

* diffAlias is unneeded now

* cosmetic

* speedup fpDbl sub by 20%

* Fix Fp2 -> Fp6 -> Fp12 towering. It seems 5% faster

* Stash ADCX/ADOX squaring
2021-02-01 03:52:27 +01:00
Mamy Ratsimbazafy d12d5faf21
Implement Jacobian mixed addition (#142) 2021-01-30 14:21:55 +01:00
Mamy Ratsimbazafy b91ec1cb15
Metering (#140)
* Add metering facilities

* Metering reporting

* Add example report on metering BLS12-381 pairings
2021-01-29 22:21:19 +01:00
Mamy Ratsimbazafy 95e23339b2
Decimal conversion (#139)
* Add constant-time fromDecimal conversion. Add warnings on intended purposes of hex/decimals

* introduce setuint + cosmetic fixes Wordbitsize -> Wordbitwidth in comments

* Add decimal conversion (non-constant-time)

* fix comments [skip ci]
2021-01-29 20:42:36 +01:00
Mamy André-Ratsimbazafy 47daefde1f
forgot an import 2021-01-24 13:55:18 +01:00
Mamy André-Ratsimbazafy 98a4b2f91a
constant cosmetics 2021-01-24 12:57:13 +01:00
Mamy André-Ratsimbazafy 75493dfb5b
Fix #131, inversion tests didn't take into account that the RNG can produce a 0 input and so a.inv can be different from 1 2021-01-24 12:37:02 +01:00
Mamy Ratsimbazafy 7e97cd4ac5
Fuzz fix - non-unique modular representation after Assembly negate (#137)
* Fix #114 - Negating 0 left the prime modulus, which is working most of the time for everything except for comparison. (also somehow triggers and workaround weird compiler bug where exceptions tracking is activated in macros and all the curve enums were stringified as their ordinal value)

* https://github.com/mratsim/constantine/issues/136 was also fixed, add to anti-regression

* add comment in test

* Fix the pure Nim fallback as well
2021-01-24 12:35:27 +01:00
Mamy Ratsimbazafy 5b1d280486
Fix 50% perf regression (2x with GCC) on binary GCD based inversion (#135)
* Fix 50% perf regresion Revert part of #95, fix #134

* Deactivate inversion via addition chain for BW6-761. 2x slower than Euclid
2021-01-23 21:44:22 +01:00
Mamy Ratsimbazafy 82819b1b10
Square Root & Inversion addition chains - 20% perf increase (#132)
* Addition chain for sqrt BLS12-381: 20% perf improvement

* sqrt addchain for BN254_Snarks - 20% perf improvement as well

* Fix operation count [skip ci]

* BLS12-377 sqrt - 10% perf improvement

* sqrt addition chain for BW6-761 - 6% speedup

* BN254_Nogami inversion addchain

* sqrt addchain for BN254_Nogami

* Inversion addchain for BLS12-377

* inversion ddition chain for BW6-761
2021-01-23 20:55:40 +01:00
Mamy André-Ratsimbazafy a02dd19d36
Compendium of pairing-based cryptography optimizations 2021-01-23 15:46:41 +01:00
Mamy Ratsimbazafy 638cb71e16
Fr: Finite Field parametrized by the curve order (#115)
* Introduce Fr type: finite field over curve order. Need workaround for https://github.com/nim-lang/Nim/issues/16774

* Split curve properties into core and derived

* Attach field properties to an instantiated field instead of the curve enum

* Workaround https://github.com/nim-lang/Nim/issues/14021, yet another "working with types in macros" is difficult https://github.com/nim-lang/RFCs/issues/44

* Implement finite field over prime order of a curve subgroup

* skip OpenSSL tests on windows
2021-01-22 00:09:52 +01:00
Mamy Ratsimbazafy ac6300555a
Fix test suite (#116)
* Pin nim-serialization. Workaround #113 and https://github.com/status-im/nim-serialization/issues/33

* Need to workaround nimble installing dependency multiple times

* non-interactive

* UB sanitizer missing on mingw

* Fix OpenSSL benchmark on non-Linux platforms

* Accelerate CI:
- Skip 32-bit on 64-bit tests
- Only test leaf functionality.

* Don't define -fstack-protector-all with MinGW

* skip line functions and cyclotomic tests (already tested in pairing) + only compile the benches don't run them.
2021-01-21 21:25:42 +01:00
Mamy Ratsimbazafy 023e690efc
Fix #111 2021-01-11 08:25:02 +01:00
Mamy Ratsimbazafy 29fffecc93
Update README.md 2021-01-06 19:27:16 +01:00
Mamy André-Ratsimbazafy a5c1d077fb
deal with DLL mess for OpenSSL test 2021-01-03 21:50:22 +01:00
Mamy André-Ratsimbazafy e89429e822
SHA256 Hash function 2020-12-15 19:18:36 +01:00
Mamy André-Ratsimbazafy c89c78d2d9
Typo Borrow instead of Carry in return type 2020-12-13 18:57:23 +01:00
Mamy Ratsimbazafy a022db1c08
Sqrt fp2 acceleration (#109)
* Use sqrt.square() == a instead of sqrt * invsqrt = -1 (Euler criterion) for sqrt existence.

* Accelerate sqrt_fp2 by 33%
2020-12-13 17:08:32 +01:00
Mamy André-Ratsimbazafy f0b18ecfe0
Github Actions add-path is gone https://github.blog/changelog/2020-10-01-github-actions-deprecating-set-env-and-add-path-commands/ 2020-12-13 15:28:51 +01:00
Mamy André-Ratsimbazafy 13e6b7dfe6
Travis pricing change, keep only ARM64 and PPC64 2020-12-12 19:47:45 +01:00
mratsim 45ef3a65e0 Skip 32-bit tests on 64-bit machines (too long) 2020-10-31 14:51:17 +01:00
Mamy Ratsimbazafy 244f58350c
Implement BW6-761 Endomorphism acceleration (#104)
* Implement BW6-761 GLV on G1 + Psi Untwist-Frobenius-Twist

* Fix frobenius constants for embedding degree != 12

* Fix test type/parsing issues

* Generalize frobenius map coefficient formula

* Fix Frobenius Psi generalization

* Don't confuse t and trace of frobenius + update scalarMul to use Frobenius on Fp Twist

* Fix ec_sage type definition

* fix decription [skip ci]

* update comment [skip ci]

* typo

* restore frobenius tests iterations
2020-10-13 23:58:35 +02:00
mratsim 7f0f511760 Fix Readme Github Action link [skip CI] 2020-10-11 22:04:13 +02:00
Mamy Ratsimbazafy 7826c40e26
Unify GCC and Clang ASM (#103)
* GCC-10 on Mac seems to require this syntax instead of the "+"

* update comment
2020-10-11 21:36:16 +02:00
mratsim 1383aae105 Remove outdated TODOs [skip ci]
- noinline consts: https://github.com/nim-lang/RFCs/issues/257
2020-10-11 21:33:59 +02:00
Mamy Ratsimbazafy 6530596032
Endomorphism acceleration for BN254-Nogami (#102) 2020-10-10 18:53:48 +02:00
Mamy Ratsimbazafy a2f46f77b7
Sage constants & tests codegen (#101)
* Implement a Sage codegenerator for frobenius constants

* Sage codegen for pairings

* Autogen of endomorphism acceleration constants

* The autogen fixed a copy-paste bug in lattice decomposition. We can use conditional negation now and save an add+dbl in scalar mul

* small fixes

* sage code for square root bls12-377 is not old

* readme updates

* Provide test suggestions for derive_frobenius

* indentation + add equation form to sage

* Sage test vector generator

* Use the json vectors
- includes type system workaround: generic sandwich https://github.com/nim-lang/Nim/issues/11225
- converting NimNode to typedesc: https://github.com/nim-lang/Nim/issues/6785

* Delete old sage code

* Install nim-serialization and nim-json-serialization in CI

* CI nimble install force yes
2020-10-10 16:19:23 +02:00
Mamy Ratsimbazafy 71bb4c799a
BW6-761 part 1 (#100)
* Add Fp, Fp2, Fp6 support for BW6-761

* Add G1 for BW6-761

* Prepare to support G2 twists on the same field as G1

* Remove a useless dependent type for lines

* Implement G2 for BW6-761

* Fix Line leftover
2020-10-09 07:51:47 +02:00
Mamy André-Ratsimbazafy 49164b66d8
fix testing canary 2020-10-05 22:20:29 +02:00
Mamy Ratsimbazafy d622f48507
Unsed imports cleanup (#97) 2020-10-04 17:33:17 +02:00
Mamy Ratsimbazafy fc1c3472ce
Fused projective line eval (#96)
* Reorg line functions to allow for Jacobian eval

* 2x faster Miller loop!!! with fused line eval double

* Support Line Double Fusion for D-Twists

* Implement fused line addition
2020-10-04 09:39:02 +02:00
Mamy Ratsimbazafy 986245b5c1
Jacobian coordinates (#95)
* Add projective-> affine bench

* Add conditional copy and div2 benches

* Fp4 benchmarks

* Constant-time Jacobian addition

* Jacobian doubling

* Use a simpler Add+Dbl complete formula

* Update tests

* Fix conditional negate

* Rollaback complete addition, we were only handling curve coef a == 0
2020-10-02 00:01:09 +02:00
Mamy André-Ratsimbazafy 0effd66dbd
SWei -> SHortW, weierstrass -> shortweierstrass 2020-09-27 23:02:48 +02:00
Mamy Ratsimbazafy 51586c7272
Merge pull request #94 from mratsim/reorg-curves-constants
Reorg curves constants
2020-09-27 22:31:13 +02:00
Mamy André-Ratsimbazafy 39ac014dfe
small fixes 2020-09-27 21:24:54 +02:00
Mamy André-Ratsimbazafy 00fa1ea7b6
Move pairings 2020-09-27 21:00:35 +02:00
Mamy André-Ratsimbazafy 2721131168
Move curve specific square root 2020-09-27 17:55:31 +02:00
Mamy André-Ratsimbazafy 204c72b811
again leftovers 2020-09-27 17:55:09 +02:00
Mamy André-Ratsimbazafy 48bab72d1f
cleanup leftover from BN curve inversion 2020-09-27 17:39:45 +02:00
Mamy André-Ratsimbazafy 8a456b84db
Move inversions curve-specific routines to the curve folder 2020-09-27 17:37:02 +02:00
Mamy André-Ratsimbazafy 3f48a590e8
Move assembly to their own folder 2020-09-27 17:25:21 +02:00