347 Commits

Author SHA1 Message Date
Mamy Ratsimbazafy
d12d5faf21
Implement Jacobian mixed addition (#142) 2021-01-30 14:21:55 +01:00
Mamy Ratsimbazafy
b91ec1cb15
Metering (#140)
* Add metering facilities

* Metering reporting

* Add example report on metering BLS12-381 pairings
2021-01-29 22:21:19 +01:00
Mamy Ratsimbazafy
95e23339b2
Decimal conversion (#139)
* Add constant-time fromDecimal conversion. Add warnings on intended purposes of hex/decimals

* introduce setuint + cosmetic fixes Wordbitsize -> Wordbitwidth in comments

* Add decimal conversion (non-constant-time)

* fix comments [skip ci]
2021-01-29 20:42:36 +01:00
Mamy André-Ratsimbazafy
47daefde1f
forgot an import 2021-01-24 13:55:18 +01:00
Mamy André-Ratsimbazafy
98a4b2f91a
constant cosmetics 2021-01-24 12:57:13 +01:00
Mamy André-Ratsimbazafy
75493dfb5b
Fix #131, inversion tests didn't take into account that the RNG can produce a 0 input and so a.inv can be different from 1 2021-01-24 12:37:02 +01:00
Mamy Ratsimbazafy
7e97cd4ac5
Fuzz fix - non-unique modular representation after Assembly negate (#137)
* Fix #114 - Negating 0 left the prime modulus, which is working most of the time for everything except for comparison. (also somehow triggers and workaround weird compiler bug where exceptions tracking is activated in macros and all the curve enums were stringified as their ordinal value)

* https://github.com/mratsim/constantine/issues/136 was also fixed, add to anti-regression

* add comment in test

* Fix the pure Nim fallback as well
2021-01-24 12:35:27 +01:00
Mamy Ratsimbazafy
5b1d280486
Fix 50% perf regression (2x with GCC) on binary GCD based inversion (#135)
* Fix 50% perf regresion Revert part of #95, fix #134

* Deactivate inversion via addition chain for BW6-761. 2x slower than Euclid
2021-01-23 21:44:22 +01:00
Mamy Ratsimbazafy
82819b1b10
Square Root & Inversion addition chains - 20% perf increase (#132)
* Addition chain for sqrt BLS12-381: 20% perf improvement

* sqrt addchain for BN254_Snarks - 20% perf improvement as well

* Fix operation count [skip ci]

* BLS12-377 sqrt - 10% perf improvement

* sqrt addition chain for BW6-761 - 6% speedup

* BN254_Nogami inversion addchain

* sqrt addchain for BN254_Nogami

* Inversion addchain for BLS12-377

* inversion ddition chain for BW6-761
2021-01-23 20:55:40 +01:00
Mamy André-Ratsimbazafy
a02dd19d36
Compendium of pairing-based cryptography optimizations 2021-01-23 15:46:41 +01:00
Mamy Ratsimbazafy
638cb71e16
Fr: Finite Field parametrized by the curve order (#115)
* Introduce Fr type: finite field over curve order. Need workaround for https://github.com/nim-lang/Nim/issues/16774

* Split curve properties into core and derived

* Attach field properties to an instantiated field instead of the curve enum

* Workaround https://github.com/nim-lang/Nim/issues/14021, yet another "working with types in macros" is difficult https://github.com/nim-lang/RFCs/issues/44

* Implement finite field over prime order of a curve subgroup

* skip OpenSSL tests on windows
2021-01-22 00:09:52 +01:00
Mamy Ratsimbazafy
ac6300555a
Fix test suite (#116)
* Pin nim-serialization. Workaround #113 and https://github.com/status-im/nim-serialization/issues/33

* Need to workaround nimble installing dependency multiple times

* non-interactive

* UB sanitizer missing on mingw

* Fix OpenSSL benchmark on non-Linux platforms

* Accelerate CI:
- Skip 32-bit on 64-bit tests
- Only test leaf functionality.

* Don't define -fstack-protector-all with MinGW

* skip line functions and cyclotomic tests (already tested in pairing) + only compile the benches don't run them.
2021-01-21 21:25:42 +01:00
Mamy Ratsimbazafy
023e690efc
Fix #111 2021-01-11 08:25:02 +01:00
Mamy Ratsimbazafy
29fffecc93
Update README.md 2021-01-06 19:27:16 +01:00
Mamy André-Ratsimbazafy
a5c1d077fb
deal with DLL mess for OpenSSL test 2021-01-03 21:50:22 +01:00
Mamy André-Ratsimbazafy
e89429e822
SHA256 Hash function 2020-12-15 19:18:36 +01:00
Mamy André-Ratsimbazafy
c89c78d2d9
Typo Borrow instead of Carry in return type 2020-12-13 18:57:23 +01:00
Mamy Ratsimbazafy
a022db1c08
Sqrt fp2 acceleration (#109)
* Use sqrt.square() == a instead of sqrt * invsqrt = -1 (Euler criterion) for sqrt existence.

* Accelerate sqrt_fp2 by 33%
2020-12-13 17:08:32 +01:00
Mamy André-Ratsimbazafy
f0b18ecfe0
Github Actions add-path is gone https://github.blog/changelog/2020-10-01-github-actions-deprecating-set-env-and-add-path-commands/ 2020-12-13 15:28:51 +01:00
Mamy André-Ratsimbazafy
13e6b7dfe6
Travis pricing change, keep only ARM64 and PPC64 2020-12-12 19:47:45 +01:00
mratsim
45ef3a65e0 Skip 32-bit tests on 64-bit machines (too long) 2020-10-31 14:51:17 +01:00
Mamy Ratsimbazafy
244f58350c
Implement BW6-761 Endomorphism acceleration (#104)
* Implement BW6-761 GLV on G1 + Psi Untwist-Frobenius-Twist

* Fix frobenius constants for embedding degree != 12

* Fix test type/parsing issues

* Generalize frobenius map coefficient formula

* Fix Frobenius Psi generalization

* Don't confuse t and trace of frobenius + update scalarMul to use Frobenius on Fp Twist

* Fix ec_sage type definition

* fix decription [skip ci]

* update comment [skip ci]

* typo

* restore frobenius tests iterations
2020-10-13 23:58:35 +02:00
mratsim
7f0f511760 Fix Readme Github Action link [skip CI] 2020-10-11 22:04:13 +02:00
Mamy Ratsimbazafy
7826c40e26
Unify GCC and Clang ASM (#103)
* GCC-10 on Mac seems to require this syntax instead of the "+"

* update comment
2020-10-11 21:36:16 +02:00
mratsim
1383aae105 Remove outdated TODOs [skip ci]
- noinline consts: https://github.com/nim-lang/RFCs/issues/257
2020-10-11 21:33:59 +02:00
Mamy Ratsimbazafy
6530596032
Endomorphism acceleration for BN254-Nogami (#102) 2020-10-10 18:53:48 +02:00
Mamy Ratsimbazafy
a2f46f77b7
Sage constants & tests codegen (#101)
* Implement a Sage codegenerator for frobenius constants

* Sage codegen for pairings

* Autogen of endomorphism acceleration constants

* The autogen fixed a copy-paste bug in lattice decomposition. We can use conditional negation now and save an add+dbl in scalar mul

* small fixes

* sage code for square root bls12-377 is not old

* readme updates

* Provide test suggestions for derive_frobenius

* indentation + add equation form to sage

* Sage test vector generator

* Use the json vectors
- includes type system workaround: generic sandwich https://github.com/nim-lang/Nim/issues/11225
- converting NimNode to typedesc: https://github.com/nim-lang/Nim/issues/6785

* Delete old sage code

* Install nim-serialization and nim-json-serialization in CI

* CI nimble install force yes
2020-10-10 16:19:23 +02:00
Mamy Ratsimbazafy
71bb4c799a
BW6-761 part 1 (#100)
* Add Fp, Fp2, Fp6 support for BW6-761

* Add G1 for BW6-761

* Prepare to support G2 twists on the same field as G1

* Remove a useless dependent type for lines

* Implement G2 for BW6-761

* Fix Line leftover
2020-10-09 07:51:47 +02:00
Mamy André-Ratsimbazafy
49164b66d8
fix testing canary 2020-10-05 22:20:29 +02:00
Mamy Ratsimbazafy
d622f48507
Unsed imports cleanup (#97) 2020-10-04 17:33:17 +02:00
Mamy Ratsimbazafy
fc1c3472ce
Fused projective line eval (#96)
* Reorg line functions to allow for Jacobian eval

* 2x faster Miller loop!!! with fused line eval double

* Support Line Double Fusion for D-Twists

* Implement fused line addition
2020-10-04 09:39:02 +02:00
Mamy Ratsimbazafy
986245b5c1
Jacobian coordinates (#95)
* Add projective-> affine bench

* Add conditional copy and div2 benches

* Fp4 benchmarks

* Constant-time Jacobian addition

* Jacobian doubling

* Use a simpler Add+Dbl complete formula

* Update tests

* Fix conditional negate

* Rollaback complete addition, we were only handling curve coef a == 0
2020-10-02 00:01:09 +02:00
Mamy André-Ratsimbazafy
0effd66dbd
SWei -> SHortW, weierstrass -> shortweierstrass 2020-09-27 23:02:48 +02:00
Mamy Ratsimbazafy
51586c7272
Merge pull request #94 from mratsim/reorg-curves-constants
Reorg curves constants
2020-09-27 22:31:13 +02:00
Mamy André-Ratsimbazafy
39ac014dfe
small fixes 2020-09-27 21:24:54 +02:00
Mamy André-Ratsimbazafy
00fa1ea7b6
Move pairings 2020-09-27 21:00:35 +02:00
Mamy André-Ratsimbazafy
2721131168
Move curve specific square root 2020-09-27 17:55:31 +02:00
Mamy André-Ratsimbazafy
204c72b811
again leftovers 2020-09-27 17:55:09 +02:00
Mamy André-Ratsimbazafy
48bab72d1f
cleanup leftover from BN curve inversion 2020-09-27 17:39:45 +02:00
Mamy André-Ratsimbazafy
8a456b84db
Move inversions curve-specific routines to the curve folder 2020-09-27 17:37:02 +02:00
Mamy André-Ratsimbazafy
3f48a590e8
Move assembly to their own folder 2020-09-27 17:25:21 +02:00
Mamy André-Ratsimbazafy
03d58ac1e7
Standardize constants names 2020-09-27 17:18:14 +02:00
Mamy André-Ratsimbazafy
f864fb20ec
Remove unused BN inversion 2020-09-27 16:17:13 +02:00
Mamy André-Ratsimbazafy
d04ccdd578
Move the cubic root to GLV files 2020-09-27 16:01:31 +02:00
Mamy André-Ratsimbazafy
34eb6fcfbd
Move GLV constants 2020-09-27 15:39:12 +02:00
Mamy André-Ratsimbazafy
e676e06959
move frobenius macros 2020-09-27 15:06:16 +02:00
Mamy André-Ratsimbazafy
fd45a790eb
Consolidated curve-specific Frobenius in a curve folder 2020-09-27 14:46:54 +02:00
Mamy André-Ratsimbazafy
92183c8b05
Remove unused curves 2020-09-27 13:13:45 +02:00
Mamy Ratsimbazafy
0e4dbfe400
BLS12-377 (#91)
* add Sage for constant time tonelli shanks

* Fused sqrt and invsqrt via Tonelli Shanks

* isolate sqrt in their own folder

* Implement constant-time Tonelli Shanks for any prime

* Implement Fp2 sqrt for any non-residue

* Add tests for BLS12_377

* Lattice decomposition script for BLS12_377 G1

* BLS12-377 G1 GLV ok, G2 GLV issue

* Proper endomorphism acceleration support for BLS12-377

* Add naive pairing support for BLS12-377

* Activate more bench for BLS12-377

* Fix MSB computation

* Optimize final exponentiation + add benches
2020-09-27 09:15:14 +02:00
Mamy André-Ratsimbazafy
ac37b55aa1
publish the lattice decomposition finder mentioned in https://github.com/scipr-lab/zexe/issues/267 2020-09-26 15:33:41 +02:00