mirror of
https://github.com/codex-storage/constantine.git
synced 2025-01-30 20:45:08 +00:00
e5612f5705
* unoptimized msm * MSM: reorder loops * add a signed windowed recoding technique * improve wNAF table access * use batchAffine * revamp EC tests * MSM signed digit support * refactor MSM: recode signed ahead of time * missing test vector * refactor allocs and Alloca sideeffect * add an endomorphism threshold * Add Jacobian extended coordinates * refactor recodings, prepare for parallelizable on-the-fly signed recoding * recoding changes, introduce proper NAF for pairings * more pairings refactoring, introduce miller accumulator for EVM * some optim to the addchain miller loop * start optimizing multi-pairing * finish multi-miller loop refactoring * minor tuning * MSM: signed encoding suitable for parallelism (no precompute) * cleanup signed window encoding * add prefetching * add metering * properly init result to infinity * comment on prefetching * introduce vartime inversion for batch additions * fix JacExt infinity conversion * add batchAffine for MSM, though slower than JacExtended at the moment * add a batch affine scheduler for MSM * Add Multi-Scalar-Multiplication endomorphism acceleration * some tuning * signed integer fixes + 32-bit + tuning * Some more tuning * common msm bench + don't use affine for c < 9 * nit
115 lines
4.0 KiB
Nim
115 lines
4.0 KiB
Nim
# Constantine
|
|
# Copyright (c) 2018-2019 Status Research & Development GmbH
|
|
# Copyright (c) 2020-Present Mamy André-Ratsimbazafy
|
|
# Licensed and distributed under either of
|
|
# * MIT license (license terms in the root directory or at http://opensource.org/licenses/MIT).
|
|
# * Apache v2 license (license terms in the root directory or at http://www.apache.org/licenses/LICENSE-2.0).
|
|
# at your option. This file may not be copied, modified, or distributed except according to those terms.
|
|
|
|
import
|
|
# Standard library
|
|
std/[unittest, times],
|
|
# Internals
|
|
../../constantine/platforms/abstractions,
|
|
../../constantine/math/arithmetic,
|
|
../../constantine/math/extension_fields,
|
|
../../constantine/math/config/curves,
|
|
../../constantine/math/io/io_extfields,
|
|
../../constantine/math/elliptic/[
|
|
ec_shortweierstrass_affine,
|
|
ec_shortweierstrass_projective,
|
|
ec_scalar_mul],
|
|
../../constantine/math/pairings/lines_eval,
|
|
# Test utilities
|
|
../../helpers/prng_unsafe
|
|
|
|
const
|
|
Iters = 4
|
|
TestCurves = [
|
|
BLS12_377
|
|
]
|
|
|
|
type
|
|
RandomGen = enum
|
|
Uniform
|
|
HighHammingWeight
|
|
Long01Sequence
|
|
|
|
var rng: RngState
|
|
let seed = uint32(getTime().toUnix() and (1'i64 shl 32 - 1)) # unixTime mod 2^32
|
|
rng.seed(seed)
|
|
echo "\n------------------------------------------------------\n"
|
|
echo "test_pairing_bls12_377_line_functions xoshiro512** seed: ", seed
|
|
|
|
func random_point*(rng: var RngState, EC: typedesc, gen: RandomGen): EC {.noInit.} =
|
|
if gen == Uniform:
|
|
result = rng.random_unsafe(EC)
|
|
elif gen == HighHammingWeight:
|
|
result = rng.random_highHammingWeight(EC)
|
|
else:
|
|
result = rng.random_long01Seq(EC)
|
|
|
|
func random_point*(rng: var RngState, EC: typedesc, randZ: bool, gen: RandomGen): EC {.noInit.} =
|
|
if not randZ:
|
|
if gen == Uniform:
|
|
result = rng.random_unsafe(EC)
|
|
elif gen == HighHammingWeight:
|
|
result = rng.random_highHammingWeight(EC)
|
|
else:
|
|
result = rng.random_long01Seq(EC)
|
|
else:
|
|
if gen == Uniform:
|
|
result = rng.random_unsafe_with_randZ(EC)
|
|
elif gen == HighHammingWeight:
|
|
result = rng.random_highHammingWeight_with_randZ(EC)
|
|
else:
|
|
result = rng.random_long01Seq_with_randZ(EC)
|
|
|
|
suite "Pairing - Line Functions on BLS12-377" & " [" & $WordBitWidth & "-bit words]":
|
|
test "Line double - lt,t(P)":
|
|
proc test_line_double(C: static Curve, randZ: bool, gen: RandomGen) =
|
|
for _ in 0 ..< Iters:
|
|
let P = rng.random_point(ECP_ShortW_Aff[Fp[C], G1], gen)
|
|
var T = rng.random_point(ECP_ShortW_Prj[Fp2[C], G2], randZ, gen)
|
|
let Q = rng.random_point(ECP_ShortW_Prj[Fp2[C], G2], randZ, gen)
|
|
var l: Line[Fp2[C]]
|
|
|
|
var T2: typeof(Q)
|
|
T2.double(T)
|
|
l.line_double(T, P)
|
|
|
|
doAssert: bool(T == T2)
|
|
|
|
staticFor(curve, TestCurves):
|
|
test_line_double(curve, randZ = false, gen = Uniform)
|
|
test_line_double(curve, randZ = true, gen = Uniform)
|
|
test_line_double(curve, randZ = false, gen = HighHammingWeight)
|
|
test_line_double(curve, randZ = true, gen = HighHammingWeight)
|
|
test_line_double(curve, randZ = false, gen = Long01Sequence)
|
|
test_line_double(curve, randZ = true, gen = Long01Sequence)
|
|
|
|
test "Line add - lt,q(P)":
|
|
proc test_line_add(C: static Curve, randZ: bool, gen: RandomGen) =
|
|
for _ in 0 ..< Iters:
|
|
let P = rng.random_point(ECP_ShortW_Aff[Fp[C], G1], gen)
|
|
let Q = rng.random_point(ECP_ShortW_Prj[Fp2[C], G2], randZ, gen)
|
|
var T = rng.random_point(ECP_ShortW_Prj[Fp2[C], G2], randZ, gen)
|
|
var l: Line[Fp2[C]]
|
|
|
|
var TQ{.noInit.}: typeof(T)
|
|
TQ.sum(T, Q)
|
|
|
|
var Qaff{.noInit.}: ECP_ShortW_Aff[Fp2[C], G2]
|
|
Qaff.affine(Q)
|
|
l.line_add(T, Qaff, P)
|
|
|
|
doAssert: bool(T == TQ)
|
|
|
|
staticFor(curve, TestCurves):
|
|
test_line_add(curve, randZ = false, gen = Uniform)
|
|
test_line_add(curve, randZ = true, gen = Uniform)
|
|
test_line_add(curve, randZ = false, gen = HighHammingWeight)
|
|
test_line_add(curve, randZ = true, gen = HighHammingWeight)
|
|
test_line_add(curve, randZ = false, gen = Long01Sequence)
|
|
test_line_add(curve, randZ = true, gen = Long01Sequence)
|