mirror of
https://github.com/codex-storage/constantine.git
synced 2025-01-14 21:14:18 +00:00
4ff0e3d90b
* Lay out the refactoring objectives and tradeoffs * Refactor the 32 and 64-bit primitives [skip ci] * BigInts and Modular BigInts compile * Make the bigints test compile * Fix modular reduction * Fix reduction tests vs GMP * Implement montegomery mul, pow, inverse, WIP finite field compilation * Make FiniteField compile * Fix exponentiation compilation * Fix Montgomery magic constant computation for 2^64 words * Fix typo in non-optimized CIOS - passing finite fields IO tests * Add limbs comparisons [skip ci] * Fix on precomputation of the Montgomery magic constant * Passing all tests including 𝔽p2 * modular addition, the test for mersenne prime was wrong * update benches * Fix "nimble test" + typo on out-of-place field addition * bigint division, normalization is needed: https://travis-ci.com/github/mratsim/constantine/jobs/298359743 * missing conversion in subborrow non-x86 fallback - https://travis-ci.com/github/mratsim/constantine/jobs/298359744 * Fix little-endian serialization * Constantine32 flag to run 32-bit constantine on 64-bit machines * IO Field test, ensure that BaseType is used instead of uint64 when the prime can field in uint32 * Implement proper addcarry and subborrow fallback for the compile-time VM * Fix export issue when the logical wordbitwidth == physical wordbitwidth - passes all tests (32-bit and 64-bit) * Fix uint128 on ARM * Fix C++ conditional copy and ARM addcarry/subborrow * Add investigation for SIGFPE in Travis * Fix debug display for unsafeDiv2n1n * multiplexer typo * moveMem bug in glibc of Ubuntu 16.04? * Was probably missing an early clobbered register annotation on conditional mov * Note on Montgomery-friendly moduli * Strongly suspect a GCC before GCC 7 codegen bug (https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87139) * hex conversion was (for debugging) not taking requested order into account + inlining comment * Use 32-bit limbs on ARM64, uint128 builtin __udivti4 bug? * Revert "Use 32-bit limbs on ARM64, uint128 builtin __udivti4 bug?" This reverts commit 087f9aa7fb40bbd058d05cbd8eec7fc082911f49. * Fix subborrow fallback for non-x86 (need to maks the borrow)
191 lines
6.6 KiB
Nim
191 lines
6.6 KiB
Nim
# Constantine
|
|
# Copyright (c) 2018-2019 Status Research & Development GmbH
|
|
# Copyright (c) 2020-Present Mamy André-Ratsimbazafy
|
|
# Licensed and distributed under either of
|
|
# * MIT license (license terms in the root directory or at http://opensource.org/licenses/MIT).
|
|
# * Apache v2 license (license terms in the root directory or at http://www.apache.org/licenses/LICENSE-2.0).
|
|
# at your option. This file may not be copied, modified, or distributed except according to those terms.
|
|
|
|
import unittest, random, math,
|
|
../constantine/primitives
|
|
|
|
# Random seed for reproducibility
|
|
randomize(0xDEADBEEF)
|
|
|
|
template undistinct[T](x: Ct[T]): T =
|
|
T(x)
|
|
|
|
proc main() =
|
|
suite "Constant-time unsigned integers":
|
|
test "High - getting the biggest representable number":
|
|
check:
|
|
high(Ct[byte]).undistinct == 0xFF.byte
|
|
high(Ct[uint8]).undistinct == 0xFF'u8
|
|
|
|
high(Ct[uint16]).undistinct == 0xFFFF'u16
|
|
high(Ct[uint32]).undistinct == 0xFFFFFFFF'u32
|
|
high(Ct[uint64]).undistinct == 0xFFFFFFFF_FFFFFFFF'u64
|
|
|
|
test "bitwise `and`, `or`, `xor`, `not`":
|
|
let x1 = rand(high(int)).uint64
|
|
let y1 = rand(high(int)).uint64
|
|
let x2 = rand(high(int)).uint64
|
|
let y2 = rand(high(int)).uint64
|
|
let x3 = rand(high(int)).uint64
|
|
let y3 = rand(high(int)).uint64
|
|
template bitwise_check(op: untyped): untyped =
|
|
block:
|
|
check:
|
|
op(ct(0'u32), ct(0'u32)).undistinct == op(0'u32, 0'u32)
|
|
op(ct(0'u32), ct(1'u32)).undistinct == op(0'u32, 1'u32)
|
|
op(ct(1234'u64), ct(5678'u64)).undistinct == op(1234'u64, 5678'u64)
|
|
|
|
op(x1.ct, y1.ct).undistinct == op(x1, y1)
|
|
op(x2.ct, y2.ct).undistinct == op(x2, y2)
|
|
op(x3.ct, y3.ct).undistinct == op(x3, y3)
|
|
bitwise_check(`and`)
|
|
bitwise_check(`or`)
|
|
bitwise_check(`xor`)
|
|
|
|
block:
|
|
check:
|
|
not(ct(0'u32)).undistinct == not 0'u32
|
|
not(ct(1'u32)).undistinct == not 1'u32
|
|
not(ct(1234'u64)).undistinct == not 1234'u64
|
|
not(ct(5678'u64)).undistinct == not 5678'u64
|
|
not(ct(x1)).undistinct == not x1
|
|
not(ct(x2)).undistinct == not x2
|
|
not(ct(x3)).undistinct == not x3
|
|
not(ct(y1)).undistinct == not y1
|
|
not(ct(y2)).undistinct == not y2
|
|
not(ct(y3)).undistinct == not y3
|
|
|
|
test "Logical shifts":
|
|
let x1 = rand(high(int)).uint64
|
|
let y1 = rand(high(int)).uint64
|
|
let x2 = rand(high(int)).uint64
|
|
let y2 = rand(high(int32)).uint64
|
|
let x3 = rand(high(int32)).uint64
|
|
let y3 = rand(high(int32)).uint64
|
|
|
|
let s1 = rand(10)
|
|
let s2 = rand(10)
|
|
let s3 = rand(10)
|
|
|
|
template shift_check(op: untyped): untyped =
|
|
block:
|
|
check:
|
|
op(ct(0'u32), 1).undistinct == op(0'u32, 1)
|
|
op(ct(1'u32), 2).undistinct == op(1'u32, 2)
|
|
op(ct(1234'u64), 3).undistinct == op(1234'u64, 3)
|
|
op(ct(2'u64^30), 1).undistinct == op(2'u64^30, 1)
|
|
op(ct(2'u64^31 + 1), 1).undistinct == op(2'u64^31 + 1, 1)
|
|
op(ct(2'u64^32), 1).undistinct == op(2'u64^32, 1)
|
|
|
|
op(x1.ct, s1).undistinct == op(x1, s1)
|
|
op(x2.ct, s2).undistinct == op(x2, s2)
|
|
op(x3.ct, s3).undistinct == op(x3, s3)
|
|
|
|
|
|
op(y1.ct, s1).undistinct == op(y1, s1)
|
|
op(y2.ct, s2).undistinct == op(y2, s2)
|
|
op(y3.ct, s3).undistinct == op(y3, s3)
|
|
|
|
shift_check(`shl`)
|
|
shift_check(`shr`)
|
|
|
|
|
|
test "Operators `+`, `-`, `*`":
|
|
let x1 = rand(high(int)).uint64
|
|
let y1 = rand(high(int)).uint64
|
|
let x2 = rand(high(int)).uint64
|
|
let y2 = rand(high(int)).uint64
|
|
let x3 = rand(high(int)).uint64
|
|
let y3 = rand(high(int)).uint64
|
|
template operator_check(op: untyped): untyped =
|
|
block:
|
|
check:
|
|
op(ct(0'u32), ct(0'u32)).undistinct == op(0'u32, 0'u32)
|
|
op(ct(0'u32), ct(1'u32)).undistinct == op(0'u32, 1'u32)
|
|
op(ct(1234'u64), ct(5678'u64)).undistinct == op(1234'u64, 5678'u64)
|
|
|
|
op(x1.ct, y1.ct).undistinct == op(x1, y1)
|
|
op(x2.ct, y2.ct).undistinct == op(x2, y2)
|
|
op(x3.ct, y3.ct).undistinct == op(x3, y3)
|
|
operator_check(`+`)
|
|
operator_check(`-`)
|
|
operator_check(`*`)
|
|
|
|
test "Unary `-`, returning the 2-complement of an unsigned integer":
|
|
let x1 = rand(high(int)).uint64
|
|
let y1 = rand(high(int)).uint64
|
|
let x2 = rand(high(int)).uint64
|
|
let y2 = rand(high(int)).uint64
|
|
let x3 = rand(high(int)).uint64
|
|
let y3 = rand(high(int)).uint64
|
|
check:
|
|
(-ct(0'u32)).undistinct == 0
|
|
(-high(Ct[uint32])).undistinct == 1'u32
|
|
(-ct(0x80000000'u32)).undistinct == 0x80000000'u32 # This is low(int32) == 0b10000..0000
|
|
|
|
undistinct(-x1.ct) == undistinct(not(x1.ct) + ct(1'u64))
|
|
undistinct(-x2.ct) == undistinct(not(x2.ct) + ct(1'u64))
|
|
undistinct(-x3.ct) == undistinct(not(x3.ct) + ct(1'u64))
|
|
undistinct(-y1.ct) == undistinct(not(y1.ct) + ct(1'u64))
|
|
undistinct(-y2.ct) == undistinct(not(y2.ct) + ct(1'u64))
|
|
undistinct(-y3.ct) == undistinct(not(y3.ct) + ct(1'u64))
|
|
|
|
suite "Constant-time booleans":
|
|
test "Boolean not":
|
|
check:
|
|
not(ctrue(uint32)).bool == false
|
|
not(cfalse(uint32)).bool == true
|
|
|
|
test "Comparison":
|
|
check:
|
|
bool(ct(0'u32) != ct(0'u32)) == false
|
|
bool(ct(0'u32) != ct(1'u32)) == true
|
|
|
|
bool(ct(10'u32) == ct(10'u32)) == true
|
|
bool(ct(10'u32) != ct(20'u32)) == true
|
|
|
|
bool(ct(10'u32) <= ct(10'u32)) == true
|
|
bool(ct(10'u32) <= ct(20'u32)) == true
|
|
bool(ct(10'u32) <= ct(5'u32)) == false
|
|
bool(ct(10'u32) <= ct(0xFFFFFFFF'u32)) == true
|
|
|
|
bool(ct(10'u32) < ct(10'u32)) == false
|
|
bool(ct(10'u32) < ct(20'u32)) == true
|
|
bool(ct(10'u32) < ct(5'u32)) == false
|
|
bool(ct(10'u32) < ct(0xFFFFFFFF'u32)) == true
|
|
|
|
bool(ct(10'u32) > ct(10'u32)) == false
|
|
bool(ct(10'u32) > ct(20'u32)) == false
|
|
bool(ct(10'u32) > ct(5'u32)) == true
|
|
bool(ct(10'u32) > ct(0xFFFFFFFF'u32)) == false
|
|
|
|
bool(ct(10'u32) >= ct(10'u32)) == true
|
|
bool(ct(10'u32) >= ct(20'u32)) == false
|
|
bool(ct(10'u32) >= ct(5'u32)) == true
|
|
bool(ct(10'u32) >= ct(0xFFFFFFFF'u32)) == false
|
|
|
|
test "Multiplexer/selector - mux(ctl, x, y) <=> ctl? x: y":
|
|
let u = 10'u32.ct
|
|
let v = 20'u32.ct
|
|
let w = 5'u32.ct
|
|
|
|
let y = ctrue(uint32)
|
|
let n = cfalse(uint32)
|
|
|
|
check:
|
|
bool(mux(y, u, v) == u)
|
|
bool(mux(n, u, v) == v)
|
|
|
|
bool(mux(y, u, w) == u)
|
|
bool(mux(n, u, w) == w)
|
|
|
|
bool(mux(y, v, w) == v)
|
|
bool(mux(n, v, w) == w)
|
|
|
|
main()
|