mirror of
https://github.com/codex-storage/constantine.git
synced 2025-01-15 21:44:15 +00:00
d84edcd217
* Pairing - initial commit - line functions - sparse Fp12 functions * Small fixes: - Line parametrized by twist for generic algorithm - Add a conjugate operator for quadratic extensions - Have frobenius use it - Create an Affine coordinate type for elliptic curve * Implement (failing) pairing test * Stash pairing debug session, temp switch Fp12 over Fp4 * Proper naive pairing on BLS12-381 * Frobenius map * Implement naive pairing for BN curves * Add pairing tests to CI + reduce time spent on lower-level tests * Test without assembler in Github Actions + less base layers test iterations
142 lines
5.6 KiB
Nim
142 lines
5.6 KiB
Nim
# Constantine
|
|
# Copyright (c) 2018-2019 Status Research & Development GmbH
|
|
# Copyright (c) 2020-Present Mamy André-Ratsimbazafy
|
|
# Licensed and distributed under either of
|
|
# * MIT license (license terms in the root directory or at http://opensource.org/licenses/MIT).
|
|
# * Apache v2 license (license terms in the root directory or at http://www.apache.org/licenses/LICENSE-2.0).
|
|
# at your option. This file may not be copied, modified, or distributed except according to those terms.
|
|
|
|
import
|
|
# Standard library
|
|
std/[random, macros, times, strutils],
|
|
# Third-party
|
|
gmp, stew/byteutils,
|
|
# Internal
|
|
../constantine/io/io_bigints,
|
|
../constantine/arithmetic,
|
|
../constantine/primitives,
|
|
../constantine/config/[common, type_bigint]
|
|
|
|
echo "\n------------------------------------------------------\n"
|
|
# We test up to 1024-bit, more is really slow
|
|
|
|
var bitSizeRNG {.compileTime.} = initRand(1234)
|
|
|
|
macro testRandomModSizes(numSizes: static int, rBits, aBits, bBits, body: untyped): untyped =
|
|
## Generate `numSizes` random bit sizes known at compile-time to test against GMP
|
|
## for A mod M
|
|
result = newStmtList()
|
|
|
|
for _ in 0 ..< numSizes:
|
|
let aBitsVal = bitSizeRNG.rand(126 .. 2048)
|
|
let bBitsVal = bitSizeRNG.rand(126 .. 2048)
|
|
let rBitsVal = bitSizeRNG.rand(62 .. 4096+128)
|
|
|
|
result.add quote do:
|
|
block:
|
|
const `aBits` = `aBitsVal`
|
|
const `bBits` = `bBitsVal`
|
|
const `rBits` = `rBitsVal`
|
|
block:
|
|
`body`
|
|
|
|
const # https://gmplib.org/manual/Integer-Import-and-Export.html
|
|
GMP_WordLittleEndian {.used.} = -1'i32
|
|
GMP_WordNativeEndian {.used.} = 0'i32
|
|
GMP_WordBigEndian {.used.} = 1'i32
|
|
|
|
GMP_MostSignificantWordFirst = 1'i32
|
|
GMP_LeastSignificantWordFirst {.used.} = -1'i32
|
|
|
|
proc main() =
|
|
var gmpRng: gmp_randstate_t
|
|
gmp_randinit_mt(gmpRng)
|
|
# The GMP seed varies between run so that
|
|
# test coverage increases as the library gets tested.
|
|
# This requires to dump the seed in the console or the function inputs
|
|
# to be able to reproduce a bug
|
|
let seed = uint32(getTime().toUnix() and (1'i64 shl 32 - 1)) # unixTime mod 2^32
|
|
echo "GMP seed: ", seed
|
|
gmp_randseed_ui(gmpRng, seed)
|
|
|
|
var r, a, b: mpz_t
|
|
mpz_init(r)
|
|
mpz_init(a)
|
|
mpz_init(b)
|
|
|
|
testRandomModSizes(12, rBits, aBits, bBits):
|
|
# echo "--------------------------------------------------------------------------------"
|
|
echo "Testing: random mul r (", align($rBits, 4), "-bit) <- a (", align($aBits, 4), "-bit) * b (", align($bBits, 4), "-bit) (full mul bits: ", align($(aBits+bBits), 4), "), r large enough? ", rBits >= aBits+bBits
|
|
|
|
# Generate random value in the range 0 ..< 2^aBits
|
|
mpz_urandomb(a, gmpRng, aBits)
|
|
# Generate random modulus and ensure the MSB is set
|
|
mpz_urandomb(b, gmpRng, bBits)
|
|
mpz_setbit(r, aBits+bBits)
|
|
|
|
# discard gmp_printf(" -- %#Zx mod %#Zx\n", a.addr, m.addr)
|
|
|
|
#########################################################
|
|
# Conversion buffers
|
|
const aLen = (aBits + 7) div 8
|
|
const bLen = (bBits + 7) div 8
|
|
|
|
var aBuf: array[aLen, byte]
|
|
var bBuf: array[bLen, byte]
|
|
|
|
{.push warnings: off.} # deprecated csize
|
|
var aW, bW: csize # Word written by GMP
|
|
{.pop.}
|
|
|
|
discard mpz_export(aBuf[0].addr, aW.addr, GMP_MostSignificantWordFirst, 1, GMP_WordNativeEndian, 0, a)
|
|
discard mpz_export(bBuf[0].addr, bW.addr, GMP_MostSignificantWordFirst, 1, GMP_WordNativeEndian, 0, b)
|
|
|
|
# Since the modulus is using all bits, it's we can test for exact amount copy
|
|
doAssert aLen >= aW, "Expected at most " & $aLen & " bytes but wrote " & $aW & " for " & toHex(aBuf) & " (big-endian)"
|
|
doAssert bLen >= bW, "Expected at most " & $bLen & " bytes but wrote " & $bW & " for " & toHex(bBuf) & " (big-endian)"
|
|
|
|
# Build the bigint
|
|
let aTest = BigInt[aBits].fromRawUint(aBuf.toOpenArray(0, aW-1), bigEndian)
|
|
let bTest = BigInt[bBits].fromRawUint(bBuf.toOpenArray(0, bW-1), bigEndian)
|
|
|
|
#########################################################
|
|
# Multiplication
|
|
mpz_mul(r, a, b)
|
|
|
|
# If a*b overflow the result size we truncate
|
|
const numWords = wordsRequired(rBits)
|
|
when numWords < wordsRequired(aBits+bBits):
|
|
echo " truncating from ", wordsRequired(aBits+bBits), " words to ", numWords, " (2^", WordBitwidth * numWords, ")"
|
|
r.mpz_tdiv_r_2exp(r, WordBitwidth * numWords)
|
|
|
|
# Constantine
|
|
var rTest: BigInt[rBits]
|
|
rTest.prod(aTest, bTest)
|
|
|
|
#########################################################
|
|
# Check
|
|
const rLen = numWords * WordBitWidth
|
|
var rGMP: array[rLen, byte]
|
|
{.push warnings: off.} # deprecated csize
|
|
var rW: csize # Word written by GMP
|
|
{.pop.}
|
|
discard mpz_export(rGMP[0].addr, rW.addr, GMP_MostSignificantWordFirst, 1, GMP_WordNativeEndian, 0, r)
|
|
|
|
var rConstantine: array[rLen, byte]
|
|
exportRawUint(rConstantine, rTest, bigEndian)
|
|
|
|
# Note: in bigEndian, GMP aligns left while constantine aligns right
|
|
doAssert rGMP.toOpenArray(0, rW-1) == rConstantine.toOpenArray(rLen-rW, rLen-1), block:
|
|
# Reexport as bigEndian for debugging
|
|
discard mpz_export(aBuf[0].addr, aW.addr, GMP_MostSignificantWordFirst, 1, GMP_WordNativeEndian, 0, a)
|
|
discard mpz_export(bBuf[0].addr, bW.addr, GMP_MostSignificantWordFirst, 1, GMP_WordNativeEndian, 0, b)
|
|
"\nMultiplication with operands\n" &
|
|
" a (" & align($aBits, 4) & "-bit): " & aBuf.toHex & "\n" &
|
|
" b (" & align($bBits, 4) & "-bit): " & bBuf.toHex & "\n" &
|
|
"into r of size " & align($rBits, 4) & "-bit failed:" & "\n" &
|
|
" GMP: " & rGMP.toHex() & "\n" &
|
|
" Constantine: " & rConstantine.toHex() & "\n" &
|
|
"(Note that GMP aligns bytes left while constantine aligns bytes right)"
|
|
|
|
main()
|