constantine/tests/t_io_unsaturated.nim
Mamy Ratsimbazafy 53c4db7ead
Fast modular inversion (#172)
* split modular inversion in its own file

* Stash fast GCD inversion https://eprint.iacr.org/2020/972.pdf

* Stash Pornin's bingcd -> issue with inner modular reduction

* Implement Bernstein-Yang inversion

* Avoid Nim checks on signed integers (32-bit runtime issue)

* cleanup: remove old inversion impls

* cleanup: static moduli, move div2

* small comments (skip ci)

* comment cleanup (skip ci)

* fix total iterations on 32-bit

* Add batch conversion to affine coordinates using simultaneous inversion trick

* fix conditional setZero and batchAffine conversion

* cleanup unneeded branches following affine conversion unification

* Fix batchAffine with zero inputs and add fuzz failure to test suite
2022-02-10 14:05:07 +01:00

89 lines
2.9 KiB
Nim

# Constantine
# Copyright (c) 2018-2019 Status Research & Development GmbH
# Copyright (c) 2020-Present Mamy André-Ratsimbazafy
# Licensed and distributed under either of
# * MIT license (license terms in the root directory or at http://opensource.org/licenses/MIT).
# * Apache v2 license (license terms in the root directory or at http://www.apache.org/licenses/LICENSE-2.0).
# at your option. This file may not be copied, modified, or distributed except according to those terms.
import std/[unittest,times],
../constantine/config/[common, curves],
../constantine/arithmetic,
../constantine/arithmetic/limbs_unsaturated,
../constantine/io/io_bigints,
../helpers/prng_unsafe
# Random seed for reproducibility
var rng: RngState
let seed = uint32(getTime().toUnix() and (1'i64 shl 32 - 1)) # unixTime mod 2^32
rng.seed(seed)
echo "\n------------------------------------------------------\n"
echo "test_io_unsaturated xoshiro512** seed: ", seed
type
RandomGen = enum
Uniform
HighHammingWeight
Long01Sequence
func random_bigint*(rng: var RngState, curve: static Curve, gen: static RandomGen): auto =
when gen == Uniform:
rng.random_unsafe(matchingBigInt(curve))
elif gen == HighHammingWeight:
rng.random_highHammingWeight(matchingBigInt(curve))
else:
rng.random_long01Seq(matchingBigInt(curve))
# debug
import std/strutils
proc testRoundtrip(curve: static Curve, gen: static RandomGen) =
const bits = curve.getCurveBitwidth()
const Excess = 2
const UnsatBitwidth = WordBitWidth - Excess
const N = (bits + UnsatBitwidth-1) div UnsatBitwidth
let a = rng.random_bigint(curve, gen)
var u: LimbsUnsaturated[N, Excess]
var b: typeof(a)
u.fromPackedRepr(a.limbs)
b.limbs.fromUnsatRepr(u)
doAssert bool(a == b), block:
"\n a: " & a.toHex() &
"\n b: " & b.toHex()
proc main() =
suite "Packed <-> Unsaturated limbs roundtrips" & " [" & $WordBitwidth & "-bit mode]":
const Iters = 10000
test "BN254_Snarks":
for _ in 0 ..< Iters:
testRoundtrip(BN254_Snarks, Uniform)
for _ in 0 ..< Iters:
testRoundtrip(BN254_Snarks, HighHammingWeight)
for _ in 0 ..< Iters:
testRoundtrip(BN254_Snarks, Long01Sequence)
test "Curve25519":
for _ in 0 ..< Iters:
testRoundtrip(Curve25519, Uniform)
for _ in 0 ..< Iters:
testRoundtrip(Curve25519, HighHammingWeight)
for _ in 0 ..< Iters:
testRoundtrip(Curve25519, Long01Sequence)
test "secp256k1":
for _ in 0 ..< Iters:
testRoundtrip(Secp256k1, Uniform)
for _ in 0 ..< Iters:
testRoundtrip(Secp256k1, HighHammingWeight)
for _ in 0 ..< Iters:
testRoundtrip(Secp256k1, Long01Sequence)
test "BLS12-381":
for _ in 0 ..< Iters:
testRoundtrip(BLS12_381, Uniform)
for _ in 0 ..< Iters:
testRoundtrip(BLS12_381, HighHammingWeight)
for _ in 0 ..< Iters:
testRoundtrip(BLS12_381, Long01Sequence)
main()