Commit Graph

275 Commits

Author SHA1 Message Date
Mamy André-Ratsimbazafy f24d87fb00
Fix squaring in 𝔽p12, mul in 𝔽p6 MUST NOT share buffer (i.e. broken value semantics) 2020-04-09 02:00:45 +02:00
Mamy André-Ratsimbazafy 8c478df0c1
𝔽p12 extension - initial commit of squaring 2020-04-09 01:23:10 +02:00
Mamy André-Ratsimbazafy e47159e40d
Somewhat working (?) sage script for quadratic/cubic non-residues 2020-03-22 21:57:15 +01:00
Mamy André-Ratsimbazafy 8b7374f405
Cleanup in Montgomery Mul, Square, Pow 2020-03-22 13:24:37 +01:00
Mamy André-Ratsimbazafy 2d5b173a39
Less magics, les macros, faster compile-times (or not, Fp6 starts to get really slow, like 5s) + some cleanups in curve families + test 𝔽p6 on 32-bit 2020-03-22 12:28:53 +01:00
Mamy André-Ratsimbazafy c40bc1977d
Inverse in cubic extension field 𝔽p6 = 𝔽p2[∛(1 + 𝑖)] 2020-03-21 23:47:43 +01:00
Mamy André-Ratsimbazafy ff4a54daba
Add multiplication in 𝔽p6 = 𝔽p2[∛(1+𝑖)] 2020-03-21 19:03:57 +01:00
Mamy André-Ratsimbazafy 964533494f
Struggling with sage to verify non-residues of extension towers 2020-03-21 17:42:06 +01:00
Mamy André-Ratsimbazafy 1282c38845
Add sage script for BN and BLS12 curve families 2020-03-21 15:50:39 +01:00
Mamy André-Ratsimbazafy 12363020e1
Fix link to curves config 2020-03-21 13:41:40 +01:00
Mamy André-Ratsimbazafy 1855d14497
Add more curves for testing: Curve25519, BLS12-377, BN446, FKM-447, BLS12-461, BN462 2020-03-21 13:05:58 +01:00
Mamy André-Ratsimbazafy 9e78cd5d6d
Benchmark template for 𝔽p, 𝔽p2, 𝔽p6 2020-03-21 02:31:31 +01:00
Mamy André-Ratsimbazafy 03898b2292
Implement squaring for 𝔽p6 = 𝔽p2[∛(1+𝑖)] 2020-03-21 01:59:23 +01:00
Mamy André-Ratsimbazafy bde619155b
30% faster constant-time inversion 2020-03-20 23:03:52 +01:00
Mamy André-Ratsimbazafy 1958356a09
duplicate the timer to mak formal verification self contained 2020-03-19 00:25:22 +01:00
Mamy André-Ratsimbazafy fafebacd05
Add formally verified and prover generated BLS12_381 implementation 2020-03-19 00:22:00 +01:00
Mamy Ratsimbazafy 6423be0dfb
Add optimized squaring (~15% speedup) (#18)
* Add optimized squaring (~15% speedup)

* avoid repetitions in tests
2020-03-17 22:04:37 +01:00
Mamy Ratsimbazafy 4ff0e3d90b
Internals refactor + renewed focus on perf (#17)
* Lay out the refactoring objectives and tradeoffs

* Refactor the 32 and 64-bit primitives [skip ci]

* BigInts and Modular BigInts compile

* Make the bigints test compile

* Fix modular reduction

* Fix reduction tests vs GMP

* Implement montegomery mul, pow, inverse, WIP finite field compilation

* Make FiniteField compile

* Fix exponentiation compilation

* Fix Montgomery magic constant computation  for 2^64 words

* Fix typo in non-optimized CIOS - passing finite fields IO tests

* Add limbs comparisons [skip ci]

* Fix on precomputation of the Montgomery magic constant

* Passing all tests including 𝔽p2

* modular addition, the test for mersenne prime was wrong

* update benches

* Fix "nimble test" + typo on out-of-place field addition

* bigint division, normalization is needed: https://travis-ci.com/github/mratsim/constantine/jobs/298359743

* missing conversion in subborrow non-x86 fallback - https://travis-ci.com/github/mratsim/constantine/jobs/298359744

* Fix little-endian serialization

* Constantine32 flag to run 32-bit constantine on 64-bit machines

* IO Field test, ensure that BaseType is used instead of uint64 when the prime can field in uint32

* Implement proper addcarry and subborrow fallback for the compile-time VM

* Fix export issue when the logical wordbitwidth == physical wordbitwidth - passes all tests (32-bit and 64-bit)

* Fix uint128 on ARM

* Fix C++ conditional copy and ARM addcarry/subborrow

* Add investigation for SIGFPE in Travis

* Fix debug display for unsafeDiv2n1n

* multiplexer typo

* moveMem bug in glibc of Ubuntu 16.04?

* Was probably missing an early clobbered register annotation on conditional mov

* Note on Montgomery-friendly moduli

* Strongly suspect a GCC before GCC 7 codegen bug (https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87139)

* hex conversion was (for debugging) not taking requested order into account + inlining comment

* Use 32-bit limbs on ARM64, uint128 builtin __udivti4 bug?

* Revert "Use 32-bit limbs on ARM64, uint128 builtin __udivti4 bug?"

This reverts commit 087f9aa7fb40bbd058d05cbd8eec7fc082911f49.

* Fix subborrow fallback for non-x86 (need to maks the borrow)
2020-03-16 16:33:51 +01:00
Mamy André-Ratsimbazafy 191bb7710c
Add a warmup to the Fp bench to deal with CPU scaling 2020-03-15 21:02:17 +01:00
Mamy André-Ratsimbazafy b810422486
Add benchmark for Ethereum 1 and Ethereum 2 curves 2020-03-15 20:54:14 +01:00
Mamy André-Ratsimbazafy dc0c1c181c
enable substraction benchmarks 2020-03-07 12:23:46 +01:00
Mamy André-Ratsimbazafy 472823b749
more comprehensive benchmark of Fp 2020-03-06 17:44:30 +01:00
Mamy André-Ratsimbazafy adc630f3af
Fix overflow on win32 2020-03-01 17:05:14 +01:00
Mamy André-Ratsimbazafy 4b7c6b552e
Fix inline assembly and inline __int128 in C++ mode 2020-03-01 16:23:41 +01:00
Mamy André-Ratsimbazafy c8e482f6d2
Properly handle 32 bits 2020-03-01 16:18:45 +01:00
Mamy André-Ratsimbazafy 3fdd457b52
Add MSVC compiler support for 128-bit div/mul (untested) 2020-03-01 16:02:14 +01:00
Mamy André-Ratsimbazafy dfb007e6bc
Add ARM64 fallback for Div128by64 2020-03-01 15:10:23 +01:00
Mamy André-Ratsimbazafy 3ce237234d
Support 32-bit platforms 2020-03-01 14:38:18 +01:00
Mamy André-Ratsimbazafy 1fdb1df80a
Add benchmark clock timers 2020-02-29 19:36:35 +01:00
Mamy André-Ratsimbazafy ca817fcb69
Use Assembly cmov on x86 2020-02-29 18:27:20 +01:00
Mamy André-Ratsimbazafy 309a15ce8b
inline func are OK for extended precision 2020-02-29 17:25:40 +01:00
Mamy André-Ratsimbazafy 0fab0c8a42
Improve initialization for montymul. (64-bit speed is 2.3x 32-bit) 2020-02-29 14:59:20 +01:00
Mamy André-Ratsimbazafy feacf2b2ea
Fix 64-bit limbs, passing all tests 2020-02-29 14:49:38 +01:00
Mamy André-Ratsimbazafy 88d4a58a10
First steps in using uint64 words 2020-02-29 02:10:55 +01:00
Mamy André-Ratsimbazafy 05bce529b4
1st experiment at accelerating montgomery multiplication (665 lines of specialized duplicated ASM code for some reason, monomorphization is probably better than that) 2020-02-28 22:46:20 +01:00
Mamy André-Ratsimbazafy 155aa21767
Add inverse on 𝔽p2 = 𝔽p[𝑖] 2020-02-27 01:20:51 +01:00
Mamy André-Ratsimbazafy feb6557402
Add placeholders for alternative Fp2 implementations 2020-02-26 20:04:06 +01:00
Mamy André-Ratsimbazafy 1f0ef23da7
Add Fp2_complex tests 2020-02-26 19:28:43 +01:00
Mamy André-Ratsimbazafy df886aa3ca
Significantly reduce compile-time and size of field tests vs GMP (4.4MB of C previously vs 160kB after commit). 2020-02-26 18:54:44 +01:00
Mamy André-Ratsimbazafy eecf19ff1d
more research on extension fields 2020-02-26 17:37:32 +01:00
Mamy André-Ratsimbazafy 6de97b5d1e
Random init was producing invalid montgomery form for field elements 2020-02-26 10:28:54 +01:00
Mamy André-Ratsimbazafy 945d36c2f2
More Fp2 sanity checks 2020-02-26 01:46:11 +01:00
Mamy André-Ratsimbazafy ff98558c4b
Fix carry bug in sum/diff 2020-02-26 01:31:05 +01:00
Mamy André-Ratsimbazafy c621355d8d
Add new tests to track issue in the new sum/diff 2020-02-26 01:23:18 +01:00
Mamy André-Ratsimbazafy 5fab0b6c49
Add secp256k1 and add sanity checks on Fp2 2020-02-26 00:55:30 +01:00
Mamy André-Ratsimbazafy e2096297cf
Expose the equality proc beyond the debugConstantine flag 2020-02-26 00:08:57 +01:00
Mamy André-Ratsimbazafy 9f7c8515a4
Prepare RNG with 2^512 bit of state for random testing on Fp2 2020-02-25 23:52:56 +01:00
Mamy André-Ratsimbazafy c956c82165
cleanup test imports 2020-02-25 20:55:23 +01:00
Mamy André-Ratsimbazafy 2df0f311ff
Cleanup TODOs + squaring in the Montgomery domain doesn't present the same symmetries as schoolbook multiplication so remove comment. Otherwise this may apply https://www.intel.com/content/dam/www/public/us/en/documents/white-papers/large-integer-squaring-ia-paper.pdf 2020-02-25 20:12:38 +01:00
Mamy André-Ratsimbazafy 69d477a715
Fp2 multiplication 2020-02-25 16:35:55 +01:00