a6e4517be2
Implement 𝔽p12 inversion, enable 𝔽p12 tests and bench
2020-04-09 14:28:01 +02:00
3a1a5f8847
More coverage and crosscheck between multiplication, squaring, addition, substraction, negation
2020-04-09 13:58:56 +02:00
3a2b35ba26
Fix multiplication in 𝔽p12
2020-04-09 13:37:45 +02:00
d081fca612
Fix squaring in 𝔽p6 (𝔽p2 squaring require separate target and source buffer)
2020-04-09 13:20:05 +02:00
f24d87fb00
Fix squaring in 𝔽p12, mul in 𝔽p6 MUST NOT share buffer (i.e. broken value semantics)
2020-04-09 02:00:45 +02:00
8c478df0c1
𝔽p12 extension - initial commit of squaring
2020-04-09 01:23:10 +02:00
2d5b173a39
Less magics, les macros, faster compile-times (or not, Fp6 starts to get really slow, like 5s) + some cleanups in curve families + test 𝔽p6 on 32-bit
2020-03-22 12:28:53 +01:00
c40bc1977d
Inverse in cubic extension field 𝔽p6 = 𝔽p2[∛(1 + 𝑖)]
2020-03-21 23:47:43 +01:00
ff4a54daba
Add multiplication in 𝔽p6 = 𝔽p2[∛(1+𝑖)]
2020-03-21 19:03:57 +01:00
1282c38845
Add sage script for BN and BLS12 curve families
2020-03-21 15:50:39 +01:00
1855d14497
Add more curves for testing: Curve25519, BLS12-377, BN446, FKM-447, BLS12-461, BN462
2020-03-21 13:05:58 +01:00
03898b2292
Implement squaring for 𝔽p6 = 𝔽p2[∛(1+𝑖)]
2020-03-21 01:59:23 +01:00
bde619155b
30% faster constant-time inversion
2020-03-20 23:03:52 +01:00
6423be0dfb
Add optimized squaring (~15% speedup) ( #18 )
...
* Add optimized squaring (~15% speedup)
* avoid repetitions in tests
2020-03-17 22:04:37 +01:00
4ff0e3d90b
Internals refactor + renewed focus on perf ( #17 )
...
* Lay out the refactoring objectives and tradeoffs
* Refactor the 32 and 64-bit primitives [skip ci]
* BigInts and Modular BigInts compile
* Make the bigints test compile
* Fix modular reduction
* Fix reduction tests vs GMP
* Implement montegomery mul, pow, inverse, WIP finite field compilation
* Make FiniteField compile
* Fix exponentiation compilation
* Fix Montgomery magic constant computation for 2^64 words
* Fix typo in non-optimized CIOS - passing finite fields IO tests
* Add limbs comparisons [skip ci]
* Fix on precomputation of the Montgomery magic constant
* Passing all tests including 𝔽p2
* modular addition, the test for mersenne prime was wrong
* update benches
* Fix "nimble test" + typo on out-of-place field addition
* bigint division, normalization is needed: https://travis-ci.com/github/mratsim/constantine/jobs/298359743
* missing conversion in subborrow non-x86 fallback - https://travis-ci.com/github/mratsim/constantine/jobs/298359744
* Fix little-endian serialization
* Constantine32 flag to run 32-bit constantine on 64-bit machines
* IO Field test, ensure that BaseType is used instead of uint64 when the prime can field in uint32
* Implement proper addcarry and subborrow fallback for the compile-time VM
* Fix export issue when the logical wordbitwidth == physical wordbitwidth - passes all tests (32-bit and 64-bit)
* Fix uint128 on ARM
* Fix C++ conditional copy and ARM addcarry/subborrow
* Add investigation for SIGFPE in Travis
* Fix debug display for unsafeDiv2n1n
* multiplexer typo
* moveMem bug in glibc of Ubuntu 16.04?
* Was probably missing an early clobbered register annotation on conditional mov
* Note on Montgomery-friendly moduli
* Strongly suspect a GCC before GCC 7 codegen bug (https://gcc.gnu.org/bugzilla/show_bug.cgi?id=87139 )
* hex conversion was (for debugging) not taking requested order into account + inlining comment
* Use 32-bit limbs on ARM64, uint128 builtin __udivti4 bug?
* Revert "Use 32-bit limbs on ARM64, uint128 builtin __udivti4 bug?"
This reverts commit 087f9aa7fb40bbd058d05cbd8eec7fc082911f49.
* Fix subborrow fallback for non-x86 (need to maks the borrow)
2020-03-16 16:33:51 +01:00
feacf2b2ea
Fix 64-bit limbs, passing all tests
2020-02-29 14:49:38 +01:00
155aa21767
Add inverse on 𝔽p2 = 𝔽p[𝑖]
2020-02-27 01:20:51 +01:00
1f0ef23da7
Add Fp2_complex tests
2020-02-26 19:28:43 +01:00
df886aa3ca
Significantly reduce compile-time and size of field tests vs GMP (4.4MB of C previously vs 160kB after commit).
2020-02-26 18:54:44 +01:00
6de97b5d1e
Random init was producing invalid montgomery form for field elements
2020-02-26 10:28:54 +01:00
945d36c2f2
More Fp2 sanity checks
2020-02-26 01:46:11 +01:00
ff98558c4b
Fix carry bug in sum/diff
2020-02-26 01:31:05 +01:00
c621355d8d
Add new tests to track issue in the new sum/diff
2020-02-26 01:23:18 +01:00
5fab0b6c49
Add secp256k1 and add sanity checks on Fp2
2020-02-26 00:55:30 +01:00
e2096297cf
Expose the equality proc beyond the debugConstantine flag
2020-02-26 00:08:57 +01:00
9f7c8515a4
Prepare RNG with 2^512 bit of state for random testing on Fp2
2020-02-25 23:52:56 +01:00
c956c82165
cleanup test imports
2020-02-25 20:55:23 +01:00
320ecbff1a
Change square signature and reorg finite fields to avoid/highlight proc that allocate a temporary
2020-02-25 15:18:39 +01:00
2aa33ea226
Fused initialization and arithmetic finite field primitive to have Fp2 less verbose and more efficient
2020-02-25 11:00:27 +01:00
bb8dc579ea
conditional arithmetic prefixed with c: cadd, csub. Also use ccopy instead of cmov to avoid potential confusion like in https://github.com/cfrg/draft-irtf-cfrg-hash-to-curve/issues/210
2020-02-25 01:26:21 +01:00
6b05c69652
Rename Fq -> Fp
2020-02-24 17:10:09 +01:00
3bd70991d4
reorg the codebase + add/update READMEs in folders with research ( #12 )
...
* reorg the codebase + add/update READMEs in folders with research
* fix readme
* update pairing implementation papers
* Seperate hash-to-curve in its own folder, distinguish between norms, research and presentations
* Better markdown line breaks
* Add in-depth analysis of towers of extension fields for BN curve
* Fix Colm Ó hÉigeartaigh name and add Hash-to-Curve reference
2020-02-24 10:50:19 +01:00
68727e5c8d
Add modular inversion + test vs GMP
2020-02-22 19:50:24 +01:00
acfc99c4f0
Add an unsafe modular exponentiation that may leak exponent bits to timing attacks/oscilloscopes/memory cache attacks
2020-02-22 18:18:17 +01:00
e0f4e49cb5
Test modular exponentiation with BN254 and BLS12-381 moduli
2020-02-22 16:56:04 +01:00
24f2e1088e
Fix modular exp tests
2020-02-22 16:39:57 +01:00
4b65d0d723
Skeleton of modular exponentiation
2020-02-22 16:37:31 +01:00
ef5dd8345b
Allow compile-time bigint serialization + terminology: serialize -> export
2020-02-18 12:36:42 +01:00
9395febada
add octet string encode/decode (bigEndian raw int)
2020-02-18 11:54:36 +01:00
d7d20c50b6
Add primitive for window-based modular exponentiation
2020-02-17 00:13:42 +01:00
6694023f16
Revert "Use cmov name instead of mux to be in line with IETF spec on Hash to curve and Verifiable Random Functions"
...
This reverts commit 56177c0cfe
2020-02-16 22:13:54 +01:00
56177c0cfe
Use cmov name instead of mux to be in line with IETF spec on Hash to curve and Verifiable Random Functions
2020-02-16 21:34:21 +01:00
a1801e26a0
Now passing finite field test vs GMP
2020-02-16 19:08:19 +01:00
c3d458e31b
Fix bug in redc: use montgomery mul for now. Add NIST P256 curve
2020-02-16 18:59:10 +01:00
5620bbfaee
rename io tests ti io bigints
2020-02-16 11:29:27 +01:00
23ecb9a221
Add a (failing) test vs GMP for modular multiplication on BN254 curve Field
2020-02-16 02:20:08 +01:00
eb94c3d1bc
Add Montgomery Modular Multiplication
2020-02-15 02:59:08 +01:00
301cf20195
Use Montgomery representation by default for Finite Field
...
- Fix montyMagic, modular inversion mode 2^2k was missing an iteration
- Fix test for buffer size in BigInt serialization
- Add UINT/Hex serialization for finite fields
- Montgomery conversion and redc
2020-02-15 00:26:40 +01:00
f418e08746
For finite fields, we will use the Montgomery n-residue form by default
2020-02-14 13:36:34 +01:00
f6b229b19c
Modular addition and substraction tests
2020-02-13 00:11:45 +01:00
3eb22f8fc7
Fix curve parser, implement smoke test for finite field
2020-02-12 23:57:51 +01:00
6226d86726
Update IO: dumpHex -> toHex dumpRawUint -> serializeRawUint
2020-02-12 21:57:39 +01:00
89fce3b1c4
Wrap tests in main. Fixes C codegen bug due to templates invocation on global variable in test_primitives
2020-02-12 00:25:48 +01:00
fe59efb8d8
reorganize the repo
2020-02-12 00:20:31 +01:00
24b0477ad7
Typo when testing for "negative" bigint, now passing testing vs GMP
2020-02-10 23:56:57 +01:00
b53f203e30
Fix raw uint serialization and start testing against GMP for 2000+bits bigints
2020-02-10 23:09:32 +01:00
8d160189d1
Fix extended prec multiplication carry. Passing modulo tests against medium BigInt (192~256 bits)
2020-02-10 22:19:47 +01:00
73b71a184c
Fix off-by-one copy, pass small bigints modulo tests
2020-02-10 19:57:35 +01:00
b689223cf5
Refactoring, optimize code-size: use type-erased views to avoid monomorphization of compute kernels
2020-02-10 18:16:34 +01:00
ade919b003
Fix carry and modulus offset in bigint
2020-02-10 02:58:37 +01:00
30f8756dfc
Temp switch to uint32 words for testing modulo. Remove tests that depend on word size
2020-02-10 00:16:46 +01:00
166a1075b1
add bigint display in GMP test
2020-02-09 23:26:39 +01:00
216ed9bdc1
Property-based testing framework vs GMP
2020-02-09 22:01:01 +01:00
f2c79ece26
Remove the limitation that the number of bits in constructed has to be greater than the source integer bitsize
2020-02-09 21:35:23 +01:00
66c0b5805e
Add modular reduce / bigint mod from 2 arbitrarily size bigint
2020-02-09 18:17:32 +01:00
153e898263
word_types -> primitives + delete the "config" file / debug template
2020-02-09 16:22:55 +01:00
b9a37825a3
COnsistent IO API between fromRawUint and fromHex and add fromUint
2020-02-09 15:38:30 +01:00
1d92ab1f48
Remove the limb accessor templates, introduce config file for debug template
2020-02-09 13:02:09 +01:00
9db77ad0eb
Prepare for testing finite fields, comment cleanups
2020-02-09 00:52:24 +01:00
edd728610c
Add addition limbs carry test
2020-02-08 19:09:20 +01:00
2c750cbc5b
Add bigint isZero, and equality and initial tests
2020-02-08 18:50:01 +01:00
8da9e20ebb
Cosmetic changes: dumpHex with 0x prefix, montgomery magic part of curve param
2020-02-08 17:03:30 +01:00
f18a958d5e
Support 1.0+ int128 (can't use magic for bitnot)
2020-02-08 13:28:43 +01:00
5dc97927c5
Switch to personal project -> update copyright
2020-02-08 11:42:35 +01:00
cadd81b978
Add hex conversion
2019-04-28 17:42:30 +02:00
059439b2c3
fix little-endian parsing
2018-12-03 21:01:29 +01:00
2856378427
[IO] dumping 2^63 works
2018-12-03 19:56:14 +01:00
43ac4972a0
Add constant-time raw bytes/integers parsing
2018-12-02 20:57:32 +01:00
eb15fb33b5
Rebrand to Constantine. Bigints representation should stay opaque. Exporting just the word_types would make a super small library.
2018-12-01 20:12:05 +01:00
cae9f743d3
Add more tests for multiplexer
2018-12-01 18:03:52 +01:00
d545147b0b
Use distinct range for Hardened booleans + first select test
2018-12-01 18:01:41 +01:00
8d6e328397
Add boolean not and comparison tests
2018-12-01 17:32:08 +01:00
acd06e1174
Add unary minus test
2018-12-01 17:04:55 +01:00
9815047234
Add shifts and operators test
2018-12-01 16:49:45 +01:00
b43e289780
Initial tests for bitwise operator
2018-12-01 16:32:21 +01:00
97ec36f447
ci: update
...
readme: fix badges, license
tests: fix
nimble: add description
2018-09-04 22:38:34 -06:00
34e72296d3
initial commit
2018-07-24 16:52:18 +02:00
Mamy André-Ratsimbazafy
Jacek Sieka