Commit Graph

1024 Commits

Author SHA1 Message Date
Pieter Wuille f54c6c5083
Merge #480: Enable benchmark building by default
7a78f60 Print whether we're building benchmarks (Pieter Wuille)
4afec9f Build benchmarks by default (Pieter Wuille)

Pull request description:

  Building benchmarks is fast, and I have on more than one occasion forgotten to pass `--enable-benchmark`, resulting in accidentally benchmarking a former build.

  Build them by default.

Tree-SHA512: ce9096e42d9c19b63644f6b7ae153e92f9a37c3727f380329dfa332ce22a5e43151f1525979bd3516dd12f568e5e389b0acda2c383fca0e80c3cadc1d9b1d55a
2017-12-18 14:39:37 -08:00
Pieter Wuille c77fc08597
Merge #486: Add pippenger_wnaf for multi-multiplication
d2f9c6b Use more precise pippenger bucket windows (Jonas Nick)
4c950bb Save some additions per window in _pippenger_wnaf (Peter Dettman)
a58f543 Add flags for choosing algorithm in ecmult_multi benchmark (Jonas Nick)
36b22c9 Use scratch space dependent batching in ecmult_multi (Jonas Nick)
355a38f Add pippenger_wnaf ecmult_multi (Jonas Nick)
bc65aa7 Add bench_ecmult (Pieter Wuille)
dba5471 Add ecmult_multi tests (Andrew Poelstra)
8c1c831 Generalize Strauss to support multiple points (Pieter Wuille)
548de42 add resizeable scratch space API (Andrew Poelstra)

Pull request description:

  This PR is based on #473 and adds a variant of "Pippengers algorithm" (see [Bernstein et al., Faster batch forgery identification](https://eprint.iacr.org/2012/549.pdf), page 15 and https://github.com/scipr-lab/libff/pull/10) for point multi-multiplication that performs better with a large number of points than Strauss' algorithm.

  ![aggsig](https://user-images.githubusercontent.com/2582071/32731185-12c0f108-c881-11e7-83c7-c2432b5fadf5.png)

  Thanks to @sipa for providing `wnaf_fixed`, benchmarking, and the crucial suggestion to use affine addition.

  The PR also makes `ecmult_multi` decide which algorithm to use, based on the number of points and the available scratch space.
  For restricted scratch spaces this can be further optimized in the future (f.e. a 35kB scratch space allows batches of 11 points with strauss or 95 points with pippenger; choosing pippenger would be 5% faster).

  As soon as this PR has received some feedback I'll repeat the benchmarks to determine the optimal `pippenger_bucket_window` with the new benchmarking code in #473.

Tree-SHA512: 8e155107a00d35f412300275803f912b1d228b7adff578bc4754c5b29641100b51b9d37f989316b636f7144e6b199febe7de302a44f498bbfd8d463bdbe31a5c
2017-12-07 17:59:33 -08:00
Jonas Nick d2f9c6b5dc Use more precise pippenger bucket windows 2017-12-07 20:13:04 +00:00
Peter Dettman 4c950bbeaf Save some additions per window in _pippenger_wnaf 2017-12-07 20:13:04 +00:00
Jonas Nick a58f543f5a Add flags for choosing algorithm in ecmult_multi benchmark 2017-12-07 20:13:04 +00:00
Jonas Nick 36b22c9337 Use scratch space dependent batching in ecmult_multi 2017-12-07 20:13:04 +00:00
Jonas Nick 355a38f113 Add pippenger_wnaf ecmult_multi 2017-12-07 20:13:04 +00:00
Pieter Wuille bc65aa794e Add bench_ecmult 2017-12-07 20:13:04 +00:00
Andrew Poelstra dba5471b69 Add ecmult_multi tests 2017-12-07 20:13:04 +00:00
Pieter Wuille 8c1c831bdb Generalize Strauss to support multiple points
API by Andrew Poelstra.
2017-12-07 20:13:04 +00:00
Andrew Poelstra 548de42ecf add resizeable scratch space API
Alignment support by Pieter Wuille.
2017-12-07 20:13:04 +00:00
Daniel Cousens 0e96cdc6b6
fix typo, s/changed/unchanged 2017-11-29 12:32:01 +11:00
Thomas Snider c7680e570f Reduce usage of hardcoded size constants 2017-11-16 13:09:05 -08:00
Pieter Wuille 6ad5cdb42a
Merge #479: Get rid of reserved _t in type names
d1dc9df Get rid of reserved _t in type names (Pieter Wuille)

Pull request description:

Tree-SHA512: 5da4a2cb15106c47fbe14346562444eff322a5e4e2386af8b0b879b72e22f08d704ac09746d6a22ff76e8892fc20208932b2a45d01de0e2e089686dabe45e633
2017-11-08 15:35:45 -08:00
Pieter Wuille 7a78f60598 Print whether we're building benchmarks 2017-09-27 17:25:12 -07:00
Pieter Wuille 4afec9f1ae Build benchmarks by default 2017-09-27 17:25:12 -07:00
Pieter Wuille d1dc9dfc0a Get rid of reserved _t in type names 2017-09-27 15:03:20 -07:00
Pieter Wuille 0b70241850
Merge #474: Fix header guards using reserved identifiers
abe2d3e Fix header guards using reserved identifiers (Dan Raviv)

Pull request description:

  Identifiers starting with an underscore and followed immediately by a capital letter are reserved by the C++ standard.

  The only header guards not fixed are those in the headers auto-generated from java.

Tree-SHA512: da31b8d718b3c3ffb81b3d12c93ce2d56c176f19a1936776c843fee069dbaa916946556cea16db34e1f977a937924d72c870230ac26e44386706ecd7cb25ba65
2017-09-27 14:56:01 -07:00
Pieter Wuille ab1f89f00a
Merge #478: Fixed multiple typos
8c7ea22 Fixed multiple typos (Dimitris Tsapakidis)

Pull request description:

  Forward port of fixes introduced in https://github.com/bitcoin/bitcoin/pull/10633 by @dimitris-t.

Tree-SHA512: a979b3e14bf2660cb0fcd809854654bd0f6277399afe948917be6c061a04835d404e590dc58bcb4a9e2ccfbfb38de944cbdba349092465f637606d3bee49fc16
2017-09-24 18:55:31 -07:00
Dimitris Tsapakidis 8c7ea22d54 Fixed multiple typos 2017-09-24 17:53:13 -07:00
Dan Raviv abe2d3e84b Fix header guards using reserved identifiers
Identifiers starting with an underscore and followed immediately by a capital letter are reserved by the C++ standard.

The only header guards not fixed are those in the headers auto-generated from java.
2017-08-26 18:44:21 +03:00
Karl-Johan Alm 57752d28b3
[build] Set --enable-jni to no by default instead of auto. 2017-08-17 17:10:57 +09:00
Pieter Wuille f532bdc9f7
Merge #459: Add pubkey prefix constants to include/secp256k1.h
bc61b91 add pubkey prefix constants to include/secp256k1.h (Andrew Poelstra)

Pull request description:

  In future multisig implementations we will need to pass nonces around, which are algebraically pubkeys but should not be decodable as pubkeys. The way to do this is to change the prefix byte from the ordinary 0x02/0x03 to something else. However, some forks (notably `secp256k1-zkp`) have started using some bytes for their own encodings, and if we continue to use hardcoded constants the risk of conflict is increased.

  This commit puts the prefixes used by the main library into the `include/secp256k1.h` so that the constants we're using will at least be in a standard easy-to-reference place.

Tree-SHA512: 37fa25be5074b7c519a9c69421320a62f32a3818f144254eb57f96c6657b993fc01962a5c670574275d1c59b095a6c89e60736123f032d6736907284eac526d7
2017-08-10 16:42:01 -07:00
Pieter Wuille cac7c5559d
Merge #470: Fix wnaf_const documentation
768514b Fix wnaf_const documentation with respect to return value and number of words set (Jonas Nick)

Pull request description:

Tree-SHA512: e2e49036c5930c74fff12626957a43000e5f86180791f2b857d279e83c609663ee5cbee4c3380f3df3d29e493f40051d63a8eff1badeea99e06652d9e72f4d29
2017-08-10 16:36:34 -07:00
Jonas Nick 768514bac0 Fix wnaf_const documentation with respect to return value and number of words set 2017-08-09 10:54:30 +02:00
Pieter Wuille b8c26a3990
Merge #458: Fix typo in API documentation
b0452e6 Fix typo in API documentation (Tim Ruffing)

Pull request description:

Tree-SHA512: 0376756fc36004e9bb205c6b811e8b28ecd595db1fc2b577bf27c5c227d81ec8bca2e44cfab91fb76c9640d0f7c99970ce9ab94d72e26289cc8faeb747337309
2017-07-31 00:44:40 -07:00
Pieter Wuille 817fb2013a
Merge #440: Fix typos
4c0f32e Fix typo: "Agressive" → "Aggressive" (practicalswift)
73aca83 Fix typo: "exectured" → "executed" (practicalswift)

Pull request description:

Tree-SHA512: 1dbb47789489aec4c133b049ccd007b67d719fe1e2500ba4c6242274a3b537027ceb17a311fca5e0e0324f0ecd48a53e84c0f51514f00fa7ef533ab3e6c87bd3
2017-07-31 00:41:37 -07:00
Pieter Wuille 12230f90ed
Merge #468: Remove redundant conditional expression
2e1ccdc Remove redundant conditional expression (Dag Robole)

Pull request description:

Tree-SHA512: 999ed3d9d805ec48a92a17554097fcd9d62c2fe859346d381d3a7b38b767e45f57df6cd71eb6dddbea343e4e180c844900fed37d88d21f5a851bd044212aff2e
2017-07-31 00:38:07 -07:00
Dag Robole 2e1ccdca0d Remove redundant conditional expression 2017-07-13 18:00:03 +02:00
Karl-Johan Alm e7daa9b3c2
[build] Tweak JNI macro to warn instead of error for JNI not found. 2017-07-06 18:06:51 +09:00
Karl-Johan Alm 5b22977922
[build] Update ax_jni_include_dir.m4 macro to deal with recent versions of macOS 2017-07-06 18:04:52 +09:00
Andrew Poelstra bc61b91aca
add pubkey prefix constants to include/secp256k1.h 2017-06-27 14:05:26 +00:00
Tim Ruffing b0452e664b Fix typo in API documentation 2017-06-05 19:17:53 +02:00
Pieter Wuille 84973d393a
Merge #454: Remove residual parts from the schnorr expirement.
5e95bf2 Remove residual parts from the schnorr expirement. (Gregory Maxwell)

Tree-SHA512: de1e56cc54443e29a60787996a1b1381b0b84eacb87a8f1af06b5ba3900b1771c3a04fd547c65e21979e3c08c3a45d258d699eb951a956f8e617833c5396ecfe
2017-05-05 11:12:00 -07:00
Gregory Maxwell 5e95bf2285 Remove residual parts from the schnorr expirement. 2017-05-03 11:13:28 +00:00
Pieter Wuille cbc20b8c34
Merge #452: Minor optimizations to _scalar_inverse to save 4M
465159c Further shorten the addition chain for scalar inversion. (Brian Smith)
cf12fa1 Minor optimizations to _scalar_inverse to save 4M (Peter Dettman)

Tree-SHA512: b03ae53bd48435f8ef8a89ba3b45f9a35f3f3c6cfba7deb6820ab2146205656d198e4317a4cb98a986f434df244ae735313d303d0ce5a5c40519d37621238957
2017-04-26 16:57:46 -07:00
Pieter Wuille 4cc8f52505
Merge #437: Unroll secp256k1_fe_(get|set)_b32 to make them much faster.
a2b6b19 Fix benchmark print_number infinite loop. (Gregory Maxwell)
8b7680a Unroll secp256k1_fe_(get|set)_b32 for 10x26. (Gregory Maxwell)
aa84990 Unroll secp256k1_fe_(get|set)_b32 for 5x52. (CryptoGuru)

Tree-SHA512: b17fa454dc4ef614305e10575b0f87c3b37d398d6d3996d5bbbb8e27b0d9841aa13b3cffe93d13dc637c8c3071f8565919574ec0b07f02bf3b0eb6faf4b93251
2017-04-25 16:21:22 -07:00
Brian Smith 465159c278 Further shorten the addition chain for scalar inversion.
Reduce the number of squarings by one and reduce the number of
multiplications by three.
2017-04-24 21:07:58 -10:00
Gregory Maxwell a2b6b1914f Fix benchmark print_number infinite loop. 2017-04-24 06:02:36 +00:00
Gregory Maxwell 8b7680a826 Unroll secp256k1_fe_(get|set)_b32 for 10x26.
field_get_b32: min 0.890us / avg 0.905us / max 0.956us
field_set_b32: min 1.12us / avg 1.15us / max 1.19us

becomes

field_get_b32: min 0us / avg 0.000000119us / max 0.000000238us
field_set_b32: min 0.0532us / avg 0.0584us / max 0.0782us
2017-04-24 00:01:14 +00:00
CryptoGuru aa8499080e Unroll secp256k1_fe_(get|set)_b32 for 5x52.
field_get_b32: min 0.647us / avg 0.666us / max 0.751us
field_set_b32: min 0.551us / avg 0.571us / max 0.624us

becomes

field_get_b32: min 0us / avg 0.0000000477us / max 0.000000238us
field_set_b32: min 0us / avg 0.0000000238us / max 0.000000238us

(Patch from https://bitcointalk.org/index.php?topic=1740973.0
 _get was reversed from the patch because this order appeared
 somewhat faster in testing.)

Signed-off-by: Gregory Maxwell <greg@xiph.org>
2017-04-24 00:01:14 +00:00
Peter Dettman cf12fa13cb Minor optimizations to _scalar_inverse to save 4M
- Precalculate x^5 and use for "01010" patterns during accumulation. (net -2M)
- Further use of x^5 to allow shorter addition chain (net -2M)
2017-04-18 11:55:07 +07:00
Pieter Wuille 119949232a
Merge #408: Add `secp256k1_ec_pubkey_negate` and `secp256k1_ec_privkey_negate`
8e48aa6 Add `secp256k1_ec_pubkey_negate` and `secp256k1_ec_privkey_negate` (Andrew Poelstra)

Tree-SHA512: 28eeca0b04001958ad86b3c802e33a13273514e9e9802d5b358fd577dc95421a2cffb5591716bea10300717f742f0941c465b9df71dbb4c66d174c643887e06f
2017-03-21 17:54:06 -07:00
Pieter Wuille 6af0871070
Merge #441: secp256k1_context_randomize: document.
72d952c FIXUP: Missing "is" (Rusty Russell)
70ff29b secp256k1_context_randomize: document. (Rusty Russell)

Tree-SHA512: c1f48431e07a23b572838d63250d5a356ff5b321dd242cf0af5227ee89b9795d49a762b0c7311bb7284ccd487c68b3d1f16cf6824eac30fc3f8becdf2b891dad
2017-03-21 17:36:54 -07:00
Pieter Wuille ab31a524b4
Merge #444: test: Use checked_alloc
5eb030c test: Use checked_alloc (Wladimir J. van der Laan)

Tree-SHA512: f0fada02664fca3b4f48795ce29a187331f86f80fc1605150fcfc451e7eb4671f7b5dff09105c9927e28af6d1dafd1edad1671dddd412110f4b5950153df499d
2017-03-21 17:34:05 -07:00
Pieter Wuille eda5c1a062
Merge #449: Remove executable bit from secp256k1.c
51b77ae Remove executable bit from secp256k1.c (Emil Rus)
2017-03-21 17:01:30 -07:00
Emil Rus 51b77ae619 Remove executable bit from secp256k1.c 2017-03-17 17:27:25 +02:00
Wladimir J. van der Laan 5eb030ca41 test: Use checked_alloc 2017-02-26 15:05:42 +01:00
Rusty Russell 72d952c9c4 FIXUP: Missing "is"
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-21 14:43:09 +10:30
Rusty Russell 70ff29b6a7 secp256k1_context_randomize: document.
I think I summarized it correctly after IRC discussion with gmaxwell
and andytoshi; I didn't know it existed :(

It's regrettable to expose this level of detail, but users need to know
this to make a decision about how to use it.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-14 15:29:33 +10:30