secp256k1: Add fixed-precision group order type. #2060
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
davecgh
force-pushed
the
secp256k1_modnscalar
branch
from
0099740 to
5de2f48
Compare
davecgh
commented
Feb 7, 2020
|
Test coverage: |
davecgh
force-pushed
the
secp256k1_modnscalar
branch
from
4834d4f to
97b0625
Compare
matheusd
reviewed
Feb 13, 2020
davecgh
force-pushed
the
secp256k1_modnscalar
branch
from
97b0625 to
9d41b55
Compare
davecgh
commented
Feb 13, 2020
davecgh
force-pushed
the
secp256k1_modnscalar
branch
2 times, most recently
from
5646278 to
2baa8f2
Compare
davecgh
commented
Feb 15, 2020
davecgh
force-pushed
the
secp256k1_modnscalar
branch
from
2baa8f2 to
406e4d3
Compare
dajohi
approved these changes
Feb 16, 2020
davecgh
force-pushed
the
secp256k1_modnscalar
branch
from
406e4d3 to
98b4c94
Compare
This introduces a specialized type for handling arithmetic modulo the group order which is significantly faster than using big integers from the standard library The implementation is also constant time, whereas big integers from the standard library are not, which helps protect against side channel attacks in certain scenarios. Comprehensive tests with 100% coverage and a full suite of benchmarks are included. Due to the fact the code relies on a lot of low-level bit manipulations to achieve the speed and constant time characteristics, it is not the easiest code to review for correctness, so significant effort has been put into attempting to clearly explain the details via comments to help with review. For now, this merely introduces the type without modifying any of the code to make use of it, and it also does not yet include the ability to perform inversions which will be required in order to switch over to it. That capability will be added in a future commit. The following benchmarks show a comparison between the new specialized type and generic big ints for various operations: benchmark old ns/op new ns/op delta ------------------------------------------------------------ BenchmarkModN 267 18.9 -92.92% BenchmarkZero 7.28 0.64 -91.25% BenchmarkIsZero 0.32 0.32 +0.00% BenchmarkEquals 9.14 5.58 -38.95% BenchmarkAddModN 305 23.8 -92.20% BenchmarkMulModN 457 237 -48.14% BenchmarkSquareModN 459 238 -48.15% BenchmarkNegateModN 295 9.82 -96.67% BenchmarkIsOverHalfOrder 9.25 8.55 -7.57% benchmark old allocs new allocs delta ------------------------------------------------------------ BenchmarkModN 2 0 -100.00% BenchmarkZero 0 0 +0.00% BenchmarkIsZero 0 0 +0.00% BenchmarkEquals 0 0 +0.00% BenchmarkAddModN 2 0 -100.00% BenchmarkMulModN 2 0 -100.00% BenchmarkSquareModN 2 0 -100.00% BenchmarkNegateModN 2 0 -100.00% BenchmarkIsOverHalfOrder 0 0 +0.00%
davecgh
force-pushed
the
secp256k1_modnscalar
branch
from
98b4c94 to
6889976
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This requires #2059.
This introduces a specialized type for handling arithmetic modulo the group order which is significantly faster than using big integers from the standard library
The implementation is also constant time, whereas big integers from the standard library are not, which helps protect against side channel attacks in certain scenarios.
Comprehensive tests with 100% coverage and a full suite of benchmarks are included.
Due to the fact the code relies on a lot of low-level bit manipulations to achieve the speed and constant time characteristics, it is not the easiest code to review for correctness, so significant effort has been put into attempting to clearly explain the details via comments to help with review.
For now, this merely introduces the type without modifying any of the code to make use of it, and it also does not yet include the ability to perform inversions which will be required in order to switch over to it. That capability will be added in a future commit.
The following benchmarks show a comparison between the new specialized type and generic big ints for various operations: