# Configuration space
This notebook explores the configuration space of Elliptic Curve crypto
implementations.


An ECC implementation configuration in **pyecsca** has the following attributes: 

In [1]:
from typing import get_args
from pyecsca.ec.configuration import Configuration
from dataclasses import fields

for field in fields(Configuration):
	name = field.name
	tp = field.type
	doc = tp.__doc__
	if get_args(field.type):
		doc = get_args(field.type)[0].__doc__
	print(name, tp)
	print("   ", doc)
	if hasattr(tp, "names"):
		for enum_name in tp.names():
			print("       ", enum_name)
	print()

model <class 'pyecsca.ec.model.CurveModel'>
    A model(form) of an elliptic curve.

coords <class 'pyecsca.ec.coordinates.CoordinateModel'>
    A coordinate system for a particular model(form) of an elliptic curve.

formulas typing.Set[pyecsca.ec.formula.Formula]
    A formula operating on points.

scalarmult <class 'pyecsca.ec.mult.ScalarMultiplier'>
    
    A scalar multiplication algorithm.

    :param short_circuit: Whether the use of formulas will be guarded by short-circuit on inputs
                          of the point at infinity.
    :param formulas: Formulas this instance will use.
    

hash_type <enum 'HashType'>
    Hash algorithm used in ECDH and ECDSA.
        NONE
        SHA1
        SHA224
        SHA256
        SHA384
        SHA512

mod_rand <enum 'RandomMod'>
    Method of sampling a uniform integer modulo order.
        SAMPLE
        REDUCE

mult <enum 'Multiplication'>
    Base multiplication algorithm to use.
        TOOM_COOK
        KARATSUBA
        COMB

It is represented by the `Configuration` class.

## Enumerating configurations

The possible configurations can be generated using the `all_configurations()` function.
The whole space of configurations is quite huge:

In [2]:
from pyecsca.ec.configuration import all_configurations

print(sum(1 for _ in all_configurations()))

16056576


A large part of the configuration space is due to the independent options which consist of:
 
 - `hash_type` of type `HashType` $*6$
 - `mod_rand` of type `RandomMod` $*2$
 - `mult` of type `Multiplication` $*4$
 - `sqr` of type `Squaring` $*4$
 - `red` of type `Reduction` $*3$

To restrict the generated configurations, pass keyword arguments to the
`all_configurations` matching the names of the attributes of the `Configuration` object.

In [3]:
from pyecsca.ec.configuration import HashType, RandomMod, Multiplication, Squaring, Reduction
from pyecsca.ec.model import ShortWeierstrassModel
from pyecsca.ec.mult import LTRMultiplier

model = ShortWeierstrassModel()
coords = model.coordinates["projective"]
scalarmult = LTRMultiplier
independent_opts = {
	"hash_type": HashType.SHA256,
	"mod_rand": RandomMod.SAMPLE,
	"mult": Multiplication.KARATSUBA,
	"sqr": Squaring.KARATSUBA,
	"red": Reduction.MONTGOMERY
}

configs = list(all_configurations(model=model, coords=coords, scalarmult=scalarmult,
							 	  **independent_opts))
print(configs)
print(len(configs))

[Configuration(model=ShortWeierstrassModel(), coords=EFDCoordinateModel("projective" on short Weierstrass curves), formulas=frozenset({ScalingEFDFormula(z for EFDCoordinateModel("projective" on short Weierstrass curves)), DoublingEFDFormula(dbl-1998-cmo for EFDCoordinateModel("projective" on short Weierstrass curves)), AdditionEFDFormula(madd-1998-cmo for EFDCoordinateModel("projective" on short Weierstrass curves))}), scalarmult=<pyecsca.ec.mult.LTRMultiplier object at 0x7f4c1c6b8fa0>, hash_type=HASH_SHA256, mod_rand=MOD_RAND_SAMPLE, mult=MUL_KARATSUBA, sqr=SQR_KARATSUBA, red=RED_MONTGOMERY), Configuration(model=ShortWeierstrassModel(), coords=EFDCoordinateModel("projective" on short Weierstrass curves), formulas=frozenset({ScalingEFDFormula(z for EFDCoordinateModel("projective" on short Weierstrass curves)), DoublingEFDFormula(dbl-1998-cmo for EFDCoordinateModel("projective" on short Weierstrass curves)), AdditionEFDFormula(madd-1998-cmo for EFDCoordinateModel("projective" on short W

We see that when we fixed all parameters except for the scalar multiplier arguments 
(see the `LTRMultiplier` constructor) we obtained 384 configurations.

### Models

In [4]:
from IPython.display import HTML, display
import tabulate
from pyecsca.ec.model import *

model_counts = [["Model", "All", "Without independent options", "Without independent options and scaling", "Without independent options and scalarmult options"]]
totals = ["Total", 0, 0, 0, 0]
for model in (ShortWeierstrassModel(), MontgomeryModel(), EdwardsModel(), TwistedEdwardsModel()):
	name = model.__class__.__name__
	count = sum(1 for _ in all_configurations(model=model, **independent_opts))
	count_no_scl = sum(1 for _ in all_configurations(model=model, **independent_opts, scalarmult={"scl": None}))
	count_no_opts = sum(1 for _ in all_configurations(model=model, **independent_opts, scalarmult={"scl": None, "always": True, "short_circuit": True, "complete": False, "precompute_negation": True, "width": 3}))
	model_counts.append([name, count * (6*2*4*4*3), count, count_no_scl, count_no_opts])
	totals[1] += count * (6*2*4*4*3)
	totals[2] += count
	totals[3] += count_no_scl
	totals[4] += count_no_opts
model_counts.append(totals)
display(HTML(tabulate.tabulate(model_counts, tablefmt="html", headers="firstrow")))

Model,All,Without independent options,Without independent options and scaling,Without independent options and scalarmult options
ShortWeierstrassModel,13008384,22584,11720,2522
MontgomeryModel,156672,272,136,32
EdwardsModel,2117376,3676,1838,396
TwistedEdwardsModel,774144,1344,1344,288
Total,16056576,27876,15038,3238


### Coordinate systems

In [5]:
coords_counts = [["Model", "Coords", "All", "Without independent options", "Without independent options and scaling", "Without independent options and scalarmult options"]]
for model in (ShortWeierstrassModel(), MontgomeryModel(), EdwardsModel(), TwistedEdwardsModel()):
	model_name = model.__class__.__name__
	coords_counts.append([model_name, "", "", "", "", ""])
	for coords in sorted(model.coordinates.values(), key=lambda c: c.name):
		coords_name = coords.name
		count = sum(1 for _ in all_configurations(model=model, coords=coords, **independent_opts))
		count_no_scl = sum(1 for _ in all_configurations(model=model, coords=coords, **independent_opts, scalarmult={"scl": None}))
		count_no_opts = sum(1 for _ in all_configurations(model=model, coords=coords, **independent_opts, scalarmult={"scl": None, "always": True, "short_circuit": True, "complete": False, "precompute_negation": True, "width": 3}))
		coords_counts.append(["", coords_name, count * (6*2*4*4*3), count, count_no_scl, count_no_opts])
display(HTML(tabulate.tabulate(coords_counts, tablefmt="html", headers="firstrow")))

Model,Coords,All,Without independent options,Without independent options and scaling,Without independent options and scalarmult options
ShortWeierstrassModel,,,,,
,jacobian,2322432.0,4032.0,2016.0,432.0
,jacobian-0,3096576.0,5376.0,2688.0,576.0
,jacobian-3,3870720.0,6720.0,3360.0,720.0
,modified,193536.0,336.0,336.0,72.0
,projective,774144.0,1344.0,672.0,144.0
,projective-1,903168.0,1568.0,784.0,168.0
,projective-3,967680.0,1680.0,840.0,180.0
,w12-0,32256.0,56.0,56.0,12.0
,xyzz,193536.0,336.0,168.0,36.0


### Scalar multipliers

In [6]:
from pyecsca.ec.mult import ScalarMultiplier

mult_counts = [["ScalarMultiplier", "All", "Without independent options", "Without independent options and scaling", "Without independent options and scalarmult options"]]
for mult_cls in ScalarMultiplier.__subclasses__():
	count = sum(1 for _ in all_configurations(**independent_opts, scalarmult=mult_cls))
	count_no_scl = sum(1 for _ in all_configurations(**independent_opts, scalarmult={"cls": mult_cls, "scl": None}))
	count_no_opts = sum(1 for _ in all_configurations(**independent_opts, scalarmult={"cls": mult_cls, "scl": None, "always": True, "short_circuit": True, "complete": False, "precompute_negation": True, "width": 3}))
	mult_counts.append([mult_cls.__name__, count * (6*2*4*4*3), count, count_no_scl, count_no_opts])
display(HTML(tabulate.tabulate(mult_counts, tablefmt="html", headers="firstrow")))


ScalarMultiplier,All,Without independent options,Without independent options and scaling,Without independent options and scalarmult options
LTRMultiplier,4414464,7664,4080,510
RTLMultiplier,2207232,3832,2040,510
CoronMultiplier,1103616,1916,1020,510
LadderMultiplier,343296,596,430,96
SimpleLadderMultiplier,2207232,3832,2040,510
DifferentialLadderMultiplier,262656,456,328,82
BinaryNAFMultiplier,1103616,1916,1020,510
WindowNAFMultiplier,4414464,7664,4080,510
