-
Notifications
You must be signed in to change notification settings - Fork 293
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
C version uses i64 & u64 -- integers, but file has Float64Array's all over #45
Comments
Note that we don't want modular arithmetic here, we just need enough integer bits to hold the result until performing carry. @devi do you think there's a chance of going over [-2^53, 2^53] in |
To be honest, I'm not sure. |
OK, so let's take a look. The "meat" of
Inputs start with limbs that are radix 2^16, each maximum 65535. Notice that there is at most one addition (A) and one subtraction (Z) before each multiplication (M) or squaring (S, which is just multiplication of the input by itself) touching the input. For example, consider
The maximum value each of the numbers in
(in fact, we don't need Let's set all values in
We get:
Let's find the maximum value here:
Output:
How many bits is this?
So, for the maximum value of multiplication we need only 44 bits, which fits into JavaScript's range of integer 53 bits without rounding. After that, in
so that the following operations again start with 16-bit inputs. (Also notice that Any objections or something that I missed? |
Now, this is a proper explanation. Bravo. |
To extend @dchest explanation: |
That |0 is an implicit 32bit cut, is sort of part of wider public understanding. |
@3nsoft agree on comments. Although we should probably just create an extended commented version of nacl.js to keep the original short like @devi in this case we don't need 32-bit modular addition, so |
I think, that we should put links, or pdf into docs folder with the following http://cr.yp.to/ecdh/curve25519-20060209.pdf I totally understand a desire to have clean, short code like original tweet. But, already nacl-fast does not look tweety-sweety. A simple, stupid salsa's line-by-line makes it run faster, in real world, but makes as long as original 100 tweets. Real world is what ultimately matters. And lib's users, other programmers need docs, they need human-parseable code, etc. (damn!) :) . |
nacl.js as well as nacl-fast.js have Float64Array's in places where i64 & u64 types are present in C code.
There are no floating point operations in NaCl. And JS's regular number, which happens to be float64, are OK to do 32 bits operation, with an exception of multiplication (as it has been said in #41 ). Yet, when C code has u64, the intention of C developers, I suppose, is to have/use all 64 bits in mod 64-bits arithmetic.
If you prove that it is OK to have float64 instead of u64, then such code will be provably correct. Otherwise, not-failing tests do not constitute such proof (unless it is run on all possible inputs).
Let's say with line 667 in nacl-fast:
Even if a's and b's are within 32 bits, where is a gauruntee that t's will not be rounded as a float, instead of overflowing as in integers.
The text was updated successfully, but these errors were encountered: