Skip to content
Permalink
Browse files

Use constant time P256 implementation (#1328)

* BenchmarkEvaluate

* Test paralleism

pkg: github.com/google/keytransparency/core/crypto/vrf/p256
BenchmarkEvaluate/1_goroutines-12         	     300	   5538849 ns/op
BenchmarkEvaluate/2_goroutines-12         	     500	   2931862 ns/op
BenchmarkEvaluate/4_goroutines-12         	    1000	   1625216 ns/op
BenchmarkEvaluate/8_goroutines-12         	    1000	   1333662 ns/op
BenchmarkEvaluate/16_goroutines-12        	    1000	   1447403 ns/op
BenchmarkEvaluate/32_goroutines-12        	    1000	   1526478 ns/op
BenchmarkEvaluate/64_goroutines-12        	    2000	   1569843 ns/op
BenchmarkEvaluate/128_goroutines-12       	   10000	   1817793 ns/op

* Use constant-time p256 implementation
  • Loading branch information...
gdbelvin committed Aug 5, 2019
1 parent e593c9e commit aac75b12117ce93a11ed04b2f55133866651450f
Showing with 32 additions and 9 deletions.
  1. +9 −9 core/crypto/vrf/p256/p256.go
  2. +23 −0 core/crypto/vrf/p256/p256_test.go
@@ -129,13 +129,13 @@ func (k PrivateKey) Evaluate(m []byte) (index [32]byte, proof []byte) {
Hx, Hy := H1(m)

// VRF_k(m) = [k]H
sHx, sHy := params.ScalarMult(Hx, Hy, k.D.Bytes())
sHx, sHy := curve.ScalarMult(Hx, Hy, k.D.Bytes())
vrf := elliptic.Marshal(curve, sHx, sHy) // 65 bytes.

// G is the base point
// s = H2(G, H, [k]G, VRF, [r]G, [r]H)
rGx, rGy := params.ScalarBaseMult(r)
rHx, rHy := params.ScalarMult(Hx, Hy, r)
rGx, rGy := curve.ScalarBaseMult(r)
rHx, rHy := curve.ScalarMult(Hx, Hy, r)
var b bytes.Buffer
b.Write(elliptic.Marshal(curve, params.Gx, params.Gy))
b.Write(elliptic.Marshal(curve, Hx, Hy))
@@ -183,16 +183,16 @@ func (pk *PublicKey) ProofToHash(m, proof []byte) (index [32]byte, err error) {
}

// [t]G + [s]([k]G) = [t+ks]G
tGx, tGy := params.ScalarBaseMult(t)
ksGx, ksGy := params.ScalarMult(pk.X, pk.Y, s)
tksGx, tksGy := params.Add(tGx, tGy, ksGx, ksGy)
tGx, tGy := curve.ScalarBaseMult(t)
ksGx, ksGy := curve.ScalarMult(pk.X, pk.Y, s)
tksGx, tksGy := curve.Add(tGx, tGy, ksGx, ksGy)

// H = H1(m)
// [t]H + [s]VRF = [t+ks]H
Hx, Hy := H1(m)
tHx, tHy := params.ScalarMult(Hx, Hy, t)
sHx, sHy := params.ScalarMult(uHx, uHy, s)
tksHx, tksHy := params.Add(tHx, tHy, sHx, sHy)
tHx, tHy := curve.ScalarMult(Hx, Hy, t)
sHx, sHy := curve.ScalarMult(uHx, uHy, s)
tksHx, tksHy := curve.Add(tHx, tHy, sHx, sHy)

// H2(G, H, [k]G, VRF, [t]G + [s]([k]G), [t]H + [s]VRF)
// = H2(G, H, [k]G, VRF, [t+ks]G, [t+ks]H)
@@ -19,7 +19,9 @@ import (
"context"
"crypto/rand"
"encoding/hex"
"fmt"
"math"
"sync"
"testing"

"github.com/golang/protobuf/proto"
@@ -180,6 +182,27 @@ func TestVRF(t *testing.T) {
}
}

func BenchmarkEvaluate(b *testing.B) {
k, _ := GenerateKey()
m1 := []byte("data1")
for _, routines := range []int{1, 2, 4, 8, 16, 32, 64, 128} {
b.Run(fmt.Sprintf("%d goroutines", routines), func(b *testing.B) {
var wg sync.WaitGroup
defer wg.Wait()
for i := 0; i < routines; i++ {
wg.Add(1)
go func() {
defer wg.Done()
for n := 0; n < b.N/routines; n++ {
k.Evaluate(m1)
}
}()
}
})
}

}

// Test vectors in core/testdata are generated by running
// go generate ./core/testdata
func TestProofToHash(t *testing.T) {

0 comments on commit aac75b1

Please sign in to comment.
You can’t perform that action at this time.