Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

core/crypto: Even more improvments #3288

Merged
merged 14 commits into from
Apr 10, 2024
Merged

core/crypto: Even more improvments #3288

merged 14 commits into from
Apr 10, 2024

Conversation

Yawning
Copy link
Contributor

@Yawning Yawning commented Mar 17, 2024
edited
Loading

  • Test rand_bytes on all supported platforms
  • Cleanups of the existing fiat derived code
  • Ed25519
    • Scalar field
    • Edwards25519 group
      • Faster scalar-basepoint multiply (defered, a lot of extra complexity)
      • Strauss-Shamir double scalar mult
    • EdDSA
      • RFC Test cases
      • speccheck test cases
  • ristretto255

Performance isn't amazing, clocking in at ~58 us keygen/sign, and ~60(+5) us verify. But as I made a conscious decision to tradeoff performance for "easy to implement, understand, and audit", this is more than acceptable. For reference, an implementation that pulls out all the stops does sign/keygen in ~18 us, and verify in ~37 us on my system, when the assembly is disabled.

The low hanging fruit for future improvement would be to add the comb based scalar-basepoint multiply, since that can also accelerate X25519 keygen. Improving the verify performance would require using the lattice decompose-then-multiply, which is incredibly complicated, and the existing implementation is ballpark competitive with others since the difference between a 4-bit fixed window, vs 5-bit sliding window isn't massive.

@Yawning Yawning force-pushed the feature/even-moar-crypto branch 8 times, most recently from ef47b1e to 3b1b3e9 Compare March 25, 2024 23:47
@Yawning Yawning force-pushed the feature/even-moar-crypto branch 14 times, most recently from 30a7e54 to 2d9a0dc Compare April 4, 2024 11:58
@Yawning Yawning force-pushed the feature/even-moar-crypto branch 8 times, most recently from 2dfc905 to c7aa5a6 Compare April 7, 2024 17:52
@Yawning
core/crypto: Add more documentation about assumptions (NFC)
a43a5b0
@Yawning
core/crypto: Add has_rand_bytes
b155fdf 
This allows runtime detection as to if `rand_bytes` is supported or not,
and lets us enable the test-case on all of the supported targets.
@Yawning
core/crypto/_fiat/field_curve25519: Use multiply to calculate the mask
f9b9521 
Largely for consistency with the generic code, either is valid with Odin
semantics, but this is easier to comprehend.
@Yawning
core/crypto/_fiat/field_curve25519: Move routines (NFC)
9a418fd
@Yawning
core/crypto/_fiat/field_poly1305: Move routines (NFC)
31aba5a
@Yawning
core/crypto/_fiat: odinfmt (NFC)
c951cbd
@Yawning
core/crypto/_fiat/field_curve25519: Mark more functions contextless
1ce279e
@Yawning
core/crypto/_fiat/field_poly1305: Use multiply to calculate the mask
36f3001
@Yawning
core/crypto/_fiat/field_poly1305: Mark more functions contextless
4defe88
@Yawning
core/crypto/_fiat/field_scalar25519: Initial import
fec42a6
@Yawning Yawning force-pushed the feature/even-moar-crypto branch 5 times, most recently from 962db2e to f22e1d1 Compare April 9, 2024 05:05
@Yawning Yawning marked this pull request as ready for review April 9, 2024 05:20
@Kelimion Kelimion merged commit 2ba2bc1 into odin-lang:master Apr 10, 2024
4 checks passed
@Yawning Yawning deleted the feature/even-moar-crypto branch April 10, 2024 13:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Yawning @Kelimion