Skip to content
This repository has been archived by the owner on Dec 5, 2023. It is now read-only.

AffinePoint in LookupTable + NafLookupTable for Shamir's trick #19

Merged
merged 13 commits into from
Mar 15, 2022
Merged

AffinePoint in LookupTable + NafLookupTable for Shamir's trick #19

merged 13 commits into from
Mar 15, 2022

Conversation

Nashtare
Copy link
Contributor

@Nashtare Nashtare commented Mar 8, 2022
edited
Loading

This PR the internal type of points in LookupTable from ProjectivePoint to AffinePoint to benefit from faster mixed-addition. The performance difference is more important for multiplication with the hardcoded BASEPOINT_TABLE, about 13% faster.

It also integrates w-NAF conversion of Scalar elements for efficient Shamir's trick, useful in ECDSA or Schnorr signature verification.

The change to AffinePoint as internal type of the LookupTable requires the use of lazy_static! to construct the BASEPOINT_TABLE.

closes #13
closes #14

@Nashtare Nashtare self-assigned this Mar 8, 2022
@Nashtare Nashtare added the enhancement New feature or request label Mar 8, 2022
@Nashtare Nashtare force-pushed the lookup branch 3 times, most recently from 7a9623d to 71e26d6 Compare March 9, 2022 08:21
@Nashtare Nashtare changed the title AffinePoint in LookupTable AffinePoint in LookupTable + NafLookupTable for Shamir's trick Mar 14, 2022
@Nashtare
Use NafLookupTable in variable-time scalar multiplication methods
0d8564c 
Use existing methods for cofactor clearing and torsion check
@Nashtare
Copy link
Contributor Author

NAF based scalar mult with a window size of 5 seems to be even more efficient than the regular Lookup based scalar mult, hence relying on this for "vartime" methods.

@Nashtare Nashtare requested a review from baumbata March 14, 2022 16:17
@Nashtare Nashtare marked this pull request as ready for review March 14, 2022 16:17
baumbata
baumbata reviewed Mar 14, 2022
View reviewed changes
src/curve.rs Outdated Show resolved Hide resolved
baumbata
baumbata reviewed Mar 14, 2022
View reviewed changes
src/curve.rs Outdated
Comment on lines 936 to 940
if i == 0 {
break;
}

i -= 1;
Copy link

@baumbata baumbata Mar 14, 2022
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is it more efficient to do it this way than to have e.g. for i in (0..i+1).rev()?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I believe it's the same, I'm afraid of readability here as i refers to a loop indexed by i, so I instead used for j in (0..i + 1).rev().

baumbata
baumbata approved these changes Mar 14, 2022
View reviewed changes
Copy link

@baumbata baumbata left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me.

@Nashtare Nashtare merged commit 62370d8 into main Mar 15, 2022
@Nashtare Nashtare deleted the lookup branch March 15, 2022 07:39
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@baumbata baumbata baumbata approved these changes

Assignees

@Nashtare Nashtare

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Lookup tables with AffinePoint for Projective scalar multiplication Add w-NAF scalar multiplication
2 participants
@Nashtare @baumbata