From 4d07cdf2eeeba734bb28336b75e08843305a6ec3 Mon Sep 17 00:00:00 2001
From: Michael Hamburg <mike@shiftleft.org>
Date: Fri, 1 May 2015 13:20:45 -0700
Subject: [PATCH] rename decaf::decaf to decaf::EcGroup to avoid naming
 conflict; discard top and bottom two benchmarks to avoid descheduling issues
 which cause calibration to say THz

---
 include/decaf.hxx                      |  4 +-
 include/shake.hxx                      |  4 +-
 src/p448/arch_32/p448.c                | 16 --------
 src/p448/arch_arm_32/p448.c            | 16 --------
 src/p448/arch_neon_experimental/p448.c | 16 --------
 src/p448/arch_ref64/p448.c             | 16 --------
 src/p448/arch_x86_64/p448.c            | 16 --------
 src/p480/arch_x86_64/p480.c            | 16 --------
 src/p521/arch_ref64/p521.c             | 16 --------
 src/p521/arch_x86_64_r12/p521.c        | 16 --------
 test/bench_decaf.cxx                   | 52 ++++++++++++++++++++------
 test/test_decaf.cxx                    |  6 +--
 12 files changed, 48 insertions(+), 146 deletions(-)

diff --git a/include/decaf.hxx b/include/decaf.hxx
index f1056ef..788c2ca 100644
--- a/include/decaf.hxx
+++ b/include/decaf.hxx
@@ -238,12 +238,12 @@ class SpongeRng;
  * @brief Group with prime order.
  * @todo Move declarations of functions up here?
  */
-template<GroupId group = Ed448Goldilocks> struct decaf;
+template<GroupId group = Ed448Goldilocks> struct EcGroup;
 
 /**
  * @brief Ed448-Goldilocks/Decaf instantiation of group.
  */
-template<> struct decaf<Ed448Goldilocks> {
+template<> struct EcGroup<Ed448Goldilocks> {
 
 /** @cond internal */
 class Point;
diff --git a/include/shake.hxx b/include/shake.hxx
index fbe64cf..1e401ae 100644
--- a/include/shake.hxx
+++ b/include/shake.hxx
@@ -193,11 +193,11 @@ private:
 
 /**@cond internal*/
 /* FIXME: multiple sizes */
-decaf<448>::Scalar::Scalar(SpongeRng &rng) {
+EcGroup<448>::Scalar::Scalar(SpongeRng &rng) {
     *this = rng.read(SER_BYTES);
 }
 
-decaf<448>::Point::Point(SpongeRng &rng, bool uniform) {
+EcGroup<448>::Point::Point(SpongeRng &rng, bool uniform) {
     SecureBuffer buffer((uniform ? 2 : 1) * HASH_BYTES);
     rng.read(buffer);
     if (uniform) {
diff --git a/src/p448/arch_32/p448.c b/src/p448/arch_32/p448.c
index b53250c..6921c2f 100644
--- a/src/p448/arch_32/p448.c
+++ b/src/p448/arch_32/p448.c
@@ -177,22 +177,6 @@ p448_strong_reduce (
     assert(is_zero(carry + scarry));
 }
 
-mask_t
-p448_is_zero (
-    const struct p448_t *a
-) {
-    struct p448_t b;
-    p448_copy(&b,a);
-    p448_strong_reduce(&b);
-
-    uint32_t any = 0;
-    int i;
-    for (i=0; i<16; i++) {
-        any |= b.limb[i];
-    }
-    return is_zero(any);
-}
-
 void
 p448_serialize (
     uint8_t *serial,
diff --git a/src/p448/arch_arm_32/p448.c b/src/p448/arch_arm_32/p448.c
index a4acd83..fc526f8 100644
--- a/src/p448/arch_arm_32/p448.c
+++ b/src/p448/arch_arm_32/p448.c
@@ -904,22 +904,6 @@ p448_strong_reduce (
     assert(is_zero(carry + scarry));
 }
 
-mask_t
-p448_is_zero (
-    const struct p448_t *a
-) {
-    struct p448_t b;
-    p448_copy(&b,a);
-    p448_strong_reduce(&b);
-
-    uint32_t any = 0;
-    int i;
-    for (i=0; i<16; i++) {
-        any |= b.limb[i];
-    }
-    return is_zero(any);
-}
-
 void
 p448_serialize (
     uint8_t *serial,
diff --git a/src/p448/arch_neon_experimental/p448.c b/src/p448/arch_neon_experimental/p448.c
index 6338d24..30151cc 100644
--- a/src/p448/arch_neon_experimental/p448.c
+++ b/src/p448/arch_neon_experimental/p448.c
@@ -662,22 +662,6 @@ p448_strong_reduce (
     assert(is_zero(carry + scarry));
 }
 
-mask_t
-p448_is_zero (
-    const struct p448_t *a
-) {
-    struct p448_t b;
-    p448_copy(&b,a);
-    p448_strong_reduce(&b);
-
-    uint32_t any = 0;
-    int i;
-    for (i=0; i<16; i++) {
-        any |= b.limb[i];
-    }
-    return is_zero(any);
-}
-
 void
 p448_serialize (
     uint8_t *serial,
diff --git a/src/p448/arch_ref64/p448.c b/src/p448/arch_ref64/p448.c
index 1668211..76fb300 100644
--- a/src/p448/arch_ref64/p448.c
+++ b/src/p448/arch_ref64/p448.c
@@ -369,22 +369,6 @@ p448_strong_reduce (
     assert(is_zero(carry + scarry));
 }
 
-mask_t
-p448_is_zero (
-    const struct p448_t *a
-) {
-    struct p448_t b;
-    p448_copy(&b,a);
-    p448_strong_reduce(&b);
-
-    uint64_t any = 0;
-    int i;
-    for (i=0; i<8; i++) {
-        any |= b.limb[i];
-    }
-    return is_zero(any);
-}
-
 void
 p448_serialize (
     uint8_t *serial,
diff --git a/src/p448/arch_x86_64/p448.c b/src/p448/arch_x86_64/p448.c
index 8fa80a3..120bbbb 100644
--- a/src/p448/arch_x86_64/p448.c
+++ b/src/p448/arch_x86_64/p448.c
@@ -348,22 +348,6 @@ p448_strong_reduce (
     assert(is_zero(carry + scarry));
 }
 
-mask_t
-p448_is_zero (
-    const struct p448_t *a
-) {
-    struct p448_t b;
-    p448_copy(&b,a);
-    p448_strong_reduce(&b);
-
-    uint64_t any = 0;
-    int i;
-    for (i=0; i<8; i++) {
-        any |= b.limb[i];
-    }
-    return is_zero(any);
-}
-
 void
 p448_serialize (
     uint8_t *serial,
diff --git a/src/p480/arch_x86_64/p480.c b/src/p480/arch_x86_64/p480.c
index 6110373..ec7345f 100644
--- a/src/p480/arch_x86_64/p480.c
+++ b/src/p480/arch_x86_64/p480.c
@@ -348,22 +348,6 @@ p480_strong_reduce (
     assert(is_zero(carry + scarry));
 }
 
-mask_t
-p480_is_zero (
-    const struct p480_t *a
-) {
-    struct p480_t b;
-    p480_copy(&b,a);
-    p480_strong_reduce(&b);
-
-    uint64_t any = 0;
-    int i;
-    for (i=0; i<8; i++) {
-        any |= b.limb[i];
-    }
-    return is_zero(any);
-}
-
 void
 p480_serialize (
     uint8_t *serial,
diff --git a/src/p521/arch_ref64/p521.c b/src/p521/arch_ref64/p521.c
index 8238699..fbcc149 100644
--- a/src/p521/arch_ref64/p521.c
+++ b/src/p521/arch_ref64/p521.c
@@ -346,22 +346,6 @@ p521_strong_reduce (
     assert(is_zero(carry + scarry));
 }
 
-mask_t
-p521_is_zero (
-    const struct p521_t *a
-) {
-    struct p521_t b;
-    p521_copy(&b,a);
-    p521_strong_reduce(&b);
-
-    uint64_t any = 0;
-    int i;
-    for (i=0; i<9; i++) {
-        any |= b.limb[i];
-    }
-    return is_zero(any);
-}
-
 void
 p521_serialize (
     uint8_t *serial,
diff --git a/src/p521/arch_x86_64_r12/p521.c b/src/p521/arch_x86_64_r12/p521.c
index f61992c..98fae11 100644
--- a/src/p521/arch_x86_64_r12/p521.c
+++ b/src/p521/arch_x86_64_r12/p521.c
@@ -417,22 +417,6 @@ p521_strong_reduce (
     a->limb[3] = a->limb[7] = a->limb[11] = 0;
 }
 
-mask_t
-p521_is_zero (
-    const struct p521_t *a
-) {
-    struct p521_t b;
-    p521_copy(&b,a);
-    p521_strong_reduce(&b);
-
-    uint64_t any = 0;
-    unsigned int i;
-    for (i=0; i<sizeof(b)/sizeof(b.limb[0]); i++) {
-        any |= b.limb[i];
-    }
-    return is_zero(any);
-}
-
 void
 p521_serialize (
     uint8_t *serial,
diff --git a/test/bench_decaf.cxx b/test/bench_decaf.cxx
index 056fff1..0e18cde 100644
--- a/test/bench_decaf.cxx
+++ b/test/bench_decaf.cxx
@@ -17,11 +17,13 @@
 #include <sys/time.h>
 #include <assert.h>
 #include <stdint.h>
+#include <vector>
+#include <algorithm>
 
 using namespace decaf;
-typedef decaf<448>::Scalar Scalar;
-typedef decaf<448>::Point Point;
-typedef decaf<448>::Precomputed Precomputed;
+typedef EcGroup<448>::Scalar Scalar;
+typedef EcGroup<448>::Point Point;
+typedef EcGroup<448>::Precomputed Precomputed;
 
 
 static __inline__ void __attribute__((unused)) ignore_result ( int result ) { (void)result; }
@@ -66,31 +68,44 @@ static void printSI(double x, const char *unit, const char *spacer = " ") {
 }
 
 class Benchmark {
-    static const int NTESTS = 1000;
+    static const int NTESTS = 20, NSAMPLES=50, DISCARD=2;
     static double totalCy, totalS;
     /* FIXME Tcy if get descheduled */
 public:
-    int i, ntests;
+    int i, j, ntests, nsamples;
     double begin;
     uint64_t tsc_begin;
+    std::vector<double> times;
+    std::vector<uint64_t> cycles;
     Benchmark(const char *s, double factor = 1) {
         printf("%s:", s);
         if (strlen(s) < 25) printf("%*s",int(25-strlen(s)),"");
         fflush(stdout);
-        i = 0;
+        i = j = 0;
         ntests = NTESTS * factor;
+        nsamples = NSAMPLES;
         begin = now();
         tsc_begin = rdtsc();
+        times = std::vector<double>(NSAMPLES);
+        cycles = std::vector<uint64_t>(NSAMPLES);
     }
     ~Benchmark() {
-        double tsc = (rdtsc() - tsc_begin) * 1.0;
-        double t = (now() - begin);
+        double tsc = 0;
+        double t = 0;
+        
+        std::sort(times.begin(), times.end());
+        std::sort(cycles.begin(), cycles.end());
+        
+        for (int k=DISCARD; k<nsamples-DISCARD; k++) {
+            tsc += cycles[k];
+            t += times[k];
+        }
         
         totalCy += tsc;
         totalS += t;
         
-        t /= ntests;
-        tsc /= ntests;
+        t /= ntests*(nsamples-2*DISCARD);
+        tsc /= ntests*(nsamples-2*DISCARD);
         
         printSI(t,"s");
         printf("    ");
@@ -98,7 +113,22 @@ public:
         if (tsc) { printf("    "); printSI(tsc, "cy"); }
         printf("\n");
     }
-    inline bool iter() { return i++ < ntests; }
+    inline bool iter() {
+        i++;
+        if (i >= ntests) {
+            uint64_t tsc = rdtsc() - tsc_begin;
+            double t = now() - begin;
+            begin += t;
+            tsc_begin += tsc;
+            assert(j >= 0 && j < nsamples);
+            cycles[j] = tsc;
+            times[j] = t;
+            
+            j++;
+            i = 0;
+        }
+        return j < nsamples;
+    }
     static void calib() {
         if (totalS && totalCy) {
             const char *s = "Cycle calibration";
diff --git a/test/test_decaf.cxx b/test/test_decaf.cxx
index 9cae71c..1cf43ec 100644
--- a/test/test_decaf.cxx
+++ b/test/test_decaf.cxx
@@ -42,9 +42,9 @@ public:
 
 template<decaf::GroupId GROUP> struct Tests {
 
-typedef typename decaf::decaf<GROUP>::Scalar Scalar;
-typedef typename decaf::decaf<GROUP>::Point Point;
-typedef typename decaf::decaf<GROUP>::Precomputed Precomputed;
+typedef typename decaf::EcGroup<GROUP>::Scalar Scalar;
+typedef typename decaf::EcGroup<GROUP>::Point Point;
+typedef typename decaf::EcGroup<GROUP>::Precomputed Precomputed;
 
 static void print(const char *name, const Scalar &x) {
     unsigned char buffer[DECAF_448_SCALAR_BYTES];