jmg
/
ed448goldilocks
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

update HISTORY and TODO

master
Michael Hamburg 9 years ago
parent
0016b2675c
commit
9be017366a
3 changed files with 50 additions and 18 deletions
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +37
    -0
      HISTORY.txt
  2. +11
    -16
      TODO.txt
  3. +2
    -2
      src/decaf.c

+ 37
- 0
HISTORY.txt View File

@@ -1,3 +1,40 @@
January 15, 2016:
Lots of changes since the last entry in HISTORY.TXT.
Pushing eventually toward a 1.0 release, at least for the curves
themselves (i.e. not for STROBE), still a fair amount of stuff to
do.
I have pretty much all the functions I want implemented, except
that maybe there should be a compatibility mode for whatever CFRG
decides the real life format should be.
The library now supports multiple curves at once. A decaffeinated
curve isogenous to Curve25519 is now supported, but not especially
fast. This is all still a little rough around the edges. To make
it work in a sane way, most of the headers are generated using
Python templates. Probably those should be turned back into .h
files for syntax hilighting purposes; the code generation system
in general needs quite a tuneup.
The plus side is that this reduces the source code size, especially
for supporting many curves over many fields.
Currently the code only kind of halfway works on ARM, and not as
fast as it used to (on NEON anyway), by maybe 15-20%. I'm
investigating why. It's about as fast as it used to be on x86,
maybe a hair slower.
Montgomery ladder is currently out. Putting it back in might help
pin down the ARM NEON performance regression.

The BAT is currently broken.
Tracking at 55 TODO items, about half of which are important-ish.
Source code size is currently 12.8k wc-lines, including tests and
old fields (p480 and p521). I'm still trying to get that down, but
with things like 600 lines of NEON f_impl.c, that's not an easy task.

April 23, 2015: April 23, 2015:
Removed the original Goldilocks code; Decaf now stands on its own. Removed the original Goldilocks code; Decaf now stands on its own.
This cuts the source code approximately in half, to a still-large This cuts the source code approximately in half, to a still-large


+ 11
- 16
TODO.txt View File

@@ -1,13 +1,10 @@
Important work items for Ed448-Goldilocks / decaf: Important work items for Ed448-Goldilocks / decaf:


* Factor out hash, crandom from core library?
[DONE, except for C++ headers]

* Signed 32-bit NEON implementation to avoid bias/reduce after subtract * Signed 32-bit NEON implementation to avoid bias/reduce after subtract


* Documentation: write high-level API docs, and internal docs to help * Documentation: write high-level API docs, and internal docs to help
other implementors. other implementors.
* Partial progress on Doxygenating the code.
* Pretty good progress on Doxygenating the code.


* Documentation: write a spec or add to Watson's * Documentation: write a spec or add to Watson's


@@ -15,44 +12,42 @@ Important work items for Ed448-Goldilocks / decaf:
* namespace_op or op_namespace? namespace_op_type? * namespace_op or op_namespace? namespace_op_type?
* We don't have to be super-careful with the namespacing, because * We don't have to be super-careful with the namespacing, because
symbols will be scrubbed by visibility symbols will be scrubbed by visibility
* Mostly done.


* Cleanup: unify intrinsics code * Cleanup: unify intrinsics code
* Word_t, mask_t, bigregister_t, etc. * Word_t, mask_t, bigregister_t, etc.
* [ MOSTLY DONE ]
* Generate asm intrinsics with a script? * Generate asm intrinsics with a script?


* Testing: * Testing:
* More testing. Testing, testing and testing. * More testing. Testing, testing and testing.
* Test corner cases better. * Test corner cases better.


* Safety: add static analysis attributes for compilers that support them
* Most functions now have warn on ignored return.
* [ MOSTLY DONE ]

* Safety: * Safety:
* Decide what to do about RNG failures * Decide what to do about RNG failures
* abort * abort
* return error and zeroize
* return error and zeroize [ THIS ]
* return error but continue if RNG is kind of mostly OK * return error but continue if RNG is kind of mostly OK


* High-level API: [DONE]

* Portability: test and make clean with other compilers * Portability: test and make clean with other compilers
* Using a fair amount of __attribute__ code. * Using a fair amount of __attribute__ code.
* [DONE] Should work for GCC now.
* [Should work for GCC now. But not really on ARM.


* Portability: try to make the vector code as portable as possible * Portability: try to make the vector code as portable as possible
* Currently using clang ext_vector_length. * Currently using clang ext_vector_length.
* I can't get a simple for-loop to autovectorize :-/ * I can't get a simple for-loop to autovectorize :-/
* SAGE tool? * SAGE tool?


* [DONE] Portability: make the outer layers of the code 32-bit clean.

* [DONE] Performance/flexibility: decide which parameters should be hard-coded.
* Perhaps useful for comb precomputation.
* Portability: make the outer layers of the code 32-bit clean.
* Was [DONE], but a regression on ARM GCC.


* Performance: Improve SHAKE. * Performance: Improve SHAKE.
* Improve speed. (Maybe) * Improve speed. (Maybe)


* Clear other TODO/FIXME/HACK/PERF items in the code * Clear other TODO/FIXME/HACK/PERF items in the code


* More curves? E-521 at least? Ed41417?

* CFRG compat modes.

* Submit Decaf to SUPERCOP * Submit Decaf to SUPERCOP

+ 2
- 2
src/decaf.c View File

@@ -732,7 +732,7 @@ cond_neg_niels (
cond_neg(n->c, neg); cond_neg(n->c, neg);
} }


static void pt_to_pniels (
static NOINLINE void pt_to_pniels (
pniels_t b, pniels_t b,
const point_t a const point_t a
) { ) {
@@ -742,7 +742,7 @@ static void pt_to_pniels (
gf_add ( b->z, a->z, a->z ); gf_add ( b->z, a->z, a->z );
} }


static void pniels_to_pt (
static NOINLINE void pniels_to_pt (
point_t e, point_t e,
const pniels_t d const pniels_t d
) { ) {


Write Preview
Loading…
Cancel
Save