ed448goldilocks

Commit Graph

Author	SHA1	Message	Date
Michael Hamburg	64adbd1082	split c crypto routines for now (a bit of a hack :-/)	9 years ago
Michael Hamburg	49629216f8	simplify elligator (todo: test more? eg 1/(1-d) on 25519)	9 years ago
Michael Hamburg	e95b7c7f0e	made scalar inverse WARN_UNUSED and made it throw. Small fix to sagetest. Changed some places that assumed that success is true, in case I want to adopt the proposal that success is 0	9 years ago
Michael Hamburg	cdab495338	Cross-curve compilation working! Still a bunch of FIXMEs though	9 years ago
Michael Hamburg	d703b31062	fix some PRECIOUS	9 years ago
Michael Hamburg	719fcacc58	working on multicurve build system	9 years ago
Mike Hamburg	60b14fb0f1	add FixedBuffer	9 years ago
Mike Hamburg	538fe68866	OwnedOrUnowned as base for Precomputed	9 years ago
Mike Hamburg	6bc7a3db3b	rework build hierarchy to prepare for generated headers	9 years ago
Michael Hamburg	42a561d018	some accel in for curve25519	9 years ago
Michael Hamburg	d501753648	factor common routines and data decls out into decaf_common.h. Now leaking NONNULL etc	9 years ago
Michael Hamburg	03ecad0551	it compiles, but it certainly doesnt work yet	9 years ago
Mike Hamburg	40b1f8b85e	initial replace 448->255; doesnt compile yet	9 years ago
Michael Hamburg	4fe3b9d06a	begin groundwork for sage testing	9 years ago
Mike Hamburg	a1d33e0b6a	change decaf_gen_tables to use FIELD_LITERAL so that `make bat` makes a portable bat	9 years ago
Mike Hamburg	45a271dc0c	fix most of SUPERCOP stuff. However, the results of `make bat` still are not portable because the generated tables use arch specific field element layout	9 years ago
Michael Hamburg	fc3be89e4c	trying to templatize	9 years ago
Michael Hamburg	e6441d0c3c	working on templatization	9 years ago
Mike Hamburg	9f7b8eb1ca	restore wno-overlength-strings (it was used for NEON)	9 years ago
Mike Hamburg	febe900161	makefile rpath settings	9 years ago
Michael Hamburg	f18cf359c6	remove files used by goldilocks/master, leaving only decaf	9 years ago
Mike Hamburg	484e05b472	shuffling permutation. tested and benched on NEON; slightly faster than goldilocks original except verification which is slightly slower	9 years ago
Michael Hamburg	469aa48079	switch to underlying field de/ser ops for portability	9 years ago
Mike Hamburg	18e7c31691	more tests and benchmarks	9 years ago
Mike Hamburg	59ab6ce535	working on c++ benchmark	9 years ago
Mike Hamburg	4d995ac1d8	Doxygenation	9 years ago
Mike Hamburg	faeb1fb092	decaf tests coming online	9 years ago
Mike Hamburg	5f919a45f2	start on c++ wrapper	9 years ago
Mike Hamburg	b2dc216b40	finish porting precomputed verify to decaf_fast. Remove tables as dependency of decaf slow	9 years ago
Michael Hamburg	59ed8f566c	change gf to a struct so that its alignment works on earlier clang	9 years ago
Mike Hamburg	3051dc4d03	precompute/precomputed sm works. needs demagication. slight perf regression in this build for some reason?	9 years ago
Michael Hamburg	ae24f96e09	copying existing decaf impl to "fast" version. not that fast yet, but uses native field mul code. Also rework precomputed tables to be agnostic of underlying impl	9 years ago
Michael Hamburg	608eb2e065	Begin work on decaf_crypto. Have an ECDH analog now. Add decaf_bzero. Remove a bunch of testing from bench.c.	10 years ago
Michael Hamburg	ade8246a3d	bench shake; API_VIS on shake	10 years ago
Michael Hamburg	f4c76b7487	SHAKE and SHA3 instances (experimental) based on code from David Leon Gil. Tested by hand but needs automatic KAT. I might also want to include Keyak or some similar duplex construction eventually.	10 years ago
Mike Hamburg	c50e8e8bf1	decaf is now 32-bit clean	10 years ago
Michael Hamburg	acf4443c48	DECAF_SER_BYTES -> DECAF_SCALAR_BYTES in scalar codec	10 years ago
Michael Hamburg	3988b1ad7f	decaf first cut	10 years ago
Mike Hamburg	34a2931789	decaf no longer needs sqrt(-d) etc; may simplify port to other curves	10 years ago
Mike Hamburg	1f480b0f95	Big changes for curve flexibility. For details see HISTORY.txt. Very experimental Ed480-Ridinghood support is now in. It's not fully optimized, but in general the current build is 8-15% slower than Goldilocks. It only works on arch_x86_64, though arch_ref64 support ought to be easy. Support on other arches will be trickier, which is of course why I chose Goldilocks over Ridinghood in the first place. Next up, E-521. Hopefully. The code is starting to get spread out over a lot of files. Some are per field*arch, some per field, some per curve, some global. It's hard to do much about this, though, with a rather ugly .c.inc system. There's currently no way to make a Ridinghood eBAT. In fact, I haven't tested eBAT support in this commit. I also haven't tested NEON, but at least ARCH_32 works on Intel.	10 years ago
Mike Hamburg	165510d57c	Working on demagication, so as to support other curves for the CFRG benchmarks in a month or so. Create new src/arithmetic.c for field-independent arithmetic (eg batch invert, is_square). Replace p448_ with field_ where possible. Create constant EDWARDS_D = -39081. Create inline function field_mulw_scc for multiplying by compile-time signed curve constants.	10 years ago
Mike Hamburg	cc3c637732	Changes to the eBAT build system, to bring the code and package closer to how DJB expects them.	10 years ago
Michael Hamburg	4433591cfc	Forget yesterday's hack; just add an arch_config.h to each arch which says how many bits it is. Add batarch.map for eBATS architecture renaming.	10 years ago
Mike Hamburg	c28723f699	possibly the eBAT actually works now?	10 years ago
Mike Hamburg	76b75624bc	Thanks again Samuel Neves: the "gcc bug" is actually undefined behavior caused by strict aliasing. For now just passing -fno-strict-aliasing, maybe unions to fix it later	10 years ago
Mike Hamburg	04b955eabe	Added really_memset, thanks David Leon Gil. Trying to work around an apparent GCC bug on SSE2, thanks Samuel Neves. Added an experimental NEON arch. It's fast. It's not yet GCC clean. It needs some more work on general cleanliness too.	10 years ago
Michael Hamburg	4eb210cd85	Mostly a cleanup release. Cleanup old code, improve documentation, improve GCC-cleanness, etc. Disable the crandom output buffer so that it won't return duplicate data across fork(). I should still stir in more entropy into the buffer at least when RDRAND is available, but this should prevent disasters for now. The Elligator code in the current version is incompatible with past versions due to a minor tweak. It wasn't being called by any of the API functions, though. Removing "magic" constants and type names. So for example p448_t is now field_t (though maybe it should really be felem_t?). This should enable other curves with the Goldilocks code in the not-too- distant future. Added CRANDOM_MIGHT_IS_MUST so that you don't have to -D a bunch of things on the command line. You can `make bat` to make an eBAT which probably doesn't work. I haven't implemented the improved nonce generation from the curves@moderncrypto.org thread yet.	10 years ago
Michael Hamburg	8ebdfaee0b	gcc-clean, though the code is slow when compiled by gcc	10 years ago
Michael Hamburg	d4085b9606	Internal changes which break compatibility with previous versions (you knew this would happen). Added ARM NEON support. Added support for precomputation on public keys, which speeds up later signatures and ECDH calls. See history.txt or the doc for details. Reworked internals so that private keys can be derived from any 32-byte secret random value. This also means that secret keys can be "compressed" for cold storage. Added more tests. Running the tests now requires GMP, though Goldilocks itself does not. Linking now uses visibility instead of exported.sym.	10 years ago
Michael Hamburg	1eab9a3a08	New release. Rework the directory structure into something saner, with src/ test/ include/ and build/ Beginning some tests. Also, now support scan-build. Now support 32-bit including vectorless ARM. NEON is not yet supported, because I don't have a test machine. Many internal changes, improvements, and bug fixes.	10 years ago

1 2

68 Commits (2eacff6ad602a38cd5e885933bc0de244fabe17b)