ed448goldilocks

Commit Graph

Author	SHA1	Message	Date
Mike Hamburg	2dacf20e3e	add scalar invert; unopt and opt; tests. It might be faster with dedicated montsqr and/or blinded egcd, but this is good enough for now	9 years ago
Michael Hamburg	59ed8f566c	change gf to a struct so that its alignment works on earlier clang	9 years ago
Mike Hamburg	746b050584	optimizing and cleanup; there is still a perf regression in decaf_fast but it is now smaller, and there isnt as big a space regression due to more careful noinline	9 years ago
Mike Hamburg	be0b5b8325	fix some mul/sqr-after-add bugs on arch_neon_experimental. Deprecate arch_neon because the experiment seems to be a success anyway	9 years ago
Mike Hamburg	93491671fa	gcc cleanliness	9 years ago
Mike Hamburg	a5834af9fc	test is in and passing; slightly simplified so far but nothing major	9 years ago
Michael Hamburg	543df14916	decaf direct scalarmul montgomery version coded but WRONG	10 years ago
Michael Hamburg	e84fd3f1fd	define experimental direct_scalarmul, which can be implemented as monty ladder (at least for comparison purposes at the beginning)	10 years ago
Michael Hamburg	ae24f96e09	copying existing decaf impl to "fast" version. not that fast yet, but uses native field mul code. Also rework precomputed tables to be agnostic of underlying impl	10 years ago
Michael Hamburg	4eb8567730	decaf signatures, but they dont work yet	10 years ago
Michael Hamburg	608eb2e065	Begin work on decaf_crypto. Have an ECDH analog now. Add decaf_bzero. Remove a bunch of testing from bench.c.	10 years ago
Mike Hamburg	b274e35d9a	Add "precomputed" API to decaf. It doesnt actually precompute in the mini decaf impl, but it passes tests.	10 years ago
Michael Hamburg	ade8246a3d	bench shake; API_VIS on shake	10 years ago
Michael Hamburg	f4c76b7487	SHAKE and SHA3 instances (experimental) based on code from David Leon Gil. Tested by hand but needs automatic KAT. I might also want to include Keyak or some similar duplex construction eventually.	10 years ago
Mike Hamburg	994812cf14	differentiate curve	10 years ago
Mike Hamburg	c50e8e8bf1	decaf is now 32-bit clean	10 years ago
Michael Hamburg	26cff2228d	fix decaf decode identity	10 years ago
Mike Hamburg	bcf7c88da8	fix another couple undeclared / misnamed function bugs	10 years ago
Michael Hamburg	06be9ef253	decaf double and double-scalarmul, but needs to be tested	10 years ago
Michael Hamburg	d4f4d0ed60	ready for prime time?	10 years ago
Michael Hamburg	83c59a645a	decaf scalars work	10 years ago
Michael Hamburg	0dc21dd9d7	negation properties for elligator	10 years ago
Michael Hamburg	dc1e4edc24	decaf elligator	10 years ago
Mike Hamburg	b3f7d97977	decaf scalarmul signed w=2 working. Surprisingly only twice as slow as Goldilocks	10 years ago
Michael Hamburg	ffb44b4c94	decaf tuning and simplification	10 years ago
Michael Hamburg	07906ec1a4	testing for decaf	10 years ago
Michael Hamburg	3988b1ad7f	decaf first cut	10 years ago
Mike Hamburg	e251453d15	simple extended form is in. Probably simplify it more...	10 years ago
Mike Hamburg	812163ff60	decaf uses high bit instead of low bit	10 years ago
Michael Hamburg	4333b7c1f1	pass pathological decaf test cases!	10 years ago
Michael Hamburg	12a5d0890c	decaf seems to work for monty; needs more testing, negative testing. Now should match sage script exactly.	10 years ago
Michael Hamburg	4f27b22a1d	decaf ladder is "correct", but not yet serializing to decaf	10 years ago
Mike Hamburg	26c04d14ca	another test issue found by scan-build	10 years ago
Mike Hamburg	89165c7021	fix test issue found by scan-build	10 years ago
Mike Hamburg	a59228c69c	const** related fixes for gcc	10 years ago
Michael Hamburg	93e866bb8c	gmp-style foo_t[1] for points too Conflicts: src/include/ec_point.h	10 years ago
Michael Hamburg	d383dfe91e	going to GMP-style element[1] types Conflicts: src/include/ec_point.h src/p448/magic.c src/p480/magic.c src/p521/magic.c test/bench.c	10 years ago
Michael Hamburg	b0a2110717	remove probably-unnecessary optimizations (still needs benching to make sure) Conflicts: src/include/field.h	10 years ago
Michael Hamburg	8abc24f4c6	montgomery aux step is defined; probably doesnt work	10 years ago
Michael Hamburg	ebb6b4db6d	both edwards and twisted edwards are in, and agree with one another. point comparison is in.	10 years ago
Michael Hamburg	a9e16440a2	decaf in and working for untwisted curve	10 years ago
Mike Hamburg	84abf97bb7	remember to save HISTORY.txt; also fix some regressions related to -Werror dead code	10 years ago
Mike Hamburg	1d07343067	p521 testing, 803kcy ecdh	10 years ago
Mike Hamburg	6546660199	E-521-related changes. Not quite ready yet... This is largely a save-your-work checkin. Created p521/arch_ref64 code to make sure E-521 basically works. Fixed some of the testing code around E-521. It doesn't quite pass everything yet. Created p521/arch_x86_64 code with optimized multiply. In this checkin, the multiply is fast and works, but all the other code in that directory is the completely unoptimized ref64 build which reduces after every add and sub. So the whole thing isn't fast yet.	10 years ago
Mike Hamburg	1f480b0f95	Big changes for curve flexibility. For details see HISTORY.txt. Very experimental Ed480-Ridinghood support is now in. It's not fully optimized, but in general the current build is 8-15% slower than Goldilocks. It only works on arch_x86_64, though arch_ref64 support ought to be easy. Support on other arches will be trickier, which is of course why I chose Goldilocks over Ridinghood in the first place. Next up, E-521. Hopefully. The code is starting to get spread out over a lot of files. Some are per field*arch, some per field, some per curve, some global. It's hard to do much about this, though, with a rather ugly .c.inc system. There's currently no way to make a Ridinghood eBAT. In fact, I haven't tested eBAT support in this commit. I also haven't tested NEON, but at least ARCH_32 works on Intel.	10 years ago
Mike Hamburg	165510d57c	Working on demagication, so as to support other curves for the CFRG benchmarks in a month or so. Create new src/arithmetic.c for field-independent arithmetic (eg batch invert, is_square). Replace p448_ with field_ where possible. Create constant EDWARDS_D = -39081. Create inline function field_mulw_scc for multiplying by compile-time signed curve constants.	10 years ago
Michael Hamburg	4433591cfc	Forget yesterday's hack; just add an arch_config.h to each arch which says how many bits it is. Add batarch.map for eBATS architecture renaming.	10 years ago
David Leon Gil	c699cb29db	Minor src/include/barrett_field.h: - Requires review: corrected failure to cast to (mask_t) prior to negation. (Or, if this is wrong; should cast to needed bitwidth explicitly.) - Changed type of nwords_out to uint32_t to agree with header. src/include/intrinsics.h: - Fixed up various preprocessor statements to check for definition rather than value of built-ins. - Added macro to use Clang’s __builtin_readcyclecounter on platforms on which it’s available. (Which is most platforms these days.) src/include/magic.h: Preprocessor “if” versus “if defined”. src/include/word.h: Fixed ifdefs; enabled support for memset_s on Darwin. Added explicit cast to mask_t. Added void to function definitions and declarations in the following files (not including void is okay in modern C++, but not modern C, IIRC): include/goldilocks.h, src/crandom.c, src/goldilocks.c, src/include/api.h, src/include/intrinsics.h, test/bench.c, test/test.c, test/test.h, test/test_arithmetic.c, test/test_goldilocks.c, test/test_pointops.c, test/test_scalarmul.c, test/test_sha512.c	10 years ago
Mike Hamburg	c28723f699	possibly the eBAT actually works now?	10 years ago
Mike Hamburg	04b955eabe	Added really_memset, thanks David Leon Gil. Trying to work around an apparent GCC bug on SSE2, thanks Samuel Neves. Added an experimental NEON arch. It's fast. It's not yet GCC clean. It needs some more work on general cleanliness too.	10 years ago

1 2

53 Commits (d675971feed65c0ea818e763868565d2a4d07fb5)