WIP: Internal bignum #61

pull theuni wants to merge 8 commits into bitcoin-core:master from theuni:internal-bignum changing 10 files +834 −67
  1. theuni commented at 6:44 am on September 11, 2014: contributor

    This is a work-in-progress. I’m not sure how performance will stack up with the others, so I figure it’s worth some high-level discussion before continuing. The formatting is sloppy, error checking is needed, and unit tests need to be added. The implementation is naive, but the results were better than I expected. Passes all current tests.

    At this point, everything is implemented except for modulo. I’ve pulled in #59 and #21 to avoid some of the more complication operations upfront. For modulo, libgmp is still required. Obviously this is temporary.

    To keep things simple, everything is stack-allocated. No vla’s. The largest unsigned type is used as the base. This ensures compatibility across all platforms. I’ve verified that linux x86 and x64 both work as intended. For now, the radix must match what libgmp uses (unsigned long). Once the missing operations are added, any size should work.

    There are some easy optims that could be added, but I’ve held off for the most part. Using int128 simplifies many operations, but it may be worth splitting that out into a separate implementation.

    Early results (keeping in mind that libgmp’s modulo is still being used) x86_64 64bit_asm as a baseline, using ‘bench’ as a naive benchmark: 80% of libgmp’s bignum 2x faster than openssl

    After some profiling and optimizing, I’m hoping it will be able to be in the same ball-park as libgmp. Also, from a bignum perspective, there are several changes that could be made to the internal api afterwards to speed things up.

  2. Avoid division when decomposing scalars
    - In secp256k1_gej_split_exp, there are two divisions used. Since the denominator is a constant known at compile-time, each can be replaced by a multiplication followed by a right-shift (and rounding).
    - Add the constants g1, g2 for this purpose and rewrite secp256k1_gej_split_exp accordingly.
    - Remove secp256k1_num_div since no longer used
    84bcb08922
  3. Abstract out inversion modulo order into secp256k1_ge_scalar_inverse 9f58a66bb8
  4. Implement inverse modulo order using ladder 0177b7386c
  5. Merge remote-tracking branch 'origin/pr/21' into internal-bignum 535a1472c4
  6. Merge remote-tracking branch 'origin/pr/59' into internal-bignum 61ba2b8b55
  7. bignum: add new files d5960cf109
  8. bignum: use internal if selected cbcd7916c5
  9. bignum: add configure option for internal bignum
    For now libgmp is still required for modulo.
    ee54d6dcaa
  10. theuni commented at 7:39 pm on November 12, 2014: contributor
    This was a pretty nasty hack-job. Better to start over if this is desired again later.
  11. theuni closed this on Nov 12, 2014


theuni


github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin-core/secp256k1. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2024-10-30 05:15 UTC

This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me