Constant-time 𝔾ₜ exponentiation with endomorphism acceleration

benchmarks/bench_ec_g1_scalar_mul.nim

@@ -8,11 +8,9 @@
 
 import
   # Internals
-  constantine/named/algebras,
+  constantine/named/[algebras, zoo_endomorphisms],
   constantine/math/arithmetic,
-  constantine/math/elliptic/[
-    ec_shortweierstrass_projective,
-    ec_shortweierstrass_jacobian],
+  constantine/math/ec_shortweierstrass,
   # Helpers
   ./bench_elliptic_template
 
@@ -69,7 +67,7 @@ proc main() =
     scalarMulVartimeWNAFBench(EC_ShortW_Jac[Fp[curve], G1], bits, window = 4, MulIters)
     scalarMulVartimeWNAFBench(EC_ShortW_Jac[Fp[curve], G1], bits, window = 5, MulIters)
     separator()
-    when bits >= 196: # All endomorphisms constants are below this threshold
+    when bits >= EndomorphismThreshold: # All endomorphisms constants are below this threshold
       scalarMulVartimeEndoWNAFBench(EC_ShortW_Prj[Fp[curve], G1], bits, window = 2, MulIters)
       scalarMulVartimeEndoWNAFBench(EC_ShortW_Prj[Fp[curve], G1], bits, window = 3, MulIters)
       scalarMulVartimeEndoWNAFBench(EC_ShortW_Prj[Fp[curve], G1], bits, window = 4, MulIters)

benchmarks/bench_ec_g2.nim

@@ -11,10 +11,7 @@ import
   constantine/named/algebras,
   constantine/math/arithmetic,
   constantine/math/extension_fields,
-  constantine/math/elliptic/[
-    ec_shortweierstrass_projective,
-    ec_shortweierstrass_jacobian,
-    ec_shortweierstrass_jacobian_extended],
+  constantine/math/ec_shortweierstrass,
   # Helpers
   ./bench_elliptic_template,
   # Standard library

benchmarks/bench_ec_g2_scalar_mul.nim

@@ -8,12 +8,10 @@
 
 import
   # Internals
-  constantine/named/algebras,
+  constantine/named/[algebras, zoo_endomorphisms],
   constantine/math/arithmetic,
   constantine/math/extension_fields,
-  constantine/math/elliptic/[
-    ec_shortweierstrass_projective,
-    ec_shortweierstrass_jacobian],
+  constantine/math/ec_shortweierstrass,
   # Helpers
   ./bench_elliptic_template
 
@@ -68,7 +66,7 @@ proc main() =
     scalarMulVartimeWNAFBench(EC_ShortW_Jac[Fp2[curve], G2], bits, window = 4, MulIters)
     scalarMulVartimeWNAFBench(EC_ShortW_Jac[Fp2[curve], G2], bits, window = 5, MulIters)
     separator()
-    when bits >= 196: # All endomorphisms constants are below this threshold
+    when bits >= EndomorphismThreshold: # All endomorphisms constants are below this threshold
       scalarMulVartimeEndoWNAFBench(EC_ShortW_Prj[Fp2[curve], G2], bits, window = 2, MulIters)
       scalarMulVartimeEndoWNAFBench(EC_ShortW_Prj[Fp2[curve], G2], bits, window = 3, MulIters)
       scalarMulVartimeEndoWNAFBench(EC_ShortW_Prj[Fp2[curve], G2], bits, window = 4, MulIters)

benchmarks/bench_ec_msm_bandersnatch.nim

@@ -10,7 +10,7 @@ import
   # Internals
   constantine/named/algebras,
   constantine/math/arithmetic,
-  constantine/math/elliptic/ec_twistededwards_projective,
+  constantine/math/ec_twistededwards,
   # Helpers
   helpers/prng_unsafe,
   ./bench_elliptic_parallel_template

benchmarks/bench_ec_msm_bls12_381_g1.nim

@@ -10,9 +10,7 @@ import
   # Internals
   constantine/named/algebras,
   constantine/math/arithmetic,
-  constantine/math/elliptic/[
-    ec_shortweierstrass_projective,
-    ec_shortweierstrass_jacobian],
+  constantine/math/ec_shortweierstrass,
   # Helpers
   helpers/prng_unsafe,
   ./bench_elliptic_parallel_template

benchmarks/bench_ec_msm_bls12_381_g2.nim

@@ -10,9 +10,7 @@ import
   # Internals
   constantine/named/algebras,
   constantine/math/extension_fields,
-  constantine/math/elliptic/[
-    ec_shortweierstrass_projective,
-    ec_shortweierstrass_jacobian],
+  constantine/math/ec_shortweierstrass,
   # Helpers
   helpers/prng_unsafe,
   ./bench_elliptic_parallel_template

benchmarks/bench_ec_msm_bn254_snarks_g1.nim

@@ -10,9 +10,7 @@ import
   # Internals
   constantine/named/algebras,
   constantine/math/arithmetic,
-  constantine/math/elliptic/[
-    ec_shortweierstrass_projective,
-    ec_shortweierstrass_jacobian],
+  constantine/math/ec_shortweierstrass,
   # Helpers
   ./bench_elliptic_parallel_template
 

benchmarks/bench_ec_msm_pasta.nim

@@ -10,9 +10,7 @@ import
   # Internals
   constantine/named/algebras,
   constantine/math/arithmetic,
-  constantine/math/elliptic/[
-    ec_shortweierstrass_projective,
-    ec_shortweierstrass_jacobian],
+  constantine/math/ec_shortweierstrass,
   # Helpers
   helpers/prng_unsafe,
   ./bench_elliptic_parallel_template

benchmarks/bench_elliptic_template.nim

@@ -24,7 +24,7 @@ import
     ec_shortweierstrass_jacobian,
     ec_shortweierstrass_jacobian_extended,
     ec_shortweierstrass_batch_ops,
-    ec_scalar_mul, ec_endomorphism_accel],
+    ec_scalar_mul],
     constantine/named/zoo_subgroups,
   # Helpers
   helpers/prng_unsafe,
@@ -210,7 +210,7 @@ proc scalarMulVartimeMinHammingWeightRecodingBench*(EC: typedesc, bits: static i
 
   bench("EC ScalarMul " & $bits & "-bit " & $EC.G & " (vartime min Hamming Weight recoding)", EC, iters):
     r = P
-    r.scalarMul_minHammingWeight_vartime(exponent)
+    r.scalarMul_jy00_vartime(exponent)
 
 proc scalarMulVartimeWNAFBench*(EC: typedesc, bits, window: static int, iters: int) =
   var r {.noInit.}: EC
@@ -221,7 +221,7 @@ proc scalarMulVartimeWNAFBench*(EC: typedesc, bits, window: static int, iters: i
 
   bench("EC ScalarMul " & $bits & "-bit " & $EC.G & " (vartime wNAF-" & $window & ")", EC, iters):
     r = P
-    r.scalarMul_minHammingWeight_windowed_vartime(exponent, window)
+    r.scalarMul_wNAF_vartime(exponent, window)
 
 proc scalarMulVartimeEndoWNAFBench*(EC: typedesc, bits, window: static int, iters: int) =
   var r {.noInit.}: EC
@@ -232,7 +232,7 @@ proc scalarMulVartimeEndoWNAFBench*(EC: typedesc, bits, window: static int, iter
 
   bench("EC ScalarMul " & $bits & "-bit " & $EC.G & " (vartime endomorphism + wNAF-" & $window & ")", EC, iters):
     r = P
-    r.scalarMulEndo_minHammingWeight_windowed_vartime(exponent, window)
+    r.scalarMulEndo_wNAF_vartime(exponent, window)
 
 proc subgroupCheckBench*(EC: typedesc, iters: int) =
   var P = rng.random_unsafe(EC)
@@ -251,7 +251,7 @@ proc subgroupCheckScalarMulVartimeEndoWNAFBench*(EC: typedesc, bits, window: sta
   bench("EC subgroup check + ScalarMul " & $bits & "-bit " & $EC.G & " (vartime endo + wNAF-" & $window & ")", EC, iters):
     r = P
     discard r.isInSubgroup()
-    r.scalarMulEndo_minHammingWeight_windowed_vartime(exponent, window)
+    r.scalarMulEndo_wNAF_vartime(exponent, window)
 
 proc multiAddBench*(EC: typedesc, numPoints: int, useBatching: bool, iters: int) =
   var points = newSeq[EC_ShortW_Aff[EC.F, EC.G]](numPoints)

benchmarks/bench_eth_eip2537_subgroup_checks_impact.nim

@@ -11,7 +11,7 @@ import
   constantine/named/algebras,
   constantine/math/arithmetic,
   constantine/math/extension_fields,
-  constantine/math/elliptic/ec_shortweierstrass_jacobian,
+  constantine/math/ec_shortweierstrass,
   # Helpers
   ./bench_elliptic_template
 

benchmarks/bench_gt.nim

@@ -49,7 +49,7 @@ proc main() =
     powVartimeBench(Fp12[curve], window = 4, ExpIters)
     separator()
     gtExp_sqrmul_vartimeBench(Fp12[curve], ExpIters)
-    gtExp_minHammingWeight_vartimeBench(Fp12[curve], ExpIters)
+    gtExp_jy00_vartimeBench(Fp12[curve], ExpIters)
     separator()
     gtExp_wNAF_vartimeBench(Fp12[curve], window = 2, ExpIters)
     gtExp_wNAF_vartimeBench(Fp12[curve], window = 3, ExpIters)
@@ -59,6 +59,9 @@ proc main() =
     gtExp_endo_wNAF_vartimeBench(Fp12[curve], window = 3, ExpIters)
     gtExp_endo_wNAF_vartimeBench(Fp12[curve], window = 4, ExpIters)
     separator()
+    gtExpEndo_constanttimeBench(Fp12[curve], ExpIters)
+    separator()
+
 
 main()
 notes()

benchmarks/bench_gt_template.nim

@@ -20,6 +20,7 @@ import
   constantine/math/pairings/[
     pairings_generic,
     cyclotomic_subgroups,
+    gt_exponentiations,
     gt_exponentiations_vartime
   ],
   # Helpers
@@ -145,23 +146,30 @@ proc gtExp_sqrmul_vartimeBench*(T: typedesc, iters: int) =
   bench("𝔾ₜ Exponentiation " & $exponent.bits & "-bit (cyclotomic square-multiply, vartime)", T, iters):
     r.gtExp_sqrmul_vartime(x, exponent)
 
-proc gtExp_minHammingWeight_vartimeBench*(T: typedesc, iters: int) =
+proc gtExp_jy00_vartimeBench*(T: typedesc, iters: int) =
   let x = rng.random_gt(T)
   let exponent = rng.random_unsafe(BigInt[Fr[T.Name].bits()])
   var r {.noInit.}: T
   bench("𝔾ₜ Exponentiation " & $exponent.bits & "-bit (signed recoding, vartime)", T, iters):
-    r.gtExp_minHammingWeight_vartime(x, exponent)
+    r.gtExp_jy00_vartime(x, exponent)
 
 proc gtExp_wNAF_vartimeBench*(T: typedesc, window: static int, iters: int) =
   let x = rng.random_gt(T)
   let exponent = rng.random_unsafe(BigInt[Fr[T.Name].bits()])
   var r {.noInit.}: T
   bench("𝔾ₜ Exponentiation " & $exponent.bits & "-bit (wNAF-" & $window & ", vartime)", T, iters):
-    r.gtExp_minHammingWeight_windowed_vartime(x, exponent, window)
+    r.gtExp_wNAF_vartime(x, exponent, window)
 
 proc gtExp_endo_wNAF_vartimeBench*(T: typedesc, window: static int, iters: int) =
   let x = rng.random_gt(T)
   let exponent = rng.random_unsafe(BigInt[Fr[T.Name].bits()])
   var r {.noInit.}: T
   bench("𝔾ₜ Exponentiation " & $exponent.bits & "-bit (endomorphism, wNAF-" & $window & ", vartime)", T, iters):
-    r.gtExpEndo_minHammingWeight_windowed_vartime(x, exponent, window)
+    r.gtExpEndo_wNAF_vartime(x, exponent, window)
+
+proc gtExpEndo_constanttimeBench*(T: typedesc, iters: int) =
+  let x = rng.random_gt(T)
+  let exponent = rng.random_unsafe(BigInt[Fr[T.Name].bits()])
+  var r {.noInit.}: T
+  bench("𝔾ₜ Exponentiation " & $exponent.bits & "-bit (endomorphism, constant-time)", T, iters):
+    r.gtExpEndo(x, exponent)

benchmarks/bench_summary_bls12_377.nim

@@ -6,13 +6,7 @@
 #   * Apache v2 license (license terms in the root directory or at http://www.apache.org/licenses/LICENSE-2.0).
 # at your option. This file may not be copied, modified, or distributed except according to those terms.
 
-import
-  # Internals
-  constantine/named/algebras,
-  constantine/math/arithmetic,
-  constantine/math/extension_fields,
-  # Helpers
-  ./bench_summary_template
+import ./bench_summary_template
 
 # ############################################################
 #

benchmarks/bench_summary_bls12_381.nim

@@ -6,13 +6,7 @@
 #   * Apache v2 license (license terms in the root directory or at http://www.apache.org/licenses/LICENSE-2.0).
 # at your option. This file may not be copied, modified, or distributed except according to those terms.
 
-import
-  # Internals
-  constantine/named/algebras,
-  constantine/math/arithmetic,
-  constantine/math/extension_fields,
-  # Helpers
-  ./bench_summary_template
+import ./bench_summary_template
 
 # ############################################################
 #

benchmarks/bench_summary_bn254_nogami.nim

@@ -6,13 +6,7 @@
 #   * Apache v2 license (license terms in the root directory or at http://www.apache.org/licenses/LICENSE-2.0).
 # at your option. This file may not be copied, modified, or distributed except according to those terms.
 
-import
-  # Internals
-  constantine/named/algebras,
-  constantine/math/arithmetic,
-  constantine/math/extension_fields,
-  # Helpers
-  ./bench_summary_template
+import ./bench_summary_template
 
 # ############################################################
 #

benchmarks/bench_summary_bn254_snarks.nim

@@ -6,13 +6,7 @@
 #   * Apache v2 license (license terms in the root directory or at http://www.apache.org/licenses/LICENSE-2.0).
 # at your option. This file may not be copied, modified, or distributed except according to those terms.
 
-import
-  # Internals
-  constantine/named/algebras,
-  constantine/math/arithmetic,
-  constantine/math/extension_fields,
-  # Helpers
-  ./bench_summary_template
+import ./bench_summary_template
 
 # ############################################################
 #

benchmarks/bench_summary_pasta.nim

@@ -6,13 +6,7 @@
 #   * Apache v2 license (license terms in the root directory or at http://www.apache.org/licenses/LICENSE-2.0).
 # at your option. This file may not be copied, modified, or distributed except according to those terms.
 
-import
-  # Internals
-  constantine/named/algebras,
-  constantine/math/arithmetic,
-  constantine/math/extension_fields,
-  # Helpers
-  ./bench_summary_template
+import ./bench_summary_template
 
 # ############################################################
 #

benchmarks/bench_summary_template.nim

@@ -17,11 +17,7 @@ import
   constantine/platforms/abstractions,
   constantine/named/algebras,
   constantine/math/[arithmetic, extension_fields],
-  constantine/math/elliptic/[
-    ec_shortweierstrass_affine,
-    ec_shortweierstrass_projective,
-    ec_shortweierstrass_jacobian,
-    ec_scalar_mul, ec_scalar_mul_vartime, ec_endomorphism_accel],
+  constantine/math/ec_shortweierstrass,
   constantine/named/zoo_subgroups,
   constantine/math/pairings/[
     cyclotomic_subgroups,
@@ -36,8 +32,9 @@ import
   ./bench_blueprint
 
 export
-  ec_shortweierstrass_projective,
-  ec_shortweierstrass_jacobian
+  algebras,
+  arithmetic, extension_fields,
+  ec_shortweierstrass
 
 export abstractions # generic sandwich on SecretBool and SecretBool in Jacobian sum
 export zoo_pairings # generic sandwich https://github.com/nim-lang/Nim/issues/11225