Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Aws lc s2n bignum update 2024 03 04 #1469

Closed
wants to merge 16 commits into from
Closed

Aws lc s2n bignum update 2024 03 04 #1469

wants to merge 16 commits into from

Conversation

aqjune-aws
Copy link
Contributor

Description of changes:

This pulls the latest changes in s2n-bignum which are:

  • Performance improvement in curve25519_x25519{_bytes}.s
  • Copyright updates (adds MIT-0)

Details of the performance improvement in x25519 is as follows, which is also described in the message of corresponding commit:

This completely changes the implementation of ARM curve25519_x25519
and curve25519_x25519_byte (not the _alt forms, which remain faster
on their target microarchitectures) to a base-25.5 unsaturated version
with interleaved integer and SIMD operations, the inner loop closely
following Emil Lenngren's implementation described in the paper

  https://github.com/Emill/X25519-AArch64/blob/master/X25519_AArch64.pdf

and available here:

  https://github.com/Emill/X25519-AArch64

A version of this code was generated by SLOTHY from the reorganized
implementation by Abdulrahman, Becker, Kannwischer and Klein here:

 https://github.com/slothy-optimizer/slothy/blob/main/paper/clean/neon/X25519-AArch64-simple.s

as described in the associated paper

  https://eprint.iacr.org/2022/1303.pdf

with some additional annotations for use in the formal proof. The
final modular inverse computation reverts to the usual saturated
representation and s2n-bignum's divstep-based inverse function.

./tool/bssl speed -filter 25519 shows 74% speedup on Graviton 2 (c6g.16xlarge):

Did 13000 Curve25519 arbitrary point multiplication operations in 1010330us (12867.1 ops/sec)
->
Did 23000 Curve25519 arbitrary point multiplication operations in 1028533us (22361.9 ops/sec)

Testing:

./tool/bssl speed -filter 25519

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.

jargh and others added 13 commits November 14, 2023 13:47
@jargh
Improve integer operation support in BOUNDER_RULE and BOUNDER_TAC
25ebaa9 
In general, BOUNDER_RULE now directly handles operations over Z and N,
assuming an outer real_of_int / real_of_num cast into R (this is also
automated in the tactic form BOUNDER_TAC). In particular, this change
can greatly improve bounds for terms involving integer or natural
number division and remainder (DIV, div, MOD and rem) as well as
cutoff subtraction over N. There is also now support for conditionals,
though the condition is not used as extra context, simply being the
basis for a case split.

This update rolls in various trivial typographic fixes in comments.

s2n-bignum original commit: awslabs/s2n-bignum@ccefa2a
@torben-hansen
Avoid duplicate labels in ed25519 x86 implementation
34438c9 
s2n-bignum original commit: awslabs/s2n-bignum@e6ef86f
@jargh
Merge pull request aws#92 from torben-hansen/fix_duplicate_labels_ed2…
235b577 
…5519

Avoid duplicate labels in ed25519 x86 implementation
s2n-bignum original commit: awslabs/s2n-bignum@f629458
@jargh
Merge branch 'awslabs:main' into main
edbe466 
s2n-bignum original commit: awslabs/s2n-bignum@c1fbdb5
@aqjune-aws
Merge pull request aws#94 from jargh/main
2df1938 
64-bit SIMD regs in ARM model, better BOUNDER_RULE, slow-ARM field optimizations
s2n-bignum original commit: awslabs/s2n-bignum@06781d2
@torben-hansen
Make parameter to ed25519 decode function const
9405fc5 
s2n-bignum original commit: awslabs/s2n-bignum@d93670d
@aqjune-aws
Merge pull request aws#99 from torben-hansen/ed25519_decode_signature…
04143ee 
…_input_const

Make _input_ parameter to ed25519 decode function const
s2n-bignum original commit: awslabs/s2n-bignum@4097178
@jargh
Allow MIT-0 license as well as Apache-2.0 and ISC (aws#104)
580c317 
* Allow MIT-0 license as well as Apache-2.0 and ISC

* Add appropriate year range to MIT-0 license
s2n-bignum original commit: awslabs/s2n-bignum@48fb153
@jargh
Switch non-alt ARM X25519 to unsaturated code following Lenngren
4cd44bc 
This completely changes the implementation of ARM curve25519_x25519
and curve25519_x25519_byte (not the _alt forms, which remain faster
on their target microarchitectures) to a base-25.5 unsaturated version
with interleaved integer and SIMD operations, the inner loop closely
following Emil Lenngren's implementation described in the paper

  https://github.com/Emill/X25519-AArch64/blob/master/X25519_AArch64.pdf

and available here:

  https://github.com/Emill/X25519-AArch64

A version of this code was generated by SLOTHY from the reorganized
implementation by Abdulrahman, Becker, Kannwischer and Klein here:

 https://github.com/slothy-optimizer/slothy/blob/main/paper/clean/neon/X25519-AArch64-simple.s

as described in the associated paper

  https://eprint.iacr.org/2022/1303.pdf

with some additional annotations for use in the formal proof. The
final modular inverse computation reverts to the usual saturated
representation and s2n-bignum's divstep-based inverse function.

s2n-bignum original commit: awslabs/s2n-bignum@fc0b9bf
@jargh
Tweak attribution of SLOTHY work
28a5cf4 
s2n-bignum original commit: awslabs/s2n-bignum@f82da8f
@jargh
Merge pull request aws#108 from jargh/main
79009c4 
Lenngren-based X25519 for non-alt ARM code
s2n-bignum original commit: awslabs/s2n-bignum@57eb68a
@aqjune-aws
Merge pull request aws#109 from aqjune-aws/table-benchmark
7a374fb 
Enable testing bignum_copy_row_from_table on x86
s2n-bignum original commit: awslabs/s2n-bignum@26bfe44
@aqjune-aws
Merge branch 's2n-bignum-2024-03-04' into aws-lc-s2n-bignum-update-20…
4035dc6 
…24-03-04
@aqjune-aws aqjune-aws requested a review from a team as a code owner March 4, 2024 15:54
@aqjune-aws aqjune-aws marked this pull request as draft March 5, 2024 08:00
@aqjune-aws aqjune-aws marked this pull request as ready for review March 5, 2024 08:33
@aqjune-aws aqjune-aws marked this pull request as draft March 5, 2024 14:32
@codecov-commenter
Copy link

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 76.98%. Comparing base (6bc2e52) to head (af960be).
Report is 7 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #1469      +/-   ##
==========================================
- Coverage   77.01%   76.98%   -0.03%     
==========================================
  Files         425      425              
  Lines       71616    71627      +11     
==========================================
- Hits        55152    55141      -11     
- Misses      16464    16486      +22

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@aqjune-aws aqjune-aws closed this Mar 6, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@aqjune-aws @codecov-commenter @jargh @torben-hansen