Safegcd inverses, drop Jacobi symbols, remove libgmp #831
Commits on Mar 8, 2021
-
Add secp256k1_ctz{32,64}_var functions
These functions count the number of trailing zeroes in non-zero integers.
-
Add safegcd based modular inverse modules
Refactored by: Pieter Wuille <pieter@wuille.net>
-
Add extensive comments on the safegcd algorithm and implementation
This adds a long comment explaining the algorithm and implementation choices by building it up step by step in Python. Comments in the code are also reworked/added, with references to the long explanation.
-
This adds tests for the modinv{32,64}_impl.h directly (before the functions are used inside the field/scalar code). It uses a naive implementation of modular multiplication and gcds in order to verify the modular inverses themselves.
Commits on Mar 11, 2021
-
Improve bounds checks in modinv modules
This commit adds functions to verify and compare numbers in signed{30,62} notation, and uses that to do more extensive bounds checking on various variables in the modinv code. -
Move secp256k1_scalar_{inverse{_var},is_even} to per-impl files
This temporarily duplicates the inversion code across the 4x64 and 8x32 implementations. Those implementations will be replaced in a later commit.
-
Move secp256k1_fe_inverse{_var} to per-impl files
This temporarily duplicates the inversion code across the 5x52 and 10x26 implementations. Those implementations will be replaced in a next commit.
Commits on Mar 12, 2021
-
Improve field/scalar inverse tests
Add a new run_inverse_tests that replaces all existing field/scalar inverse tests, and tests a few identities for fixed inputs, small numbers (-999...999), random inputs (structured and unstructured), as well as comparing with the output of secp256k1_fe_inv_all_var.
-
-
Remove unused Jacobi symbol support
No exposed functions rely on Jacobi symbol computation anymore. Remove it; it can always be brough back later if needed.
Commits on Mar 15, 2021
-
The whole "num" API and its libgmp-based implementation are now unused. Remove them.
-
Optimization: special-case zero modulus limbs in modinv64
Both the field and scalar modulus can be written in signed{30,62} notation with one or more zero limbs. Make use of this in the update_de function to avoid a few wide multiplications when that is the case. This doesn't appear to be a win in the 32-bit implementation, so only do it for the 64-bit one. -
Optimization: use formulas instead of lookup tables for cancelling g …
…bits This only seems to be a win on 64-bit platforms, so only do it there. Refactored by: Pieter Wuille <pieter@wuille.net>
-
Optimization: track f,g limb count and pass to new variable-time upda…
…te_fg_var The magnitude of the f and g variables generally goes down as the algorithm progresses. Make use of this by keeping tracking how many limbs are used, and when the number becomes small enough, make use of this to reduce the complexity of arithmetic on them. Refactored by: Pieter Wuille <pieter@wuille.net>
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.