Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use WNAF-based multiplication for ECDSA verification #1764

Closed
wants to merge 9 commits into from

Conversation

briansmith
Copy link
Owner

Implement a generic ECDSA WNAF-based twin-multiplication function.

@codecov
Copy link

codecov bot commented Oct 19, 2023

Codecov Report

Merging #1764 (b901286) into main (27aa538) will increase coverage by 0.03%.
Report is 2 commits behind head on main.
The diff coverage is 98.68%.

@@            Coverage Diff             @@
##             main    #1764      +/-   ##
==========================================
+ Coverage   96.00%   96.04%   +0.03%     
==========================================
  Files         138      141       +3     
  Lines       20746    21154     +408     
  Branches      226      231       +5     
==========================================
+ Hits        19918    20318     +400     
- Misses        790      798       +8     
  Partials       38       38              
Files Coverage Δ
crypto/limbs/limbs.c 95.48% <100.00%> (+0.10%) ⬆️
src/arithmetic/bigint.rs 99.29% <100.00%> (-0.02%) ⬇️
src/bits.rs 100.00% <100.00%> (ø)
src/ec/suite_b/ops/elem.rs 88.40% <ø> (ø)
src/ec/suite_b/ops/p256.rs 100.00% <100.00%> (ø)
src/ec/suite_b/ops/p384.rs 100.00% <100.00%> (ø)
src/ec/suite_b/ops/vartime.rs 100.00% <100.00%> (ø)
src/ec/suite_b/ops.rs 98.03% <97.95%> (-0.06%) ⬇️
src/ec/suite_b/ops/fallback.rs 99.43% <99.43%> (ø)
src/limb.rs 98.70% <94.11%> (-0.27%) ⬇️
... and 1 more

... and 1 file with indirect coverage changes

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

@briansmith
Copy link
Owner Author

@vkrasnov I think this might become a better basis for the P-521 ECDSA verification. My plan is to replace all the "nistz" C code for P-384 (and P-521) with this generalized Rust code.

  • This uses simpler addition formulas (the same as BoringSSL non-nistz256 code) that don't require so many specialized arithmetic routines. This should make it very easy to adapt to P-521.
  • This doesn't implement templates or #include-based templating. The same object code is used for all curves (except P-256 when using nistz).
  • I am hoping this might already be faster for P-384 than what we've been doing. We need to make benchmarks to see.

WDYT?

@vkrasnov
Copy link
Contributor

Yeah I wanted to do something like this myself, but wanted to avoid a big change. I am on vacation but will take a look next week.

@briansmith
Copy link
Owner Author

Closing this in favor of #1768, which strips out the fallback point addition and doubling functions.

@briansmith briansmith closed this Oct 24, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants