Merge pull request ziglang#1 from jedisct1/kyber-j

Some changes to make the Kyber impl more consistent with the stdlib
jedisct1 · Mar 13, 2023 · 268ac9f · 268ac9f
2 parents 6c36a10 + 75602db
commit 268ac9f
Showing 3 changed files with 289 additions and 210 deletions.
diff --git a/lib/std/crypto.zig b/lib/std/crypto.zig
@@ -66,13 +66,9 @@ pub const dh = struct {
     pub const X25519 = @import("crypto/25519/x25519.zig").X25519;
 };
 
-const kyber = @import("crypto/kyber.zig");
-
 /// Key Encapsulation Mechanisms.
 pub const kem = struct {
-    pub const Kyber512 = kyber.Kyber512;
-    pub const Kyber768 = kyber.Kyber768;
-    pub const Kyber1024 = kyber.Kyber1024;
+    pub const kyber = @import("crypto/kyber.zig");
 };
 
 /// Elliptic-curve arithmetic.
@@ -226,7 +222,7 @@ test {
 
     _ = dh.X25519;
 
-    _ = kyber;
+    _ = kem.kyber;
 
     _ = ecc.Curve25519;
     _ = ecc.Edwards25519;

diff --git a/lib/std/crypto/benchmark.zig b/lib/std/crypto/benchmark.zig
@@ -203,6 +203,60 @@ pub fn benchmarkBatchSignatureVerification(comptime Signature: anytype, comptime
     return throughput;
 }
 
+const kems = [_]Crypto{
+    Crypto{ .ty = crypto.kem.kyber.Kyber512, .name = "kyber512" },
+    Crypto{ .ty = crypto.kem.kyber.Kyber768, .name = "kyber768" },
+    Crypto{ .ty = crypto.kem.kyber.Kyber1024, .name = "kyber1024" },
+};
+
+pub fn benchmarkKem(comptime Kem: anytype, comptime kems_count: comptime_int) !u64 {
+    const key_pair = try Kem.KeyPair.create(null);
+
+    var ct: [Kem.ciphertext_length]u8 = undefined;
+    var ss: [Kem.shared_length]u8 = undefined;
+
+    var timer = try Timer.start();
+    const start = timer.lap();
+    {
+        var i: usize = 0;
+        while (i < kems_count) : (i += 1) {
+            _ = key_pair.public_key.encaps(&ct, &ss);
+            mem.doNotOptimizeAway(&ct);
+            mem.doNotOptimizeAway(&ss);
+        }
+    }
+    const end = timer.read();
+
+    const elapsed_s = @intToFloat(f64, end - start) / time.ns_per_s;
+    const throughput = @floatToInt(u64, kems_count / elapsed_s);
+
+    return throughput;
+}
+
+pub fn benchmarkKemDecaps(comptime Kem: anytype, comptime kems_count: comptime_int) !u64 {
+    const key_pair = try Kem.KeyPair.create(null);
+
+    var ct: [Kem.ciphertext_length]u8 = undefined;
+    var ss: [Kem.shared_length]u8 = undefined;
+    _ = key_pair.public_key.encaps(&ct, &ss);
+
+    var timer = try Timer.start();
+    const start = timer.lap();
+    {
+        var i: usize = 0;
+        while (i < kems_count) : (i += 1) {
+            const ss2 = key_pair.secret_key.decaps(&ct);
+            mem.doNotOptimizeAway(&ss2);
+        }
+    }
+    const end = timer.read();
+
+    const elapsed_s = @intToFloat(f64, end - start) / time.ns_per_s;
+    const throughput = @floatToInt(u64, kems_count / elapsed_s);
+
+    return throughput;
+}
+
 const aeads = [_]Crypto{
     Crypto{ .ty = crypto.aead.chacha_poly.ChaCha20Poly1305, .name = "chacha20Poly1305" },
     Crypto{ .ty = crypto.aead.chacha_poly.XChaCha20Poly1305, .name = "xchacha20Poly1305" },
@@ -485,4 +539,18 @@ pub fn main() !void {
             try stdout.print("{s:>17}: {d:10.3} s/ops\n", .{ H.name, throughput });
         }
     }
+
+    inline for (kems) |E| {
+        if (filter == null or std.mem.indexOf(u8, E.name, filter.?) != null) {
+            const throughput = try benchmarkKem(E.ty, mode(1000));
+            try stdout.print("{s:>17}: {:10} encaps/s\n", .{ E.name, throughput });
+        }
+    }
+
+    inline for (kems) |E| {
+        if (filter == null or std.mem.indexOf(u8, E.name, filter.?) != null) {
+            const throughput = try benchmarkKemDecaps(E.ty, mode(1000));
+            try stdout.print("{s:>17}: {:10} decaps/s\n", .{ E.name, throughput });
+        }
+    }
 }