diff --git a/ed25519/amd64-51-30k/fe25519.h b/ed25519/amd64-51-30k/fe25519.h index dfad55e..8a16cd8 100644 --- a/ed25519/amd64-51-30k/fe25519.h +++ b/ed25519/amd64-51-30k/fe25519.h @@ -1,6 +1,8 @@ #ifndef FE25519_H #define FE25519_H +#include + #define fe25519 crypto_sign_ed25519_amd64_51_30k_batch_fe25519 #define fe25519_freeze crypto_sign_ed25519_amd64_51_30k_batch_fe25519_freeze #define fe25519_unpack crypto_sign_ed25519_amd64_51_30k_batch_fe25519_unpack @@ -60,6 +62,8 @@ void fe25519_nsquare(fe25519 *r, unsigned long long n); void fe25519_invert(fe25519 *r, const fe25519 *x); +void fe25519_batchinvert(fe25519 *out[],fe25519 tmp[],fe25519 * const in[], size_t num); + void fe25519_pow2523(fe25519 *r, const fe25519 *x); #endif diff --git a/ed25519/amd64-51-30k/fe25519_batchinvert.c b/ed25519/amd64-51-30k/fe25519_batchinvert.c new file mode 100644 index 0000000..b29387a --- /dev/null +++ b/ed25519/amd64-51-30k/fe25519_batchinvert.c @@ -0,0 +1,26 @@ +#include "fe25519.h" + +// tmp MUST != out +// in MAY == out +void fe25519_batchinvert(fe25519 *out[],fe25519 tmp[],fe25519 * const in[], size_t num) +{ + fe25519 acc; + fe25519 tmpacc; + size_t i; + + fe25519_setint(&acc,1); + + for (i = 0;i < num;++i) { + tmp[i] = acc; + fe25519_mul(&acc,&acc,in[i]); + } + + fe25519_invert(&acc,&acc); + + i = num; + while (i--) { + fe25519_mul(&tmpacc,&acc,in[i]); + fe25519_mul(out[i],&acc,&tmp[i]); + acc = tmpacc; + } +} diff --git a/ed25519/amd64-51-30k/ge25519.h b/ed25519/amd64-51-30k/ge25519.h index 02fd73a..5628090 100644 --- a/ed25519/amd64-51-30k/ge25519.h +++ b/ed25519/amd64-51-30k/ge25519.h @@ -73,6 +73,8 @@ typedef struct fe25519 t2d; } ge25519_pniels; +typedef unsigned char bytes32[32]; + extern void ge25519_p1p1_to_p2(ge25519_p2 *r, const ge25519_p1p1 *p); extern void ge25519_p1p1_to_p3(ge25519_p3 *r, const ge25519_p1p1 *p); extern void ge25519_p1p1_to_pniels(ge25519_pniels *r, const ge25519_p1p1 *p); @@ -90,6 +92,9 @@ extern int ge25519_unpackneg_vartime(ge25519 *r, const unsigned char p[32]); extern void ge25519_pack(unsigned char r[32], const ge25519 *p); +extern void ge25519_batchpack_destructive_1(bytes32 out[], ge25519_p3 in[], fe25519 *inz[], fe25519 tmp[], size_t num); +extern void ge25519_batchpack_destructive_finish(bytes32 out, ge25519_p3 *unf); + extern int ge25519_isneutral_vartime(const ge25519 *p); extern void ge25519_add(ge25519 *r, const ge25519 *p, const ge25519 *q); diff --git a/ed25519/amd64-51-30k/ge25519_batchpack.c b/ed25519/amd64-51-30k/ge25519_batchpack.c new file mode 100644 index 0000000..d0d8f95 --- /dev/null +++ b/ed25519/amd64-51-30k/ge25519_batchpack.c @@ -0,0 +1,24 @@ +#include "fe25519.h" +#include "ge25519.h" + +// assumes inz[] points to things in in[] +// NOTE: leaves in unfinished state +void ge25519_batchpack_destructive_1(bytes32 out[], ge25519_p3 in[], fe25519 *inz[], fe25519 tmp[], size_t num) +{ + fe25519 ty; + + fe25519_batchinvert(inz, tmp, inz, num); + + for (size_t i = 0; i < num; ++i) { + fe25519_mul(&ty, &in[i].y, &in[i].z); + fe25519_pack(out[i], &ty); + } +} + +void ge25519_batchpack_destructive_finish(bytes32 out, ge25519_p3 *unf) +{ + fe25519 tx; + // z of unfinished is inverted + fe25519_mul(&tx, &unf->x, &unf->z); + out[31] ^= fe25519_getparity(&tx) << 7; +} diff --git a/main.c b/main.c index b374930..cea5839 100644 --- a/main.c +++ b/main.c @@ -520,7 +520,7 @@ end: #ifdef BATCHKEYGEN #ifndef BATCHNUM -#define BATCHNUM 256 +#define BATCHNUM 2048 #endif static void *dobatchwork(void *task) @@ -1045,6 +1045,7 @@ int main(int argc,char **argv) VEC_ZERO(tstats); #endif +#if 0 pthread_attr_t tattr,*tattrp = &tattr; tret = pthread_attr_init(tattrp); if (tret) { @@ -1056,13 +1057,14 @@ int main(int argc,char **argv) if (tret) perror("pthread_attr_setstacksize"); } +#endif for (size_t i = 0;i < VEC_LENGTH(threads);++i) { void *tp = 0; #ifdef STATISTICS tp = &VEC_BUF(stats,i); #endif - tret = pthread_create(&VEC_BUF(threads,i),tattrp, + tret = pthread_create(&VEC_BUF(threads,i),0, #ifdef PASSPHRASE deterministic ? dofastworkdeterministic : #endif @@ -1076,11 +1078,13 @@ int main(int argc,char **argv) } } +#if 0 if (tattrp) { tret = pthread_attr_destroy(tattrp); if (tret) perror("pthread_attr_destroy"); } +#endif #ifdef STATISTICS struct timespec nowtime;