You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Add benchmarks analogous to bench/x25519.rs for P-256 and P-384 ECDH compute_public_key (covers base point multiplication), ECDH agree_ephemeral, (covers variable point multiplication), and ECDSA verification (covers twin point multiplication). We will use these benchmarks to verify that expanding the size of Point, Elem, and Scalar in src/ec/suite_b/ops does not negatively affect non-P-521 performance.
Extend the code generator mk/generate_curves.py to also generate the boilerplate code in gfp_p384.c, in particular the definitions of the curve-specific constants.
Extend the code generator mk/generate_curves.py to also generate the test input files p{256,384}elem{div_by_2,mul,neg,sum}_tests.txt. (Not strictly needed if we end up modifying and using generate_tests.cc to (re)generate test data files.)
Stop using Montgomery encoding in test data files, because P-521 is the first curve we support that has different Montgomery encoding depending on the target word size (32-bit vs 64-bit):
Change the test input files p{256,384}_point_mul_base_tests.txt so that the points are NOT Montgomery-encoded. I started this in PR EC: Avoid Montgomery encoding in point arithmetic test data files. #1770 by creating a new test data file generator that generates non-Montgomery-encoded test data. Once the rest of the changes are made, this code generator can be run to generate the correct data files.
Change the test scaffolding functions consume_elem, consume_point, etc. in src/ec/suite_b/ops.rs so that when we read a not-Montgomery-encoded field element or point from a data file, the test scaffolding does the Montgomery-encoding itself before returning it.
Somehow replace the tests p{256,384}_point_{double,sum}_tests.txt with tests that aren't sensitive to the Montgomery encoding. Whoever picks this up, let's make a plan for doing this beforehand.
Vlad's PR Implement NIST P521 signature verification #1631 that actually adds the P-521 signature support, extended to add P-521 benchmarks. The generators for the test data files should be supported to allow the addition of p521_elem_{div_by_2,mul,neg,sum}_test, p521_elem_{div_by_2,mul,neg,sum}_test, and p521_point_mul_test.
Work plan:
compute_public_key(covers base point multiplication), ECDHagree_ephemeral, (covers variable point multiplication), and ECDSA verification (covers twin point multiplication). We will use these benchmarks to verify that expanding the size ofPoint,Elem, andScalarinsrc/ec/suite_b/opsdoes not negatively affect non-P-521 performance.mk/generate_curves.pyto also generate the boilerplate code in gfp_p384.c, in particular the definitions of the curve-specific constants.mk/generate_curves.pyto also generate the test input files p{256,384}elem{div_by_2,mul,neg,sum}_tests.txt. (Not strictly needed if we end up modifying and usinggenerate_tests.ccto (re)generate test data files.)p{256,384}_point_mul_base_tests.txtso that the points are NOT Montgomery-encoded. I started this in PR EC: Avoid Montgomery encoding in point arithmetic test data files. #1770 by creating a new test data file generator that generates non-Montgomery-encoded test data. Once the rest of the changes are made, this code generator can be run to generate the correct data files.consume_elem,consume_point, etc. insrc/ec/suite_b/ops.rsso that when we read a not-Montgomery-encoded field element or point from a data file, the test scaffolding does the Montgomery-encoding itself before returning it.p{256,384}_point_{double,sum}_tests.txtwith tests that aren't sensitive to the Montgomery encoding. Whoever picks this up, let's make a plan for doing this beforehand.p521_elem_{div_by_2,mul,neg,sum}_test,p521_elem_{div_by_2,mul,neg,sum}_test, andp521_point_mul_test.Work that was already done to support this:
PRIVATE_SCALAR_OPS.oneRR_mod_n.limbs#1755, PR EC: Use only array types when crossing Rust<->C boundary #1758, and PR Replace limbs initializer with const from_hex #1702 improved the existing code to serve as a better model for the P-521 code.