OpenSSL BN_mod_inverse performance is bad

This commit is contained in:
Pieter Wuille 2013-03-08 00:23:52 +01:00
parent 2b5d0102fa
commit e3cd7e021a

View file

@ -1,5 +1,6 @@
#include <stdint.h> #include <stdint.h>
#include <string> #include <string>
#include <string.h>
#include <stdio.h> #include <stdio.h>
#include <openssl/bn.h> #include <openssl/bn.h>
#include <assert.h> #include <assert.h>
@ -8,6 +9,97 @@
namespace secp256k1 { namespace secp256k1 {
class Context {
private:
BN_CTX *bn_ctx;
bool root;
bool offspring;
public:
operator BN_CTX*() {
return bn_ctx;
}
Context() {
bn_ctx = BN_CTX_new();
BN_CTX_start(bn_ctx);
root = true;
offspring = false;
}
Context(Context &par) {
bn_ctx = par.bn_ctx;
root = false;
offspring = false;
par.offspring = true;
BN_CTX_start(bn_ctx);
}
~Context() {
BN_CTX_end(bn_ctx);
if (root)
BN_CTX_free(bn_ctx);
}
BIGNUM *Get() {
assert(offspring == false);
return BN_CTX_get(bn_ctx);
}
};
class Number {
private:
BIGNUM *bn;
public:
Number(Context &ctx) : bn(ctx.Get()) {}
Number(Context &ctx, const unsigned char *bin, int len) : bn(ctx.Get()) {
SetBytes(bin,len);
}
void SetBytes(const unsigned char *bin, int len) {
BN_bin2bn(bin, len, bn);
}
void GetBytes(unsigned char *bin, int len) {
int size = BN_num_bytes(bn);
assert(size <= len);
::memset(bin,0,len);
BN_bn2bin(bn, bin + size - len);
}
void SetModInverse(Context &ctx, const Number &x, const Number &m) {
BN_mod_inverse(bn, x.bn, m.bn, ctx);
}
};
static const unsigned char order_[] = {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFE,
0xBA,0xAE,0xDC,0xE6,0xAF,0x48,0xA0,0x3B,
0xBF,0xD2,0x5E,0x8C,0xD0,0x36,0x41,0x41};
static const unsigned char field_[] = {0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
0xFF,0xFF,0xFF,0xFE,0xFF,0xFF,0xFC,0x2F};
class Constants {
private:
Context ctx;
public:
const Number order;
const Number field;
Constants() : order(ctx, order_, sizeof(order_)),
field(ctx, field_, sizeof(field_)) {}
};
const Constants consts;
/** Implements arithmetic modulo FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFE BAAEDCE6 AF48A03B BFD25E8C D0364141,
* using OpenSSL's BIGNUM
*/
class Scalar : private Number {
public:
};
/** Implements arithmetic modulo FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFE FFFFFC2F, /** Implements arithmetic modulo FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFF FFFFFFFE FFFFFC2F,
* represented as 5 uint64_t's in base 2^52. The values are allowed to contain >52 each. In particular, * represented as 5 uint64_t's in base 2^52. The values are allowed to contain >52 each. In particular,
@ -88,20 +180,30 @@ public:
return a.n[0] == b.n[0] && a.n[1] == b.n[1] && a.n[2] == b.n[2] && a.n[3] == b.n[3] && a.n[4] == b.n[4]; return a.n[0] == b.n[0] && a.n[1] == b.n[1] && a.n[2] == b.n[2] && a.n[3] == b.n[3] && a.n[4] == b.n[4];
} }
void Get(uint64_t *out) { /** extract as 32-byte big endian array */
void GetBytes(unsigned char *o) {
Normalize(); Normalize();
out[0] = n[0] | (n[1] << 52); for (int i=0; i<32; i++) {
out[1] = (n[1] >> 12) | (n[2] << 40); int c = 0;
out[2] = (n[2] >> 24) | (n[3] << 28); for (int j=0; j<2; j++) {
out[3] = (n[3] >> 36) | (n[4] << 16); int limb = (8*i+4*j)/52;
int shift = (8*i+4*j)%52;
c |= ((n[limb] >> shift) & 0xF) << (4 * j);
}
o[31-i] = c;
}
} }
void Set(const uint64_t *in) { /** set value of 32-byte big endian array */
n[0] = in[0] & 0xFFFFFFFFFFFFFULL; void SetBytes(const unsigned char *in) {
n[1] = ((in[0] >> 52) | (in[1] << 12)) & 0xFFFFFFFFFFFFFULL; n[0] = n[1] = n[2] = n[3] = n[4] = 0;
n[2] = ((in[1] >> 40) | (in[2] << 24)) & 0xFFFFFFFFFFFFFULL; for (int i=0; i<32; i++) {
n[3] = ((in[2] >> 28) | (in[3] << 36)) & 0xFFFFFFFFFFFFFULL; for (int j=0; j<2; j++) {
n[4] = (in[3] >> 16); int limb = (8*i+4*j)/52;
int shift = (8*i+4*j)%52;
n[limb] |= (uint64_t)((in[31-i] >> (4*j)) & 0xF) << shift;
}
}
#ifdef VERIFY_MAGNITUDE #ifdef VERIFY_MAGNITUDE
magnitude = 1; magnitude = 1;
#endif #endif
@ -289,8 +391,20 @@ public:
return n[0] & 1; return n[0] & 1;
} }
void SetInverse(Context &ctx, FieldElem &a) {
unsigned char tmp[32];
a.GetBytes(tmp);
{
Context cctx(ctx);
Number n(cctx, tmp, 32);
n.SetModInverse(cctx, n, consts.field);
n.GetBytes(tmp, 32);
}
SetBytes(tmp);
}
/** Set this to be the (modular) inverse of another FieldElem. Magnitude=1 */ /** Set this to be the (modular) inverse of another FieldElem. Magnitude=1 */
void SetInverse(const FieldElem &a) { void SetInverse_(const FieldElem &a) {
// calculate a^p, with p={45,63,1019,1023} // calculate a^p, with p={45,63,1019,1023}
FieldElem a2; a2.SetSquare(a); FieldElem a2; a2.SetSquare(a);
FieldElem a3; a3.SetMult(a2,a); FieldElem a3; a3.SetMult(a2,a);
@ -324,19 +438,19 @@ public:
} }
std::string ToString() { std::string ToString() {
uint64_t tmp[4]; unsigned char tmp[32];
Get(tmp); GetBytes(tmp);
std::string ret; std::string ret;
for (int i=63; i>=0; i--) { for (int i=0; i<32; i++) {
int val = (tmp[i/16] >> ((i%16)*4)) & 0xF;
static const char *c = "0123456789ABCDEF"; static const char *c = "0123456789ABCDEF";
ret += c[val]; ret += c[(tmp[i] >> 4) & 0xF];
ret += c[(tmp[i]) & 0xF];
} }
return ret; return ret;
} }
void SetHex(const std::string &str) { void SetHex(const std::string &str) {
uint64_t tmp[4] = {0,0,0,0}; unsigned char tmp[32] = {};
static const int cvt[256] = {0, 0, 0, 0, 0, 0, 0,0,0,0,0,0,0,0,0,0, static const int cvt[256] = {0, 0, 0, 0, 0, 0, 0,0,0,0,0,0,0,0,0,0,
0, 0, 0, 0, 0, 0, 0,0,0,0,0,0,0,0,0,0, 0, 0, 0, 0, 0, 0, 0,0,0,0,0,0,0,0,0,0,
0, 0, 0, 0, 0, 0, 0,0,0,0,0,0,0,0,0,0, 0, 0, 0, 0, 0, 0, 0,0,0,0,0,0,0,0,0,0,
@ -353,11 +467,11 @@ public:
0, 0, 0, 0, 0, 0, 0,0,0,0,0,0,0,0,0,0, 0, 0, 0, 0, 0, 0, 0,0,0,0,0,0,0,0,0,0,
0, 0, 0, 0, 0, 0, 0,0,0,0,0,0,0,0,0,0, 0, 0, 0, 0, 0, 0, 0,0,0,0,0,0,0,0,0,0,
0, 0, 0, 0, 0, 0, 0,0,0,0,0,0,0,0,0,0}; 0, 0, 0, 0, 0, 0, 0,0,0,0,0,0,0,0,0,0};
for (int i=0; i<64; i++) { for (int i=0; i<32; i++) {
if (str.length() > (63-i)) if (str.length() > i*2)
tmp[i/16] |= (uint64_t)cvt[(unsigned char)str[63-i]] << ((i%16)*4); tmp[i] = (cvt[(unsigned char)str[2*i]] << 4) + cvt[(unsigned char)str[2*i+1]];
} }
Set(tmp); SetBytes(tmp);
} }
}; };
@ -431,8 +545,8 @@ public:
} }
/** Returns the affine coordinates of this point */ /** Returns the affine coordinates of this point */
void GetAffine(GroupElem &aff) { void GetAffine(Context &ctx, GroupElem &aff) {
z.SetInverse(z); z.SetInverse(ctx, z);
FieldElem z2; FieldElem z2;
z2.SetSquare(z); z2.SetSquare(z);
FieldElem z3; FieldElem z3;
@ -570,8 +684,9 @@ public:
} }
std::string ToString() { std::string ToString() {
Context ctx;
GroupElem aff; GroupElem aff;
GetAffine(aff); GetAffine(ctx,aff);
return aff.ToString(); return aff.ToString();
} }
}; };
@ -581,11 +696,23 @@ public:
using namespace secp256k1; using namespace secp256k1;
int main() { int main() {
Context ctx;
FieldElem f1,f2; FieldElem f1,f2;
f1.SetHex("8b30bbe9ae2a990696b22f670709dff3727fd8bc04d3362c6c7bf458e2846004"); f1.SetHex("8b30bbe9ae2a990696b22f670709dff3727fd8bc04d3362c6c7bf458e2846115");
// f2.SetHex("8b30bbe9ae2a990696b22f670709dff3727fd8bc04d3362c6c7bf458e2846115");
printf("%s\n",f1.ToString().c_str());
// printf("%s\n",f2.ToString().c_str());
for (int i=0; i<1000000; i++) { for (int i=0; i<1000000; i++) {
f1.SetInverse(f1); f1.SetInverse(ctx,f1);
// f2.SetInverse_(f2);
// if (!(f1 == f2)) {
// printf("f1 %i: %s\n",i,f1.ToString().c_str());
// printf("f2 %i: %s\n",i,f2.ToString().c_str());
// }
f1 *= 2; f1 *= 2;
// f2 *= 2;
} }
printf("%s\n",f1.ToString().c_str());
// printf("%s\n",f2.ToString().c_str());
return 0; return 0;
} }