Home Explore Help
Sign In
maker
/
hss
Watch 1
Star 0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Working with 1 prefix.

Michele Orrù 6 years ago
parent
e494ea6d0b
commit
0da2125707
8 changed files with 107 additions and 44 deletions
Split View Show Diff Stats
  1. 1 1
      configure.ac
  2. 4 1
      src/Makefile.am
  3. 32 31
      src/ddlog.c
  4. 4 1
      src/ddlog.h
  5. 1 1
      src/ddlog_bench.c
  6. 40 0
      src/ddlog_test.c
  7. 11 1
      src/group.h
  8. 14 8
      src/sanity_check.c

+ 1 - 1
configure.ac
View File 

@@ -55,7 +55,7 @@ AC_ARG_ENABLE(debug,
 
    CFLAGS+=" -DNDEBUG -O3 -march=native")
 
 
 
-AC_DEFINE([ERROR],  [17], [log inverse of the error probability, default: 17.])
 
+AC_DEFINE([FAILURE],  [9], [log inverse of the failure probability, default: 17.])
 
 AC_DEFINE([FB_BASE], [10], [log of precomputed base for group operation, default: 8.])
 
 AC_DEFINE([SS_BASE], [1], [log of secret shares representation, default: 1.])

+ 4 - 1
src/Makefile.am
View File 

@@ -1,7 +1,7 @@
 
 BENCHMARKS = rms_bench ddlog_bench exp_bench mul_bench
 
 
 bin_PROGRAMS = $(BENCHMARKS) sanity_check
 
-check_PROGRAMS = group_test
 
+check_PROGRAMS = group_test ddlog_test
 
 
 DDLOG = ddlog.c ddlog.h
 
 ELGAMAL = elgamal.c elgamal.h
 
@@ -14,6 +14,9 @@ TESTS = $(check_PROGRAMS)
 
 
 group_test_SOURCES = group_test.c \
 
 	$(GROUP) $(ENTROPY)
 
+ddlog_test_SOURCES = ddlog_test.c \
 
+	$(GROUP) $(ENTROPY) $(DDLOG)
 
+
 
 rms_bench_SOURCES = rms_bench.c \
 
 	$(DDLOG) $(ELGAMAL) $(ENTROPY) $(GROUP) $(FBASE) $(HSS) $(TIMEIT)
 
 ddlog_bench_SOURCES = ddlog_bench.c \

+ 32 - 31
src/ddlog.c
View File 

@@ -1,3 +1,4 @@
 
+#include <stdbool.h>
 
 #include <stdint.h>
 
 #include <limits.h>
 
 #include <strings.h>
 
@@ -12,9 +13,12 @@ uint32_t lookup[256];
 
 uint32_t offset[256];
 
 
 static const uint64_t topmask = ~(ULLONG_MAX >> halfstrip_size);
 
-static const uint64_t topbigmask = ~(ULLONG_MAX >> strip_size);
 
+//static const uint64_t topbigmask = ~(ULLONG_MAX >> strip_size);
 
 static const uint64_t bottommask = (0x01  << halfstrip_size) -1;
 
 
+static const uint64_t failuremask = ~(ULLONG_MAX >> FAILURE);
 
+#define distinguished_limb 0x8000000000000000
 
+#define clz(x) __builtin_clzll(x)
 
 
 static inline
 
 void add_1(uint64_t *b, const size_t start, const size_t len, uint64_t a)
 
@@ -30,6 +34,9 @@ void add_1(uint64_t *b, const size_t start, const size_t len, uint64_t a)
 
    */
 
 }
 
 
+
 
+#define zdistinguished(x) (((x)[head] & topbigmask)) == 0
 
+
 
 uint32_t __attribute__((optimize("unroll-loops"))) convert(uint64_t * nn)
 
 {
 
   uint32_t steps;
 
@@ -37,40 +44,38 @@ uint32_t __attribute__((optimize("unroll-loops"))) convert(uint64_t * nn)
 
 #define next_head  ((head + 23) % 24)
 
 #define tail       ((head + 1)  % 24)
 
 #define next_tail  ((head + 2)  % 24)
 
-
 
-#define distinguished(x) (((x)[head] & topbigmask)) == 0
 
+#define x (nn[head])
 
+#define y (nn[next_head])
 
 
   /** Check the most significant block */
 
-  const uint64_t x = nn[head];
 
-  for (uint32_t w2 = halfstrip_size; w2 < 64-halfstrip_size; w2 += halfstrip_size) {
 
+  for (uint32_t w2 = clz(x) + halfstrip_size - (clz(x) % halfstrip_size);
 
+       w2 < 64 - halfstrip_size;
 
+       w2 += halfstrip_size) {
 
     if (!(x & (topmask >> w2))) {
 
       const size_t previous = (x >> (64 - halfstrip_size - w2 + halfstrip_size)) & bottommask;
 
-      const uint32_t next =   (x >> (64 - halfstrip_size - w2 - halfstrip_size)) & bottommask;
 
-      if (next <= lookup[previous]) return w2 - offset[previous];
 
+      const uint32_t next   = (x >> (64 - halfstrip_size - w2 - halfstrip_size)) & bottommask;
 
+      if (next <= lookup[previous]) return w2 - offset[previous] - 1;
 
     }
 
   }
 
 
-  for (steps = 64; !distinguished(nn); steps += 64) {
 
-    const uint64_t x = nn[head];
 
-    const uint64_t y = nn[next_head];
 
-
 
+  for (steps = 64; true; steps += 64) {
 
     if (!(x & bottommask)) {
 
       const size_t previous = (x >> halfstrip_size) & bottommask;
 
-      const uint32_t next = y >> (64 - halfstrip_size);
 
-      if (next <= lookup[previous]) return steps - halfstrip_size - offset[previous];
 
+      const uint32_t next   =  y >> (64 - halfstrip_size);
 
+      if (next <= lookup[previous]) return steps - halfstrip_size - offset[previous] - 1;
 
     }
 
 
     if (!(y & topmask)) {
 
-      const size_t previous = x & bottommask;
 
-      const uint32_t next = (y >> (64 - 2*halfstrip_size)) & bottommask;
 
-      if (next <= lookup[previous]) return steps - offset[previous];
 
+      const size_t previous =  x & bottommask;
 
+      const uint32_t next   = (y >> (64 - 2*halfstrip_size)) & bottommask;
 
+      if (next <= lookup[previous]) return steps - offset[previous] - 1;
 
     }
 
 
     for (uint32_t w2 = halfstrip_size; w2 < 64-halfstrip_size; w2 += halfstrip_size) {
 
       if (!(y & (topmask >> w2))) {
 
         const size_t previous = (y >> (64 - halfstrip_size - w2 + halfstrip_size)) & bottommask;
 
-        const uint32_t next =   (y >> (64 - halfstrip_size - w2 - halfstrip_size)) & bottommask;
 
-        if (next <= lookup[previous]) return steps + w2 - offset[previous];
 
+        const uint32_t next   = (y >> (64 - halfstrip_size - w2 - halfstrip_size)) & bottommask;
 
+        if (next <= lookup[previous]) return steps + w2 - offset[previous] - 1;
 
       }
 
     }
 
 
@@ -83,27 +88,23 @@ uint32_t __attribute__((optimize("unroll-loops"))) convert(uint64_t * nn)
 
     head = next_head;
 
     nn[tail] = al;
 
     add_1(nn, next_tail, 24, ah);
 
-
 
   }
 
-  return steps;
 
 }
 
 
+bool distinguished(mpz_t n)
 
+{
 
+  return (n->_mp_d[23] & failuremask) == distinguished_limb;
 
+}
 
 
 uint32_t naif_convert(mpz_t n)
 
 {
 
-  uint32_t i;
 
-  mpz_t t;
 
-  mpz_init_set_ui(t, 1);
 
-  mpz_mul_2exp(t, t, 1536-strip_size);
 
-
 
+  uint32_t steps;
 
 
-  for (i = 0; mpz_cmp(n, t) > -1; i++) {
 
-    mpz_mul_ui(n, n, 2);
 
-    mpz_mod(n, n, p);
 
+  for (steps = 0; !distinguished(n); steps++) {
 
+    mpz_mul_ui_modp(n, n, 2);
 
   }
 
 
-  mpz_clear(t);
 
-  return i;
 
+  return steps;
 
 }
 
 
 
@@ -111,7 +112,7 @@ void dlog_precompute()
 
 {
 
   for (size_t i = 0; i <= bottommask; i++) {
 
     uint32_t j = ffs(i) ? ffs(i) - 1 : halfstrip_size;
 
-    lookup[i] = bottommask >> (halfstrip_size-j);
 
+    lookup[i] = bottommask >> (halfstrip_size - j);
 
     offset[i] = j;
 
   }
 
 }

+ 4 - 1
src/ddlog.h
View File 

@@ -1,10 +1,12 @@
 
 #pragma once
 
 
 #include "config.h"
 
+#include <stdbool.h>
 
 #include <stdint.h>
 
+
 
 #include <gmp.h>
 
 
-#define strip_size (ERROR - 1)
 
+#define strip_size (FAILURE - 1)
 
 #define halfstrip_size ((strip_size)/2)
 
 
 extern uint32_t lookup[256];
 
@@ -13,5 +15,6 @@ extern uint32_t offset[256];
 
 
 uint32_t convert(uint64_t *nn);
 
 uint32_t naif_convert(mpz_t n);
 
+bool distinguished(mpz_t n);
 
 
 void dlog_precompute();

+ 1 - 1
src/ddlog_bench.c
View File 

@@ -15,7 +15,7 @@ int main()
 
   mpz_entropy_init();
 
 
   INIT_TIMEIT(CLOCK_PROCESS_CPUTIME_ID);
 
-  for (int i=0; i < (int) (1e9 / (0x01 << strip_size) * 3.5); i++) {
 
+  for (int i=0; i < (int) (1e6); i++) {
 
     mpz_t n, n0;
 
     mpz_inits(n, n0, NULL);

+ 40 - 0
src/ddlog_test.c
View File 

@@ -0,0 +1,40 @@
 
+#include <assert.h>
 
+#include <stdint.h>
 
+#include <stdio.h>
 
+#include <strings.h>
 
+
 
+#include "ddlog.h"
 
+#include "entropy.h"
 
+#include "group.h"
 
+#include "timeit.h"
 
+
 
+#ifdef NDEBUG
 
+#error "running test without debug?"
 
+#endif
 
+
 
+int main()
 
+{
 
+
 
+  group_init();
 
+  dlog_precompute();
 
+  mpz_entropy_init();
 
+
 
+
 
+  for (int i=0; i < (int) (1e3); i++) {
 
+    mpz_t n, n0;
 
+    mpz_inits(n, n0, NULL);
 
+
 
+    mpz_urandomm(n0, _rstate, p);
 
+    mpz_set(n, n0);
 
+    uint32_t expected = naif_convert(n);
 
+    mpz_set(n, n0);
 
+    uint32_t converted = convert(n->_mp_d);
 
+    printf("%d %d\n", converted, expected);
 
+    assert(converted == expected);
 
+    mpz_clears(n, n0, NULL);
 
+  }
 
+
 
+  group_clear();
 
+  return 0;
 
+
 
+}

+ 11 - 1
src/group.h
View File 

@@ -76,4 +76,14 @@ void remp(mpz_t rop)
 
 void powmp_ui(mpz_t rop, const mpz_t base, uint64_t exp);
 
 void mul_modp(mpz_t rop, mpz_t op1, mpz_t op2);
 
 
-#define mpz_mul_modp(rop, op1, op2) mpz_mul(rop, op1, op2); remp(rop);
 
+#define mpz_mul_modp(rop, op1, op2)             \
 
+  do {                                          \
 
+    mpz_mul(rop, op1, op2);                     \
 
+    remp(rop);                                  \
 
+  } while (0)
 
+
 
+#define mpz_mul_ui_modp(rop, op1, op2)          \
 
+  do {                                          \
 
+    mpz_mul_ui(rop, op1, op2);                  \
 
+    remp(rop);                                  \
 
+  } while (0)

+ 14 - 8
src/sanity_check.c
View File 

@@ -13,25 +13,31 @@ int main()
 
   hss_init();
 
 
 
-  mpz_t x, y;
 
+  mpz_t x, y, z;
 
   uint32_t xc, yc;
 
 
-  mpz_inits(x, y, NULL);
 
+  mpz_inits(x, y, z, NULL);
 
 
+  /* z is a uniformly random group element */
 
   mpz_urandomm(x, _rstate, q);
 
-  mpz_set_ui(y, 2);
 
-
 
-  /* y is a uniformly random group element */
 
-  mpz_powm(y, y, x, p);
 
+  mpz_set_ui(z, 2);
 
+  mpz_powm(z, z, x, p);
 
+  /* y = 2z  (mod p) */
 
+  mpz_mul_2exp(y, z, 1);
 
+  mpz_mod(y, y, p);
 
   /* x = 2y  (mod p) */
 
   mpz_mul_2exp(x, y, 1);
 
-  mpz_mod(x, x, p);
 
+  mpz_mod(x, z, p);
 
 
+  printf("%lx %lx\n", x->_mp_d[23], y->_mp_d[23]);
 
   xc = convert(x->_mp_d);
 
   yc = convert(y->_mp_d);
 
-  printf("%d %d\n", xc, yc);
 
+
 
+  printf("%d %d    %d\n", xc, yc, distinguished(z));
 
+
 
 
   hss_clear();
 
+  mpz_clears(x, y, z, NULL);
 
   return 0;
 
 
 }