Optimised modular arithmetic targeting elliptic curve operations (#86)

* Adds faster 256-bit modular addition and multiplication

* Fix problems identified by CI

* Use AddOverflow and SubOverflow instead of add256 and sub256

* Remove unnecessary assignment and replace use of SubOverflow with Sub

* Use explicit returns

* Add comment about iteration count in AddMod

* Fix mistake in calculation of reciprocal for (64n+1)-bit moduli

* Change expression according to readability preference

Co-authored-by: Paweł Bylica <chfast@gmail.com>

* Remove unnecessary case safeguards (CI: SCC-S1023, RVV-A0010)

* Omit unnecessary break at end of case clause (CI: RVV-A0010)

* Remove new shift function, use Lsh instead

* Use unsigned shift count

* Fix AddMod

* Replace unnecessary use of SubOverflow with Sub

Co-authored-by: Paweł Bylica <chfast@gmail.com>

* create reciprocalCache type

* mod: modularize cache

* Pass cache by reference

* Reduce overhead to a single pair of hit/miss counters for the reciprocalCache

* Add some more explicit returns

* Improve explanation of cache size parameters

* gofmt benchmarks_test.go
Includes reordering of some tests to preserve readability

* Add MulMod tests with one operand a power of 2

* Add MulMod tests with one operand a power of 2 plus/minus 1

* test: Add AddMod test cases for unoptimized case with overflow

* test: Add tests for leadingZeros()

* Add tests with one operand being 2^256 minus a power of 2 (only one 0-bit)

* Disable the cache if configured to 0-way cache sets

* Add fixed modulus and precalculation of its reciprocal

* tests: more ternary ops cases, more coverage

* squashmelater: commit to trigger codecov

* mod: remove global cache

* move reciprocal cache to separate file, un-export

* make fixed modulus non-global

* lint fix

* Remove automatic cache

* Pass modulus and reciprocal by reference instead of value

* Make reciprocal() specialized for m[3] != 0 (modulus >= 2^193)

* Add two corner case tests for reciprocal

* Remove unreachable safeguard code in reciprocal

* Comment out unused onesCount

* Make leadingZeros faster

* Simplify detection of whether a modulus is a power of 2

* Speed up the end of reciprocal

* Add MulModWithReciprocal, export Reciprocal

* Pass reciprocal as pointer parameter to MulModWithReciprocal

* Remove unused func onesCount

* Add testing of MulModWithReciprocal

* Adjust comments and tests to reflect that Reciprocal now only supports m[3] != 0

* Also test MulModWithReciprocal on regular test cases

Co-authored-by: Paweł Bylica <chfast@gmail.com>
Co-authored-by: Martin Holst Swende <martin@swende.se>

Author: 3 people

benchmarks_test.go

@@ -64,7 +64,7 @@ func initSamples() bool {
 		l := newRandInt(1)
 		g := newRandInt(1)
 		if g.Lt(&l) {
-			g,l = l,g
+			g, l = l, g
 		}
 		if g[0] == 0 {
 			g[0]++
@@ -77,7 +77,7 @@ func initSamples() bool {
 		l = newRandInt(2)
 		g = newRandInt(2)
 		if g.Lt(&l) {
-			g,l = l,g
+			g, l = l, g
 		}
 		if g[1] == 0 {
 			g[1]++
@@ -90,7 +90,7 @@ func initSamples() bool {
 		l = newRandInt(3)
 		g = newRandInt(3)
 		if g.Lt(&l) {
-			g,l = l,g
+			g, l = l, g
 		}
 		if g[2] == 0 {
 			g[2]++
@@ -103,7 +103,7 @@ func initSamples() bool {
 		l = newRandInt(4)
 		g = newRandInt(4)
 		if g.Lt(&l) {
-			g,l = l,g
+			g, l = l, g
 		}
 		if g[3] == 0 {
 			g[3]++
@@ -599,14 +599,14 @@ func BenchmarkDiv(b *testing.B) {
 	}
 
 	b.Run("small/uint256", func(b *testing.B) { benchmarkDivUint256(b, &int32Samples, &int32SamplesLt) })
-	b.Run("small/big", func(b *testing.B) { benchmarkDivBig(b, &big32Samples, &big32SamplesLt) })
 	b.Run("mod64/uint256", func(b *testing.B) { benchmarkDivUint256(b, &int256Samples, &int64Samples) })
-	b.Run("mod64/big", func(b *testing.B) { benchmarkDivBig(b, &big256Samples, &big64Samples) })
 	b.Run("mod128/uint256", func(b *testing.B) { benchmarkDivUint256(b, &int256Samples, &int128Samples) })
-	b.Run("mod128/big", func(b *testing.B) { benchmarkDivBig(b, &big256Samples, &big128Samples) })
 	b.Run("mod192/uint256", func(b *testing.B) { benchmarkDivUint256(b, &int256Samples, &int192Samples) })
-	b.Run("mod192/big", func(b *testing.B) { benchmarkDivBig(b, &big256Samples, &big192Samples) })
 	b.Run("mod256/uint256", func(b *testing.B) { benchmarkDivUint256(b, &int256Samples, &int256SamplesLt) })
+	b.Run("small/big", func(b *testing.B) { benchmarkDivBig(b, &big32Samples, &big32SamplesLt) })
+	b.Run("mod64/big", func(b *testing.B) { benchmarkDivBig(b, &big256Samples, &big64Samples) })
+	b.Run("mod128/big", func(b *testing.B) { benchmarkDivBig(b, &big256Samples, &big128Samples) })
+	b.Run("mod192/big", func(b *testing.B) { benchmarkDivBig(b, &big256Samples, &big192Samples) })
 	b.Run("mod256/big", func(b *testing.B) { benchmarkDivBig(b, &big256Samples, &big256SamplesLt) })
 }
 
@@ -629,14 +629,14 @@ func BenchmarkMod(b *testing.B) {
 	}
 
 	b.Run("small/uint256", func(b *testing.B) { benchmarkModUint256(b, &int32Samples, &int32SamplesLt) })
-	b.Run("small/big", func(b *testing.B) { benchmarkModBig(b, &big32Samples, &big32SamplesLt) })
 	b.Run("mod64/uint256", func(b *testing.B) { benchmarkModUint256(b, &int256Samples, &int64Samples) })
-	b.Run("mod64/big", func(b *testing.B) { benchmarkModBig(b, &big256Samples, &big64Samples) })
 	b.Run("mod128/uint256", func(b *testing.B) { benchmarkModUint256(b, &int256Samples, &int128Samples) })
-	b.Run("mod128/big", func(b *testing.B) { benchmarkModBig(b, &big256Samples, &big128Samples) })
 	b.Run("mod192/uint256", func(b *testing.B) { benchmarkModUint256(b, &int256Samples, &int192Samples) })
-	b.Run("mod192/big", func(b *testing.B) { benchmarkModBig(b, &big256Samples, &big192Samples) })
 	b.Run("mod256/uint256", func(b *testing.B) { benchmarkModUint256(b, &int256Samples, &int256SamplesLt) })
+	b.Run("small/big", func(b *testing.B) { benchmarkModBig(b, &big32Samples, &big32SamplesLt) })
+	b.Run("mod64/big", func(b *testing.B) { benchmarkModBig(b, &big256Samples, &big64Samples) })
+	b.Run("mod128/big", func(b *testing.B) { benchmarkModBig(b, &big256Samples, &big128Samples) })
+	b.Run("mod192/big", func(b *testing.B) { benchmarkModBig(b, &big256Samples, &big192Samples) })
 	b.Run("mod256/big", func(b *testing.B) { benchmarkModBig(b, &big256Samples, &big256SamplesLt) })
 }
 
@@ -667,19 +667,38 @@ func BenchmarkAddMod(b *testing.B) {
 		}
 	}
 
-	b.Run("small/uint256",	func(b *testing.B) { benchmarkAddModUint256	(b,  &int32SamplesLt,  &int32Samples) })
-	b.Run("small/big",	func(b *testing.B) { benchmarkAddModBig		(b,  &big32SamplesLt,  &big32Samples) })
-	b.Run("mod64/uint256",	func(b *testing.B) { benchmarkAddModUint256	(b,  &int64SamplesLt,  &int64Samples) })
-	b.Run("mod64/big",	func(b *testing.B) { benchmarkAddModBig		(b,  &big64SamplesLt,  &big64Samples) })
-	b.Run("mod128/uint256",	func(b *testing.B) { benchmarkAddModUint256	(b, &int128SamplesLt, &int128Samples) })
-	b.Run("mod128/big",	func(b *testing.B) { benchmarkAddModBig		(b, &big128SamplesLt, &big128Samples) })
-	b.Run("mod192/uint256",	func(b *testing.B) { benchmarkAddModUint256	(b, &int192SamplesLt, &int192Samples) })
-	b.Run("mod192/big",	func(b *testing.B) { benchmarkAddModBig		(b, &big192SamplesLt, &big192Samples) })
-	b.Run("mod256/uint256",	func(b *testing.B) { benchmarkAddModUint256	(b, &int256SamplesLt, &int256Samples) })
-	b.Run("mod256/big",	func(b *testing.B) { benchmarkAddModBig		(b, &big256SamplesLt, &big256Samples) })
+	b.Run("small/uint256", func(b *testing.B) { benchmarkAddModUint256(b, &int32SamplesLt, &int32Samples) })
+	b.Run("mod64/uint256", func(b *testing.B) { benchmarkAddModUint256(b, &int64SamplesLt, &int64Samples) })
+	b.Run("mod128/uint256", func(b *testing.B) { benchmarkAddModUint256(b, &int128SamplesLt, &int128Samples) })
+	b.Run("mod192/uint256", func(b *testing.B) { benchmarkAddModUint256(b, &int192SamplesLt, &int192Samples) })
+	b.Run("mod256/uint256", func(b *testing.B) { benchmarkAddModUint256(b, &int256SamplesLt, &int256Samples) })
+	b.Run("small/big", func(b *testing.B) { benchmarkAddModBig(b, &big32SamplesLt, &big32Samples) })
+	b.Run("mod64/big", func(b *testing.B) { benchmarkAddModBig(b, &big64SamplesLt, &big64Samples) })
+	b.Run("mod128/big", func(b *testing.B) { benchmarkAddModBig(b, &big128SamplesLt, &big128Samples) })
+	b.Run("mod192/big", func(b *testing.B) { benchmarkAddModBig(b, &big192SamplesLt, &big192Samples) })
+	b.Run("mod256/big", func(b *testing.B) { benchmarkAddModBig(b, &big256SamplesLt, &big256Samples) })
 }
 
 func BenchmarkMulMod(b *testing.B) {
+	benchmarkMulModUint256R := func(b *testing.B, factorsSamples, modSamples *[numSamples]Int) {
+		iter := (b.N + numSamples - 1) / numSamples
+
+		var mu [numSamples][5]uint64
+
+		for i := 0; i < numSamples; i++ {
+			mu[i] = Reciprocal(&modSamples[i])
+		}
+
+		b.ResetTimer()
+
+		for j := 0; j < numSamples; j++ {
+			x := factorsSamples[j]
+
+			for i := 0; i < iter; i++ {
+				x.MulModWithReciprocal(&x, &factorsSamples[j], &modSamples[j], &mu[j])
+			}
+		}
+	}
 	benchmarkMulModUint256 := func(b *testing.B, factorsSamples, modSamples *[numSamples]Int) {
 		iter := (b.N + numSamples - 1) / numSamples
 
@@ -704,16 +723,17 @@ func BenchmarkMulMod(b *testing.B) {
 		}
 	}
 
-	b.Run("small/uint256",	func(b *testing.B) { benchmarkMulModUint256	(b,  &int32SamplesLt,  &int32Samples) })
-	b.Run("small/big",	func(b *testing.B) { benchmarkMulModBig		(b,  &big32SamplesLt,  &big32Samples) })
-	b.Run("mod64/uint256",	func(b *testing.B) { benchmarkMulModUint256	(b,  &int64SamplesLt,  &int64Samples) })
-	b.Run("mod64/big",	func(b *testing.B) { benchmarkMulModBig		(b,  &big64SamplesLt,  &big64Samples) })
-	b.Run("mod128/uint256",	func(b *testing.B) { benchmarkMulModUint256	(b, &int128SamplesLt, &int128Samples) })
-	b.Run("mod128/big",	func(b *testing.B) { benchmarkMulModBig		(b, &big128SamplesLt, &big128Samples) })
-	b.Run("mod192/uint256",	func(b *testing.B) { benchmarkMulModUint256	(b, &int192SamplesLt, &int192Samples) })
-	b.Run("mod192/big",	func(b *testing.B) { benchmarkMulModBig		(b, &big192SamplesLt, &big192Samples) })
-	b.Run("mod256/uint256",	func(b *testing.B) { benchmarkMulModUint256	(b, &int256SamplesLt, &int256Samples) })
-	b.Run("mod256/big",	func(b *testing.B) { benchmarkMulModBig		(b, &big256SamplesLt, &big256Samples) })
+	b.Run("small/uint256", func(b *testing.B) { benchmarkMulModUint256(b, &int32SamplesLt, &int32Samples) })
+	b.Run("mod64/uint256", func(b *testing.B) { benchmarkMulModUint256(b, &int64SamplesLt, &int64Samples) })
+	b.Run("mod128/uint256", func(b *testing.B) { benchmarkMulModUint256(b, &int128SamplesLt, &int128Samples) })
+	b.Run("mod192/uint256", func(b *testing.B) { benchmarkMulModUint256(b, &int192SamplesLt, &int192Samples) })
+	b.Run("mod256/uint256", func(b *testing.B) { benchmarkMulModUint256(b, &int256SamplesLt, &int256Samples) })
+	b.Run("mod256/uint256r", func(b *testing.B) { benchmarkMulModUint256R(b, &int256SamplesLt, &int256Samples) })
+	b.Run("small/big", func(b *testing.B) { benchmarkMulModBig(b, &big32SamplesLt, &big32Samples) })
+	b.Run("mod64/big", func(b *testing.B) { benchmarkMulModBig(b, &big64SamplesLt, &big64Samples) })
+	b.Run("mod128/big", func(b *testing.B) { benchmarkMulModBig(b, &big128SamplesLt, &big128Samples) })
+	b.Run("mod192/big", func(b *testing.B) { benchmarkMulModBig(b, &big192SamplesLt, &big192Samples) })
+	b.Run("mod256/big", func(b *testing.B) { benchmarkMulModBig(b, &big256SamplesLt, &big256Samples) })
 }
 
 func benchmark_SdivLarge_Big(bench *testing.B) {