Generate code for the scalar field of standard curves #1259
Conversation
|
This is nice, but I'm afraid fiat-crypto is too slow at larger curves to support this. 6+ hours of CI time is really too much. Do you have thoughts on how to support this better? Options I can think of:
Also, this PR is missing Java files. |
|
CI is indeed a major issue. Testing slow and fast cases in distinct jobs may be the way to go, especially since we already have such distinction with the "lite" files. |
The Java files are included, but they were generated with funny names: This is a distinct issue, that also happens on [UPDATE] sed -E 's/.*/\\L&/; s/[a-z]*/\\u&/g'
|
This seems reasonable to me |
Imports the 32-bit fiat-crypto scalar field implementation generated by @jedisct1 from this PR: mit-plv/fiat-crypto#1259 Gates all field backends and precomputed constants on `target_pointer_width`, substituting 12-limb 32-bit versions for 32-bit targets where necessary. Inversions are implemented using 64-bit arithmetic, so for now they are marked as `todo!()`.
Imports the 32-bit fiat-crypto scalar field implementation generated by @jedisct1 from this PR: mit-plv/fiat-crypto#1259 Gates all field backends and precomputed constants on `target_pointer_width`, substituting 12-limb 32-bit versions for 32-bit targets where necessary. Inversions are implemented using 64-bit arithmetic, so for now they are marked as `todo!()`.
Imports the 32-bit fiat-crypto scalar field implementation generated by @jedisct1 from this PR: mit-plv/fiat-crypto#1259 Gates all field backends and precomputed constants on `target_pointer_width`, substituting 12-limb 32-bit versions for 32-bit targets where necessary. Inversions are implemented using 64-bit arithmetic, so for now they are marked as `todo!()`.
Imports the 32-bit fiat-crypto scalar field implementation generated by @jedisct1 from this PR: mit-plv/fiat-crypto#1259 Gates all field backends and precomputed constants on `target_pointer_width`, substituting 12-limb 32-bit versions for 32-bit targets where necessary. Inversions are implemented using 64-bit arithmetic, so for now they are marked as `todo!()`.
|
Alternatively, if the scalar fields could be included in the |
jedisct1
force-pushed
the
add-scalar-fields
branch
3 times, most recently
from
848e7be
to
90ee584
Compare
fiat-crypto is already used for arithmetic on scalars, at least by the Zig standard library and in Rust (p384_rs, being merged into the p384 crate as we speak). So it may be useful to pregenerate and test this in fiat-crypto. This change adds support for the curve25519, p256, secp256k1 and p384 scalar fields.
jedisct1
force-pushed
the
add-scalar-fields
branch
from
90ee584
to
ca7c56d
Compare
|
Removing P521 code generation makes it more reasonable. Due to its size, Java cannot compile the P521 scalar code anyway. |
|
https://github.com/ejgallego/coq-universe |
fiat-cryptois already used for arithmetic on scalars, at least by the Zig standard library and in Rust (p384_rs, being merged into thep384crate as we speak).So it may be useful to pregenerate and test this in
fiat-crypto.This change adds support for the curve25519, p256, secp256k1, p384 and p521 scalar fields.