Improve support to fast 25519 backend.

relic-toolkit · Feb 2, 2024 · 628eb86 · 628eb86
1 parent ba4a8de
commit 628eb86
Show file tree

Hide file tree

Showing 4 changed files with 58 additions and 34 deletions.
diff --git a/src/fp/relic_fp_inv.c b/src/fp/relic_fp_inv.c
@@ -256,7 +256,7 @@ void fp_inv_monty(fp_t c, const fp_t a) {
 	bn_t _a, _p, u, v, x1, x2;
 	const dig_t *p = NULL;
 	dig_t carry;
-	int i, k, flag = 0;
+	int i, k;
 
 	bn_null(_a);
 	bn_null(_p);
@@ -340,18 +340,18 @@ void fp_inv_monty(fp_t c, const fp_t a) {
 			fp_subn_low(x1->dp, x1->dp, fp_prime_get());
 		}
 
-		dv_copy(x2->dp, fp_prime_get_conv(), RLC_FP_DIGS);
-
 		/* If k < Wt then x1 = x1 * R^2 * R^{-1} mod p. */
 		if (k <= RLC_FP_DIGS * RLC_DIG) {
-			flag = 1;
-			fp_mul(x1->dp, x1->dp, x2->dp);
 			k = k + RLC_FP_DIGS * RLC_DIG;
+#if FP_RDC == MONTY
+			fp_mul(x1->dp, x1->dp, fp_prime_get_conv());
+#endif
 		}
 
+#if FP_RDC == MONTY
 		/* x1 = x1 * R^2 * R^{-1} mod p. */
-		fp_mul(x1->dp, x1->dp, x2->dp);
-
+		fp_mul(x1->dp, x1->dp, fp_prime_get_conv());
+#endif
 		/* c = x1 * 2^(2Wt - k) * R^{-1} mod p. */
 		fp_copy(c, x1->dp);
 		dv_zero(x1->dp, RLC_FP_DIGS);
@@ -360,23 +360,14 @@ void fp_inv_monty(fp_t c, const fp_t a) {
 
 #if FP_RDC != MONTY
 		/*
-		 * If we do not use Montgomery reduction, the result of inversion is
-		 * a^{-1}R^3 mod p or a^{-1}R^4 mod p, depending on flag.
-		 * Hence we must reduce the result three or four times.
+		 * If we do not use Montgomery reduction, convert back.
 		 */
-		_a->used = RLC_FP_DIGS;
-		dv_copy(_a->dp, c, RLC_FP_DIGS);
-		bn_mod_monty_back(_a, _a, _p);
-		bn_mod_monty_back(_a, _a, _p);
+		bn_read_raw(_a, c, RLC_FP_DIGS);
 		bn_mod_monty_back(_a, _a, _p);
 
-		if (flag) {
-			bn_mod_monty_back(_a, _a, _p);
-		}
 		fp_zero(c);
 		dv_copy(c, _a->dp, _a->used);
 #endif
-		(void)flag;
 	}
 	RLC_CATCH_ANY {
 		RLC_THROW(ERR_CAUGHT);

diff --git a/src/fp/relic_fp_util.c b/src/fp/relic_fp_util.c
@@ -157,6 +157,8 @@ void fp_print(const fp_t a) {
 		}
 #else
 		bn_read_raw(t, a, RLC_FP_DIGS);
+		fp_norm(t->dp, t->dp);
+		bn_trim(t);
 #endif
 
 		for (i = RLC_FP_DIGS - 1; i > 0; i--) {

diff --git a/src/low/x64-hacl-25519/relic_fp_add_low.c b/src/low/x64-hacl-25519/relic_fp_add_low.c
@@ -40,10 +40,6 @@
 /* Public definitions                                                         */
 /*============================================================================*/
 
-dig_t fp_addn_low(dig_t *c, const dig_t *a, const dig_t *b) {
-	return mpn_add_n(c, a, b, RLC_FP_DIGS);
-}
-
 dig_t fp_addd_low(dig_t *c, const dig_t *a, const dig_t *b) {
 	return mpn_add_n(c, a, b, 2 * RLC_FP_DIGS);
 }
@@ -62,10 +58,6 @@ dig_t fp_sub1_low(dig_t *c, const dig_t *a, const dig_t digit) {
 	return mpn_sub_1(c, a, RLC_FP_DIGS, digit);
 }
 
-dig_t fp_subn_low(dig_t *c, const dig_t *a, const dig_t *b) {
-	return mpn_sub_n(c, a, b, RLC_FP_DIGS);
-}
-
 dig_t fp_subd_low(dig_t *c, const dig_t *a, const dig_t *b) {
 	return mpn_sub_n(c, a, b, 2 * RLC_FP_DIGS);
 }
@@ -80,16 +72,12 @@ void fp_negm_low(dig_t *c, const dig_t *a) {
 	if (fp_is_zero(a)) {
 		fp_zero(c);
 	} else {
-		fp_copy(c, a);
-		if (dv_cmp(c, fp_prime_get(), RLC_FP_DIGS) == RLC_GT) {
-			mpn_sub_n(c, c, fp_prime_get(), RLC_FP_DIGS);
-		}
-		mpn_sub_n(c, fp_prime_get(), c, RLC_FP_DIGS);
+		fp_subm_low(c, fp_prime_get(), a);
 	}
 }
 
 dig_t fp_dbln_low(dig_t *c, const dig_t *a) {
-	return mpn_add_n(c, a, a, RLC_FP_DIGS);
+	return fp_addn_low(c, a, a);
 }
 
 void fp_dblm_low(dig_t *c, const dig_t *a) {
@@ -100,7 +88,7 @@ void fp_hlvm_low(dig_t *c, const dig_t *a) {
     dig_t carry = 0;
 
     if (a[0] & 1) {
-            carry = mpn_add_n(c, a, fp_prime_get(), RLC_FP_DIGS);
+            carry = fp_addn_low(c, a, fp_prime_get());
     } else {
             dv_copy(c, a, RLC_FP_DIGS);
     }
@@ -112,7 +100,7 @@ void fp_hlvd_low(dig_t *c, const dig_t *a) {
 	dig_t carry = 0;
 
 	if (a[0] & 1) {
-		carry = mpn_add_n(c, a, fp_prime_get(), RLC_FP_DIGS);
+		carry = fp_addn_low(c, a, fp_prime_get());
 	} else {
 		dv_copy(c, a, RLC_FP_DIGS);
 	}

diff --git a/src/low/x64-hacl-25519/relic_fp_add_low.s b/src/low/x64-hacl-25519/relic_fp_add_low.s
@@ -25,6 +25,26 @@ fp_add1_low:
   pop %rdi
   ret
 
+.global fp_addn_low
+fp_addn_low:
+  xorq	%rax, %rax
+  movq 0(%rdx), %r8
+  addq 0(%rsi), %r8
+  movq 8(%rdx), %r9
+  adcxq 8(%rsi), %r9
+  movq 16(%rdx), %r10
+  adcxq 16(%rsi), %r10
+  movq 24(%rdx), %r11
+  adcxq 24(%rsi), %r11
+
+  movq %r8, 0(%rdi)
+  movq %r9, 8(%rdi)
+  movq %r10, 16(%rdi)
+  movq %r11, 24(%rdi)
+
+  adcq	$0, %rax
+  ret
+
 .global fp_addm_low
 fp_addm_low:
   ;# Compute the raw addition of f1 + f2
@@ -59,6 +79,29 @@ fp_addm_low:
   movq %r8, 0(%rdi)
   ret
 
+.global fp_subn_low
+fp_subn_low:
+  xorq	%rax, %rax
+
+  ;# Compute the raw substraction of f1-f2
+  movq 0(%rsi), %r8
+  subq 0(%rdx), %r8
+  movq 8(%rsi), %r9
+  sbbq 8(%rdx), %r9
+  movq 16(%rsi), %r10
+  sbbq 16(%rdx), %r10
+  movq 24(%rsi), %r11
+  sbbq 24(%rdx), %r11
+
+  ;# Store the result
+  movq %r8, 0(%rdi)
+  movq %r9, 8(%rdi)
+  movq %r10, 16(%rdi)
+  movq %r11, 24(%rdi)
+
+  adcq	$0, %rax
+  ret
+
 .global fp_subm_low
 fp_subm_low:
   ;# Compute the raw substraction of f1-f2