serai/crypto/multiexp/src/lib.rs

use group::Group;

mod straus;
use straus::*;

mod pippenger;
use pippenger::*;

#[cfg(feature = "batch")]
mod batch;
#[cfg(feature = "batch")]
pub use batch::BatchVerifier;

#[derive(Clone, Copy, PartialEq, Eq, Debug)]
enum Algorithm {
  Straus,
  Pippenger
}

fn algorithm(pairs: usize) -> Algorithm {
  // TODO: Replace this with an actual formula determining which will use less additions
  // Right now, Straus is used until 600, instead of the far more accurate 300, as Pippenger
  // operates per byte instead of per nibble, and therefore requires a much longer series to be
  // performant
  // Technically, 800 is dalek's number for when to use byte Pippenger, yet given Straus's own
  // implementation limitations...
  if pairs < 600 {
    Algorithm::Straus
  } else {
    Algorithm::Pippenger
  }
}

// Performs a multiexp, automatically selecting the optimal algorithm based on amount of pairs
// Takes in an iterator of scalars and points, with a boolean for if the scalars are little endian
// encoded in their Reprs or not
pub fn multiexp<G: Group>(pairs: &[(G::Scalar, G)], little: bool) -> G {
  match algorithm(pairs.len()) {
    Algorithm::Straus => straus(pairs, little),
    Algorithm::Pippenger => pippenger(pairs, little)
  }
}

pub fn multiexp_vartime<G: Group>(pairs: &[(G::Scalar, G)], little: bool) -> G {
  match algorithm(pairs.len()) {
    Algorithm::Straus => straus_vartime(pairs, little),
    Algorithm::Pippenger => pippenger_vartime(pairs, little)
  }
}
Add pippenger under multiexp 2022-06-07 04:02:10 +00:00			`use group::Group;`
Fix https://github.com/serai-dex/serai/issues/5 2022-05-03 11:42:09 +00:00
Add pippenger under multiexp 2022-06-07 04:02:10 +00:00			`mod straus;`
			`use straus::*;`
Add a batch verifier to multiexp, along with constant time variants Saves ~8% during FROST key gen, even with dropping a vartime for a constant time (as needed to be secure), as the new batch verifier is used where batch verification previously wasn't. The new multiexp API itself also offered a very slight performance boost, which may solely be a measurement error. Handles most of https://github.com/serai-dex/serai/issues/10. The blame function isn't binary searched nor randomly sorted yet. 2022-05-27 04:52:44 +00:00
Add pippenger under multiexp 2022-06-07 04:02:10 +00:00			`mod pippenger;`
			`use pippenger::*;`
Add a batch verifier to multiexp, along with constant time variants Saves ~8% during FROST key gen, even with dropping a vartime for a constant time (as needed to be secure), as the new batch verifier is used where batch verification previously wasn't. The new multiexp API itself also offered a very slight performance boost, which may solely be a measurement error. Handles most of https://github.com/serai-dex/serai/issues/10. The blame function isn't binary searched nor randomly sorted yet. 2022-05-27 04:52:44 +00:00
Add pippenger under multiexp 2022-06-07 04:02:10 +00:00			`#[cfg(feature = "batch")]`
			`mod batch;`
			`#[cfg(feature = "batch")]`
			`pub use batch::BatchVerifier;`
Fix https://github.com/serai-dex/serai/issues/5 2022-05-03 11:42:09 +00:00
Add pippenger under multiexp 2022-06-07 04:02:10 +00:00			`#[derive(Clone, Copy, PartialEq, Eq, Debug)]`
			`enum Algorithm {`
			`Straus,`
			`Pippenger`
Add a batch verifier to multiexp, along with constant time variants Saves ~8% during FROST key gen, even with dropping a vartime for a constant time (as needed to be secure), as the new batch verifier is used where batch verification previously wasn't. The new multiexp API itself also offered a very slight performance boost, which may solely be a measurement error. Handles most of https://github.com/serai-dex/serai/issues/10. The blame function isn't binary searched nor randomly sorted yet. 2022-05-27 04:52:44 +00:00			`}`

Add pippenger under multiexp 2022-06-07 04:02:10 +00:00			`fn algorithm(pairs: usize) -> Algorithm {`
			`// TODO: Replace this with an actual formula determining which will use less additions`
			`// Right now, Straus is used until 600, instead of the far more accurate 300, as Pippenger`
			`// operates per byte instead of per nibble, and therefore requires a much longer series to be`
			`// performant`
			`// Technically, 800 is dalek's number for when to use byte Pippenger, yet given Straus's own`
			`// implementation limitations...`
			`if pairs < 600 {`
			`Algorithm::Straus`
			`} else {`
			`Algorithm::Pippenger`
Fix https://github.com/serai-dex/serai/issues/5 2022-05-03 11:42:09 +00:00			`}`
Add a batch verifier to multiexp, along with constant time variants Saves ~8% during FROST key gen, even with dropping a vartime for a constant time (as needed to be secure), as the new batch verifier is used where batch verification previously wasn't. The new multiexp API itself also offered a very slight performance boost, which may solely be a measurement error. Handles most of https://github.com/serai-dex/serai/issues/10. The blame function isn't binary searched nor randomly sorted yet. 2022-05-27 04:52:44 +00:00			`}`

Add pippenger under multiexp 2022-06-07 04:02:10 +00:00			`// Performs a multiexp, automatically selecting the optimal algorithm based on amount of pairs`
			`// Takes in an iterator of scalars and points, with a boolean for if the scalars are little endian`
			`// encoded in their Reprs or not`
			`pub fn multiexp<G: Group>(pairs: &[(G::Scalar, G)], little: bool) -> G {`
			`match algorithm(pairs.len()) {`
			`Algorithm::Straus => straus(pairs, little),`
			`Algorithm::Pippenger => pippenger(pairs, little)`
Fix https://github.com/serai-dex/serai/issues/5 2022-05-03 11:42:09 +00:00			`}`
			`}`
Add a batch verifier to multiexp, along with constant time variants Saves ~8% during FROST key gen, even with dropping a vartime for a constant time (as needed to be secure), as the new batch verifier is used where batch verification previously wasn't. The new multiexp API itself also offered a very slight performance boost, which may solely be a measurement error. Handles most of https://github.com/serai-dex/serai/issues/10. The blame function isn't binary searched nor randomly sorted yet. 2022-05-27 04:52:44 +00:00
Add pippenger under multiexp 2022-06-07 04:02:10 +00:00			`pub fn multiexp_vartime<G: Group>(pairs: &[(G::Scalar, G)], little: bool) -> G {`
			`match algorithm(pairs.len()) {`
			`Algorithm::Straus => straus_vartime(pairs, little),`
			`Algorithm::Pippenger => pippenger_vartime(pairs, little)`
Add a batch verifier to multiexp, along with constant time variants Saves ~8% during FROST key gen, even with dropping a vartime for a constant time (as needed to be secure), as the new batch verifier is used where batch verification previously wasn't. The new multiexp API itself also offered a very slight performance boost, which may solely be a measurement error. Handles most of https://github.com/serai-dex/serai/issues/10. The blame function isn't binary searched nor randomly sorted yet. 2022-05-27 04:52:44 +00:00			`}`
			`}`