Bitcoin Core  21.99.0
P2P Digital Currency
bench_internal.c
Go to the documentation of this file.
1 /**********************************************************************
2  * Copyright (c) 2014-2015 Pieter Wuille *
3  * Distributed under the MIT software license, see the accompanying *
4  * file COPYING or http://www.opensource.org/licenses/mit-license.php.*
5  **********************************************************************/
6 #include <stdio.h>
7 
8 #include "include/secp256k1.h"
9 
10 #include "assumptions.h"
11 #include "util.h"
12 #include "hash_impl.h"
13 #include "num_impl.h"
14 #include "field_impl.h"
15 #include "group_impl.h"
16 #include "scalar_impl.h"
17 #include "ecmult_const_impl.h"
18 #include "ecmult_impl.h"
19 #include "bench.h"
20 #include "secp256k1.c"
21 
22 typedef struct {
23  secp256k1_scalar scalar[2];
24  secp256k1_fe fe[4];
25  secp256k1_ge ge[2];
26  secp256k1_gej gej[2];
27  unsigned char data[64];
28  int wnaf[256];
29 } bench_inv;
30 
31 void bench_setup(void* arg) {
32  bench_inv *data = (bench_inv*)arg;
33 
34  static const unsigned char init[4][32] = {
35  /* Initializer for scalar[0], fe[0], first half of data, the X coordinate of ge[0],
36  and the (implied affine) X coordinate of gej[0]. */
37  {
38  0x02, 0x03, 0x05, 0x07, 0x0b, 0x0d, 0x11, 0x13,
39  0x17, 0x1d, 0x1f, 0x25, 0x29, 0x2b, 0x2f, 0x35,
40  0x3b, 0x3d, 0x43, 0x47, 0x49, 0x4f, 0x53, 0x59,
41  0x61, 0x65, 0x67, 0x6b, 0x6d, 0x71, 0x7f, 0x83
42  },
43  /* Initializer for scalar[1], fe[1], first half of data, the X coordinate of ge[1],
44  and the (implied affine) X coordinate of gej[1]. */
45  {
46  0x82, 0x83, 0x85, 0x87, 0x8b, 0x8d, 0x81, 0x83,
47  0x97, 0xad, 0xaf, 0xb5, 0xb9, 0xbb, 0xbf, 0xc5,
48  0xdb, 0xdd, 0xe3, 0xe7, 0xe9, 0xef, 0xf3, 0xf9,
49  0x11, 0x15, 0x17, 0x1b, 0x1d, 0xb1, 0xbf, 0xd3
50  },
51  /* Initializer for fe[2] and the Z coordinate of gej[0]. */
52  {
53  0x3d, 0x2d, 0xef, 0xf4, 0x25, 0x98, 0x4f, 0x5d,
54  0xe2, 0xca, 0x5f, 0x41, 0x3f, 0x3f, 0xce, 0x44,
55  0xaa, 0x2c, 0x53, 0x8a, 0xc6, 0x59, 0x1f, 0x38,
56  0x38, 0x23, 0xe4, 0x11, 0x27, 0xc6, 0xa0, 0xe7
57  },
58  /* Initializer for fe[3] and the Z coordinate of gej[1]. */
59  {
60  0xbd, 0x21, 0xa5, 0xe1, 0x13, 0x50, 0x73, 0x2e,
61  0x52, 0x98, 0xc8, 0x9e, 0xab, 0x00, 0xa2, 0x68,
62  0x43, 0xf5, 0xd7, 0x49, 0x80, 0x72, 0xa7, 0xf3,
63  0xd7, 0x60, 0xe6, 0xab, 0x90, 0x92, 0xdf, 0xc5
64  }
65  };
66 
67  secp256k1_scalar_set_b32(&data->scalar[0], init[0], NULL);
68  secp256k1_scalar_set_b32(&data->scalar[1], init[1], NULL);
69  secp256k1_fe_set_b32(&data->fe[0], init[0]);
70  secp256k1_fe_set_b32(&data->fe[1], init[1]);
71  secp256k1_fe_set_b32(&data->fe[2], init[2]);
72  secp256k1_fe_set_b32(&data->fe[3], init[3]);
73  CHECK(secp256k1_ge_set_xo_var(&data->ge[0], &data->fe[0], 0));
74  CHECK(secp256k1_ge_set_xo_var(&data->ge[1], &data->fe[1], 1));
75  secp256k1_gej_set_ge(&data->gej[0], &data->ge[0]);
76  secp256k1_gej_rescale(&data->gej[0], &data->fe[2]);
77  secp256k1_gej_set_ge(&data->gej[1], &data->ge[1]);
78  secp256k1_gej_rescale(&data->gej[1], &data->fe[3]);
79  memcpy(data->data, init[0], 32);
80  memcpy(data->data + 32, init[1], 32);
81 }
82 
83 void bench_scalar_add(void* arg, int iters) {
84  int i, j = 0;
85  bench_inv *data = (bench_inv*)arg;
86 
87  for (i = 0; i < iters; i++) {
88  j += secp256k1_scalar_add(&data->scalar[0], &data->scalar[0], &data->scalar[1]);
89  }
90  CHECK(j <= iters);
91 }
92 
93 void bench_scalar_negate(void* arg, int iters) {
94  int i;
95  bench_inv *data = (bench_inv*)arg;
96 
97  for (i = 0; i < iters; i++) {
98  secp256k1_scalar_negate(&data->scalar[0], &data->scalar[0]);
99  }
100 }
101 
102 void bench_scalar_sqr(void* arg, int iters) {
103  int i;
104  bench_inv *data = (bench_inv*)arg;
105 
106  for (i = 0; i < iters; i++) {
107  secp256k1_scalar_sqr(&data->scalar[0], &data->scalar[0]);
108  }
109 }
110 
111 void bench_scalar_mul(void* arg, int iters) {
112  int i;
113  bench_inv *data = (bench_inv*)arg;
114 
115  for (i = 0; i < iters; i++) {
116  secp256k1_scalar_mul(&data->scalar[0], &data->scalar[0], &data->scalar[1]);
117  }
118 }
119 
120 void bench_scalar_split(void* arg, int iters) {
121  int i, j = 0;
122  bench_inv *data = (bench_inv*)arg;
123 
124  for (i = 0; i < iters; i++) {
125  secp256k1_scalar_split_lambda(&data->scalar[0], &data->scalar[1], &data->scalar[0]);
126  j += secp256k1_scalar_add(&data->scalar[0], &data->scalar[0], &data->scalar[1]);
127  }
128  CHECK(j <= iters);
129 }
130 
131 void bench_scalar_inverse(void* arg, int iters) {
132  int i, j = 0;
133  bench_inv *data = (bench_inv*)arg;
134 
135  for (i = 0; i < iters; i++) {
136  secp256k1_scalar_inverse(&data->scalar[0], &data->scalar[0]);
137  j += secp256k1_scalar_add(&data->scalar[0], &data->scalar[0], &data->scalar[1]);
138  }
139  CHECK(j <= iters);
140 }
141 
142 void bench_scalar_inverse_var(void* arg, int iters) {
143  int i, j = 0;
144  bench_inv *data = (bench_inv*)arg;
145 
146  for (i = 0; i < iters; i++) {
147  secp256k1_scalar_inverse_var(&data->scalar[0], &data->scalar[0]);
148  j += secp256k1_scalar_add(&data->scalar[0], &data->scalar[0], &data->scalar[1]);
149  }
150  CHECK(j <= iters);
151 }
152 
153 void bench_field_normalize(void* arg, int iters) {
154  int i;
155  bench_inv *data = (bench_inv*)arg;
156 
157  for (i = 0; i < iters; i++) {
158  secp256k1_fe_normalize(&data->fe[0]);
159  }
160 }
161 
162 void bench_field_normalize_weak(void* arg, int iters) {
163  int i;
164  bench_inv *data = (bench_inv*)arg;
165 
166  for (i = 0; i < iters; i++) {
167  secp256k1_fe_normalize_weak(&data->fe[0]);
168  }
169 }
170 
171 void bench_field_mul(void* arg, int iters) {
172  int i;
173  bench_inv *data = (bench_inv*)arg;
174 
175  for (i = 0; i < iters; i++) {
176  secp256k1_fe_mul(&data->fe[0], &data->fe[0], &data->fe[1]);
177  }
178 }
179 
180 void bench_field_sqr(void* arg, int iters) {
181  int i;
182  bench_inv *data = (bench_inv*)arg;
183 
184  for (i = 0; i < iters; i++) {
185  secp256k1_fe_sqr(&data->fe[0], &data->fe[0]);
186  }
187 }
188 
189 void bench_field_inverse(void* arg, int iters) {
190  int i;
191  bench_inv *data = (bench_inv*)arg;
192 
193  for (i = 0; i < iters; i++) {
194  secp256k1_fe_inv(&data->fe[0], &data->fe[0]);
195  secp256k1_fe_add(&data->fe[0], &data->fe[1]);
196  }
197 }
198 
199 void bench_field_inverse_var(void* arg, int iters) {
200  int i;
201  bench_inv *data = (bench_inv*)arg;
202 
203  for (i = 0; i < iters; i++) {
204  secp256k1_fe_inv_var(&data->fe[0], &data->fe[0]);
205  secp256k1_fe_add(&data->fe[0], &data->fe[1]);
206  }
207 }
208 
209 void bench_field_sqrt(void* arg, int iters) {
210  int i, j = 0;
211  bench_inv *data = (bench_inv*)arg;
212  secp256k1_fe t;
213 
214  for (i = 0; i < iters; i++) {
215  t = data->fe[0];
216  j += secp256k1_fe_sqrt(&data->fe[0], &t);
217  secp256k1_fe_add(&data->fe[0], &data->fe[1]);
218  }
219  CHECK(j <= iters);
220 }
221 
222 void bench_group_double_var(void* arg, int iters) {
223  int i;
224  bench_inv *data = (bench_inv*)arg;
225 
226  for (i = 0; i < iters; i++) {
227  secp256k1_gej_double_var(&data->gej[0], &data->gej[0], NULL);
228  }
229 }
230 
231 void bench_group_add_var(void* arg, int iters) {
232  int i;
233  bench_inv *data = (bench_inv*)arg;
234 
235  for (i = 0; i < iters; i++) {
236  secp256k1_gej_add_var(&data->gej[0], &data->gej[0], &data->gej[1], NULL);
237  }
238 }
239 
240 void bench_group_add_affine(void* arg, int iters) {
241  int i;
242  bench_inv *data = (bench_inv*)arg;
243 
244  for (i = 0; i < iters; i++) {
245  secp256k1_gej_add_ge(&data->gej[0], &data->gej[0], &data->ge[1]);
246  }
247 }
248 
249 void bench_group_add_affine_var(void* arg, int iters) {
250  int i;
251  bench_inv *data = (bench_inv*)arg;
252 
253  for (i = 0; i < iters; i++) {
254  secp256k1_gej_add_ge_var(&data->gej[0], &data->gej[0], &data->ge[1], NULL);
255  }
256 }
257 
258 void bench_group_jacobi_var(void* arg, int iters) {
259  int i, j = 0;
260  bench_inv *data = (bench_inv*)arg;
261 
262  for (i = 0; i < iters; i++) {
263  j += secp256k1_gej_has_quad_y_var(&data->gej[0]);
264  /* Vary the Y and Z coordinates of the input (the X coordinate doesn't matter to
265  secp256k1_gej_has_quad_y_var). Note that the resulting coordinates will
266  generally not correspond to a point on the curve, but this is not a problem
267  for the code being benchmarked here. Adding and normalizing have less
268  overhead than EC operations (which could guarantee the point remains on the
269  curve). */
270  secp256k1_fe_add(&data->gej[0].y, &data->fe[1]);
271  secp256k1_fe_add(&data->gej[0].z, &data->fe[2]);
272  secp256k1_fe_normalize_var(&data->gej[0].y);
273  secp256k1_fe_normalize_var(&data->gej[0].z);
274  }
275  CHECK(j <= iters);
276 }
277 
278 void bench_group_to_affine_var(void* arg, int iters) {
279  int i;
280  bench_inv *data = (bench_inv*)arg;
281 
282  for (i = 0; i < iters; ++i) {
283  secp256k1_ge_set_gej_var(&data->ge[1], &data->gej[0]);
284  /* Use the output affine X/Y coordinates to vary the input X/Y/Z coordinates.
285  Similar to bench_group_jacobi_var, this approach does not result in
286  coordinates of points on the curve. */
287  secp256k1_fe_add(&data->gej[0].x, &data->ge[1].y);
288  secp256k1_fe_add(&data->gej[0].y, &data->fe[2]);
289  secp256k1_fe_add(&data->gej[0].z, &data->ge[1].x);
290  secp256k1_fe_normalize_var(&data->gej[0].x);
291  secp256k1_fe_normalize_var(&data->gej[0].y);
292  secp256k1_fe_normalize_var(&data->gej[0].z);
293  }
294 }
295 
296 void bench_ecmult_wnaf(void* arg, int iters) {
297  int i, bits = 0, overflow = 0;
298  bench_inv *data = (bench_inv*)arg;
299 
300  for (i = 0; i < iters; i++) {
301  bits += secp256k1_ecmult_wnaf(data->wnaf, 256, &data->scalar[0], WINDOW_A);
302  overflow += secp256k1_scalar_add(&data->scalar[0], &data->scalar[0], &data->scalar[1]);
303  }
304  CHECK(overflow >= 0);
305  CHECK(bits <= 256*iters);
306 }
307 
308 void bench_wnaf_const(void* arg, int iters) {
309  int i, bits = 0, overflow = 0;
310  bench_inv *data = (bench_inv*)arg;
311 
312  for (i = 0; i < iters; i++) {
313  bits += secp256k1_wnaf_const(data->wnaf, &data->scalar[0], WINDOW_A, 256);
314  overflow += secp256k1_scalar_add(&data->scalar[0], &data->scalar[0], &data->scalar[1]);
315  }
316  CHECK(overflow >= 0);
317  CHECK(bits <= 256*iters);
318 }
319 
320 
321 void bench_sha256(void* arg, int iters) {
322  int i;
323  bench_inv *data = (bench_inv*)arg;
324  secp256k1_sha256 sha;
325 
326  for (i = 0; i < iters; i++) {
327  secp256k1_sha256_initialize(&sha);
328  secp256k1_sha256_write(&sha, data->data, 32);
329  secp256k1_sha256_finalize(&sha, data->data);
330  }
331 }
332 
333 void bench_hmac_sha256(void* arg, int iters) {
334  int i;
335  bench_inv *data = (bench_inv*)arg;
336  secp256k1_hmac_sha256 hmac;
337 
338  for (i = 0; i < iters; i++) {
339  secp256k1_hmac_sha256_initialize(&hmac, data->data, 32);
340  secp256k1_hmac_sha256_write(&hmac, data->data, 32);
341  secp256k1_hmac_sha256_finalize(&hmac, data->data);
342  }
343 }
344 
345 void bench_rfc6979_hmac_sha256(void* arg, int iters) {
346  int i;
347  bench_inv *data = (bench_inv*)arg;
348  secp256k1_rfc6979_hmac_sha256 rng;
349 
350  for (i = 0; i < iters; i++) {
351  secp256k1_rfc6979_hmac_sha256_initialize(&rng, data->data, 64);
352  secp256k1_rfc6979_hmac_sha256_generate(&rng, data->data, 32);
353  }
354 }
355 
356 void bench_context_verify(void* arg, int iters) {
357  int i;
358  (void)arg;
359  for (i = 0; i < iters; i++) {
360  secp256k1_context_destroy(secp256k1_context_create(SECP256K1_CONTEXT_VERIFY));
361  }
362 }
363 
364 void bench_context_sign(void* arg, int iters) {
365  int i;
366  (void)arg;
367  for (i = 0; i < iters; i++) {
368  secp256k1_context_destroy(secp256k1_context_create(SECP256K1_CONTEXT_SIGN));
369  }
370 }
371 
372 #ifndef USE_NUM_NONE
373 void bench_num_jacobi(void* arg, int iters) {
374  int i, j = 0;
375  bench_inv *data = (bench_inv*)arg;
376  secp256k1_num nx, na, norder;
377 
378  secp256k1_scalar_get_num(&nx, &data->scalar[0]);
379  secp256k1_scalar_order_get_num(&norder);
380  secp256k1_scalar_get_num(&na, &data->scalar[1]);
381 
382  for (i = 0; i < iters; i++) {
383  j += secp256k1_num_jacobi(&nx, &norder);
384  secp256k1_num_add(&nx, &nx, &na);
385  }
386  CHECK(j <= iters);
387 }
388 #endif
389 
390 int main(int argc, char **argv) {
391  bench_inv data;
392  int iters = get_iters(20000);
393 
394  if (have_flag(argc, argv, "scalar") || have_flag(argc, argv, "add")) run_benchmark("scalar_add", bench_scalar_add, bench_setup, NULL, &data, 10, iters*100);
395  if (have_flag(argc, argv, "scalar") || have_flag(argc, argv, "negate")) run_benchmark("scalar_negate", bench_scalar_negate, bench_setup, NULL, &data, 10, iters*100);
396  if (have_flag(argc, argv, "scalar") || have_flag(argc, argv, "sqr")) run_benchmark("scalar_sqr", bench_scalar_sqr, bench_setup, NULL, &data, 10, iters*10);
397  if (have_flag(argc, argv, "scalar") || have_flag(argc, argv, "mul")) run_benchmark("scalar_mul", bench_scalar_mul, bench_setup, NULL, &data, 10, iters*10);
398  if (have_flag(argc, argv, "scalar") || have_flag(argc, argv, "split")) run_benchmark("scalar_split", bench_scalar_split, bench_setup, NULL, &data, 10, iters);
399  if (have_flag(argc, argv, "scalar") || have_flag(argc, argv, "inverse")) run_benchmark("scalar_inverse", bench_scalar_inverse, bench_setup, NULL, &data, 10, 2000);
400  if (have_flag(argc, argv, "scalar") || have_flag(argc, argv, "inverse")) run_benchmark("scalar_inverse_var", bench_scalar_inverse_var, bench_setup, NULL, &data, 10, 2000);
401 
402  if (have_flag(argc, argv, "field") || have_flag(argc, argv, "normalize")) run_benchmark("field_normalize", bench_field_normalize, bench_setup, NULL, &data, 10, iters*100);
403  if (have_flag(argc, argv, "field") || have_flag(argc, argv, "normalize")) run_benchmark("field_normalize_weak", bench_field_normalize_weak, bench_setup, NULL, &data, 10, iters*100);
404  if (have_flag(argc, argv, "field") || have_flag(argc, argv, "sqr")) run_benchmark("field_sqr", bench_field_sqr, bench_setup, NULL, &data, 10, iters*10);
405  if (have_flag(argc, argv, "field") || have_flag(argc, argv, "mul")) run_benchmark("field_mul", bench_field_mul, bench_setup, NULL, &data, 10, iters*10);
406  if (have_flag(argc, argv, "field") || have_flag(argc, argv, "inverse")) run_benchmark("field_inverse", bench_field_inverse, bench_setup, NULL, &data, 10, iters);
407  if (have_flag(argc, argv, "field") || have_flag(argc, argv, "inverse")) run_benchmark("field_inverse_var", bench_field_inverse_var, bench_setup, NULL, &data, 10, iters);
408  if (have_flag(argc, argv, "field") || have_flag(argc, argv, "sqrt")) run_benchmark("field_sqrt", bench_field_sqrt, bench_setup, NULL, &data, 10, iters);
409 
410  if (have_flag(argc, argv, "group") || have_flag(argc, argv, "double")) run_benchmark("group_double_var", bench_group_double_var, bench_setup, NULL, &data, 10, iters*10);
411  if (have_flag(argc, argv, "group") || have_flag(argc, argv, "add")) run_benchmark("group_add_var", bench_group_add_var, bench_setup, NULL, &data, 10, iters*10);
412  if (have_flag(argc, argv, "group") || have_flag(argc, argv, "add")) run_benchmark("group_add_affine", bench_group_add_affine, bench_setup, NULL, &data, 10, iters*10);
413  if (have_flag(argc, argv, "group") || have_flag(argc, argv, "add")) run_benchmark("group_add_affine_var", bench_group_add_affine_var, bench_setup, NULL, &data, 10, iters*10);
414  if (have_flag(argc, argv, "group") || have_flag(argc, argv, "jacobi")) run_benchmark("group_jacobi_var", bench_group_jacobi_var, bench_setup, NULL, &data, 10, iters);
415  if (have_flag(argc, argv, "group") || have_flag(argc, argv, "to_affine")) run_benchmark("group_to_affine_var", bench_group_to_affine_var, bench_setup, NULL, &data, 10, iters);
416 
417  if (have_flag(argc, argv, "ecmult") || have_flag(argc, argv, "wnaf")) run_benchmark("wnaf_const", bench_wnaf_const, bench_setup, NULL, &data, 10, iters);
418  if (have_flag(argc, argv, "ecmult") || have_flag(argc, argv, "wnaf")) run_benchmark("ecmult_wnaf", bench_ecmult_wnaf, bench_setup, NULL, &data, 10, iters);
419 
420  if (have_flag(argc, argv, "hash") || have_flag(argc, argv, "sha256")) run_benchmark("hash_sha256", bench_sha256, bench_setup, NULL, &data, 10, iters);
421  if (have_flag(argc, argv, "hash") || have_flag(argc, argv, "hmac")) run_benchmark("hash_hmac_sha256", bench_hmac_sha256, bench_setup, NULL, &data, 10, iters);
422  if (have_flag(argc, argv, "hash") || have_flag(argc, argv, "rng6979")) run_benchmark("hash_rfc6979_hmac_sha256", bench_rfc6979_hmac_sha256, bench_setup, NULL, &data, 10, iters);
423 
424  if (have_flag(argc, argv, "context") || have_flag(argc, argv, "verify")) run_benchmark("context_verify", bench_context_verify, bench_setup, NULL, &data, 10, 1 + iters/1000);
425  if (have_flag(argc, argv, "context") || have_flag(argc, argv, "sign")) run_benchmark("context_sign", bench_context_sign, bench_setup, NULL, &data, 10, 1 + iters/100);
426 
427 #ifndef USE_NUM_NONE
428  if (have_flag(argc, argv, "num") || have_flag(argc, argv, "jacobi")) run_benchmark("num_jacobi", bench_num_jacobi, bench_setup, NULL, &data, 10, iters*10);
429 #endif
430  return 0;
431 }
secp256k1_scalar_get_num
static void secp256k1_scalar_get_num(secp256k1_num *r, const secp256k1_scalar *a)
Convert a scalar to a number.
bench_inv::ge
secp256k1_ge ge[2]
Definition: bench_internal.c:29
secp256k1_scalar_order_get_num
static void secp256k1_scalar_order_get_num(secp256k1_num *r)
Get the order of the group as a number.
secp256k1_scalar_negate
static void secp256k1_scalar_negate(secp256k1_scalar *r, const secp256k1_scalar *a)
Compute the complement of a scalar (modulo the group order).
secp256k1_fe_inv
static void secp256k1_fe_inv(secp256k1_fe *r, const secp256k1_fe *a)
Sets a field element to be the (modular) inverse of another.
bench_inv::wnaf
int wnaf[256]
Definition: bench_internal.c:32
SECP256K1_CONTEXT_VERIFY
#define SECP256K1_CONTEXT_VERIFY
Flags to pass to secp256k1_context_create, secp256k1_context_preallocated_size, and secp256k1_context...
Definition: secp256k1.h:170
bench_inv::fe
secp256k1_fe fe[4]
Definition: bench_internal.c:28
secp256k1_scalar_sqr
static void secp256k1_scalar_sqr(secp256k1_scalar *r, const secp256k1_scalar *a)
Compute the square of a scalar (modulo the group order).
secp256k1_num_jacobi
static int secp256k1_num_jacobi(const secp256k1_num *a, const secp256k1_num *b)
Compute the jacobi symbol (a|b).
bench_field_sqrt
void bench_field_sqrt(void *arg, int iters)
Definition: bench_internal.c:209
secp256k1_ge::y
secp256k1_fe y
Definition: group.h:20
field_impl.h
SECP256K1_CONTEXT_SIGN
#define SECP256K1_CONTEXT_SIGN
Definition: secp256k1.h:171
bench_scalar_mul
void bench_scalar_mul(void *arg, int iters)
Definition: bench_internal.c:111
bench_inv::gej
secp256k1_gej gej[2]
Definition: bench_internal.c:30
bench_group_jacobi_var
void bench_group_jacobi_var(void *arg, int iters)
Definition: bench_internal.c:258
secp256k1_num_add
static void secp256k1_num_add(secp256k1_num *r, const secp256k1_num *a, const secp256k1_num *b)
Add two (signed) numbers.
secp256k1_scalar_split_lambda
static void secp256k1_scalar_split_lambda(secp256k1_scalar *r1, secp256k1_scalar *r2, const secp256k1_scalar *k)
Find r1 and r2 such that r1+r2*lambda = k, where r1 and r2 or their negations are maximum 128 bits lo...
bench_scalar_negate
void bench_scalar_negate(void *arg, int iters)
Definition: bench_internal.c:93
secp256k1_fe_normalize_var
static void secp256k1_fe_normalize_var(secp256k1_fe *r)
Normalize a field element, without constant-time guarantee.
secp256k1_ge_set_gej_var
static void secp256k1_ge_set_gej_var(secp256k1_ge *r, secp256k1_gej *a)
Definition: group_impl.h:102
secp256k1_fe_set_b32
static int secp256k1_fe_set_b32(secp256k1_fe *r, const unsigned char *a)
Set a field element equal to 32-byte big endian value.
secp256k1_fe_normalize
static void secp256k1_fe_normalize(secp256k1_fe *r)
Field element module.
secp256k1_rfc6979_hmac_sha256_initialize
static void secp256k1_rfc6979_hmac_sha256_initialize(secp256k1_rfc6979_hmac_sha256 *rng, const unsigned char *key, size_t keylen)
secp256k1_gej::x
secp256k1_fe x
Definition: group.h:25
secp256k1_hmac_sha256_finalize
static void secp256k1_hmac_sha256_finalize(secp256k1_hmac_sha256 *hash, unsigned char *out32)
group_impl.h
bench_scalar_inverse_var
void bench_scalar_inverse_var(void *arg, int iters)
Definition: bench_internal.c:142
secp256k1_wnaf_const
static int secp256k1_wnaf_const(int *wnaf, const secp256k1_scalar *scalar, int w, int size)
Convert a number to WNAF notation.
Definition: ecmult_const_impl.h:55
secp256k1_rfc6979_hmac_sha256_generate
static void secp256k1_rfc6979_hmac_sha256_generate(secp256k1_rfc6979_hmac_sha256 *rng, unsigned char *out, size_t outlen)
ecmult_impl.h
bench_group_add_var
void bench_group_add_var(void *arg, int iters)
Definition: bench_internal.c:231
bench_field_inverse
void bench_field_inverse(void *arg, int iters)
Definition: bench_internal.c:189
util.h
bench.h
secp256k1_sha256
Definition: hash.h:13
ecmult_const_impl.h
secp256k1_gej::z
secp256k1_fe z
Definition: group.h:27
bench_setup
void bench_setup(void *arg)
Definition: bench_internal.c:31
secp256k1_context_destroy
SECP256K1_API void secp256k1_context_destroy(secp256k1_context *ctx)
Destroy a secp256k1 context object (created in dynamically allocated memory).
Definition: secp256k1.c:195
secp256k1_gej_rescale
static void secp256k1_gej_rescale(secp256k1_gej *r, const secp256k1_fe *b)
Rescale a jacobian point by b which must be non-zero.
secp256k1_context_create
SECP256K1_API secp256k1_context * secp256k1_context_create(unsigned int flags) SECP256K1_WARN_UNUSED_RESULT
Create a secp256k1 context object (in dynamically allocated memory).
Definition: secp256k1.c:151
secp256k1_gej_add_ge
static void secp256k1_gej_add_ge(secp256k1_gej *r, const secp256k1_gej *a, const secp256k1_ge *b)
Set r equal to the sum of a and b (with b given in affine coordinates, and not infinity).
secp256k1_scalar_add
static int secp256k1_scalar_add(secp256k1_scalar *r, const secp256k1_scalar *a, const secp256k1_scalar *b)
Add two scalars together (modulo the group order).
secp256k1_scalar
A scalar modulo the group order of the secp256k1 curve.
Definition: scalar_4x64.h:13
bench_inv::scalar
secp256k1_scalar scalar[2]
Definition: bench_internal.c:27
WINDOW_A
#define WINDOW_A
Definition: ecmult_impl.h:34
secp256k1.h
secp256k1_gej
A group element of the secp256k1 curve, in jacobian coordinates.
Definition: group.h:24
secp256k1_fe_sqrt
static int secp256k1_fe_sqrt(secp256k1_fe *r, const secp256k1_fe *a)
If a has a square root, it is computed in r and 1 is returned.
assumptions.h
bench_inv::data
unsigned char data[64]
Definition: bench_internal.c:31
secp256k1_fe_mul
static void secp256k1_fe_mul(secp256k1_fe *r, const secp256k1_fe *a, const secp256k1_fe *SECP256K1_RESTRICT b)
Sets a field element to be the product of two others.
run_benchmark
void run_benchmark(char *name, void(*benchmark)(void *, int), void(*setup)(void *), void(*teardown)(void *, int), void *data, int count, int iter)
Definition: bench.h:76
secp256k1_hmac_sha256_initialize
static void secp256k1_hmac_sha256_initialize(secp256k1_hmac_sha256 *hash, const unsigned char *key, size_t size)
secp256k1_sha256_write
static void secp256k1_sha256_write(secp256k1_sha256 *hash, const unsigned char *data, size_t size)
secp256k1.c
secp256k1_fe
Definition: field_10x26.h:12
bench_num_jacobi
void bench_num_jacobi(void *arg, int iters)
Definition: bench_internal.c:373
secp256k1_sha256_finalize
static void secp256k1_sha256_finalize(secp256k1_sha256 *hash, unsigned char *out32)
bench_wnaf_const
void bench_wnaf_const(void *arg, int iters)
Definition: bench_internal.c:308
bench_scalar_inverse
void bench_scalar_inverse(void *arg, int iters)
Definition: bench_internal.c:131
bench_sha256
void bench_sha256(void *arg, int iters)
Definition: bench_internal.c:321
secp256k1_gej::y
secp256k1_fe y
Definition: group.h:26
bench_field_inverse_var
void bench_field_inverse_var(void *arg, int iters)
Definition: bench_internal.c:199
hash_impl.h
bench_group_double_var
void bench_group_double_var(void *arg, int iters)
Definition: bench_internal.c:222
secp256k1_scalar_inverse_var
static void secp256k1_scalar_inverse_var(secp256k1_scalar *r, const secp256k1_scalar *a)
Compute the inverse of a scalar (modulo the group order), without constant-time guarantee.
secp256k1_sha256_initialize
static void secp256k1_sha256_initialize(secp256k1_sha256 *hash)
secp256k1_scalar_inverse
static void secp256k1_scalar_inverse(secp256k1_scalar *r, const secp256k1_scalar *a)
Compute the inverse of a scalar (modulo the group order).
secp256k1_ecmult_wnaf
static int secp256k1_ecmult_wnaf(int *wnaf, int len, const secp256k1_scalar *a, int w)
Convert a number to WNAF notation.
Definition: ecmult_impl.h:377
secp256k1_fe_add
static void secp256k1_fe_add(secp256k1_fe *r, const secp256k1_fe *a)
Adds a field element to another.
secp256k1_num
Definition: num_gmp.h:14
get_iters
int get_iters(int default_iters)
Definition: bench.h:124
bench_field_normalize_weak
void bench_field_normalize_weak(void *arg, int iters)
Definition: bench_internal.c:162
secp256k1_gej_add_var
static void secp256k1_gej_add_var(secp256k1_gej *r, const secp256k1_gej *a, const secp256k1_gej *b, secp256k1_fe *rzr)
Set r equal to the sum of a and b.
bench_hmac_sha256
void bench_hmac_sha256(void *arg, int iters)
Definition: bench_internal.c:333
bench_group_add_affine_var
void bench_group_add_affine_var(void *arg, int iters)
Definition: bench_internal.c:249
secp256k1_fe_sqr
static void secp256k1_fe_sqr(secp256k1_fe *r, const secp256k1_fe *a)
Sets a field element to be the square of another.
bench_group_to_affine_var
void bench_group_to_affine_var(void *arg, int iters)
Definition: bench_internal.c:278
secp256k1_hmac_sha256
Definition: hash.h:23
bench_scalar_split
void bench_scalar_split(void *arg, int iters)
Definition: bench_internal.c:120
bench_inv
Definition: bench_internal.c:22
bench_context_sign
void bench_context_sign(void *arg, int iters)
Definition: bench_internal.c:364
secp256k1_gej_has_quad_y_var
static int secp256k1_gej_has_quad_y_var(const secp256k1_gej *a)
Check whether a group element's y coordinate is a quadratic residue.
secp256k1_gej_add_ge_var
static void secp256k1_gej_add_ge_var(secp256k1_gej *r, const secp256k1_gej *a, const secp256k1_ge *b, secp256k1_fe *rzr)
Set r equal to the sum of a and b (with b given in affine coordinates).
scalar_impl.h
bench_ecmult_wnaf
void bench_ecmult_wnaf(void *arg, int iters)
Definition: bench_internal.c:296
secp256k1_rfc6979_hmac_sha256
Definition: hash.h:31
secp256k1_gej_double_var
static void secp256k1_gej_double_var(secp256k1_gej *r, const secp256k1_gej *a, secp256k1_fe *rzr)
Set r equal to the double of a.
secp256k1_ge_set_xo_var
static int secp256k1_ge_set_xo_var(secp256k1_ge *r, const secp256k1_fe *x, int odd)
Set a group element (affine) equal to the point with the given X coordinate, and given oddness for Y.
bench_field_mul
void bench_field_mul(void *arg, int iters)
Definition: bench_internal.c:171
bench_rfc6979_hmac_sha256
void bench_rfc6979_hmac_sha256(void *arg, int iters)
Definition: bench_internal.c:345
secp256k1_scalar_mul
static void secp256k1_scalar_mul(secp256k1_scalar *r, const secp256k1_scalar *a, const secp256k1_scalar *b)
Multiply two scalars (modulo the group order).
bench_field_normalize
void bench_field_normalize(void *arg, int iters)
Definition: bench_internal.c:153
bench_scalar_add
void bench_scalar_add(void *arg, int iters)
Definition: bench_internal.c:83
secp256k1_fe_normalize_weak
static void secp256k1_fe_normalize_weak(secp256k1_fe *r)
Weakly normalize a field element: reduce its magnitude to 1, but don't fully normalize.
secp256k1_ge::x
secp256k1_fe x
Definition: group.h:19
bench_group_add_affine
void bench_group_add_affine(void *arg, int iters)
Definition: bench_internal.c:240
CHECK
#define CHECK(cond)
Definition: util.h:53
secp256k1_scalar_set_b32
static void secp256k1_scalar_set_b32(secp256k1_scalar *r, const unsigned char *bin, int *overflow)
Set a scalar from a big endian byte array.
bench_field_sqr
void bench_field_sqr(void *arg, int iters)
Definition: bench_internal.c:180
bench_context_verify
void bench_context_verify(void *arg, int iters)
Definition: bench_internal.c:356
num_impl.h
secp256k1_ge
A group element of the secp256k1 curve, in affine coordinates.
Definition: group.h:14
have_flag
int have_flag(int argc, char **argv, char *flag)
Definition: bench.h:109
secp256k1_fe_inv_var
static void secp256k1_fe_inv_var(secp256k1_fe *r, const secp256k1_fe *a)
Potentially faster version of secp256k1_fe_inv, without constant-time guarantee.
bench_scalar_sqr
void bench_scalar_sqr(void *arg, int iters)
Definition: bench_internal.c:102
main
int main(int argc, char **argv)
Definition: bench_internal.c:390
secp256k1_gej_set_ge
static void secp256k1_gej_set_ge(secp256k1_gej *r, const secp256k1_ge *a)
Set a group element (jacobian) equal to another which is given in affine coordinates.
secp256k1_hmac_sha256_write
static void secp256k1_hmac_sha256_write(secp256k1_hmac_sha256 *hash, const unsigned char *data, size_t size)
Generated on Wed Apr 21 2021 20:03:51 for Bitcoin Core by   doxygen 1.8.17