bip324__ecdh_8cpp_source.html

// Copyright (c) 2022 The Bitcoin Core developers

// Distributed under the MIT software license, see the accompanying

// file COPYING or http://www.opensource.org/licenses/mit-license.php.


#include <bench/bench.h>

#include <key.h>

#include <pubkey.h>

#include <random.h>

#include <span.h>


#include <algorithm>

#include <array>

#include <cstddef>


static void BIP324_ECDH(benchmark::Bench& bench)

{

    ECC_Context ecc_context{};

    FastRandomContext rng;


    std::array<std::byte, 32> key_data;

    std::array<std::byte, EllSwiftPubKey::size()> our_ellswift_data;

    std::array<std::byte, EllSwiftPubKey::size()> their_ellswift_data;


    rng.fillrand(key_data);

    rng.fillrand(our_ellswift_data);

    rng.fillrand(their_ellswift_data);


    bench.batch(1).unit("ecdh").run([&] {

        CKey key;

        key.Set(key_data.data(), key_data.data() + 32, true);

        EllSwiftPubKey our_ellswift(our_ellswift_data);

        EllSwiftPubKey their_ellswift(their_ellswift_data);


        auto ret = key.ComputeBIP324ECDHSecret(their_ellswift, our_ellswift, true);


        // To make sure that the computation is not the same on every iteration (ellswift decoding

        // is variable-time), distribute bytes from the shared secret over the 3 inputs. The most

        // important one is their_ellswift, because that one is actually decoded, so it's given most

        // bytes. The data is copied into the middle, so that both halves are affected:

        // - Copy 8 bytes from the resulting shared secret into middle of the private key.

        std::copy(ret.begin(), ret.begin() + 8, key_data.begin() + 12);

        // - Copy 8 bytes from the resulting shared secret into the middle of our ellswift key.

        std::copy(ret.begin() + 8, ret.begin() + 16, our_ellswift_data.begin() + 28);

        // - Copy 16 bytes from the resulting shared secret into the middle of their ellswift key.

        std::copy(ret.begin() + 16, ret.end(), their_ellswift_data.begin() + 24);

    });

}


BENCHMARK(BIP324_ECDH, benchmark::PriorityLevel::HIGH);

bench.h

BENCHMARK
BENCHMARK(BIP324_ECDH, benchmark::PriorityLevel::HIGH)

BIP324_ECDH
static void BIP324_ECDH(benchmark::Bench &bench)
Definition: bip324_ecdh.cpp:15

ret
int ret
Definition: bitcoin-cli.cpp:1339

ecc_context
ECC_Context ecc_context
Definition: bitcoin-wallet.cpp:132

CKey
An encapsulated private key.
Definition: key.h:35

CKey::ComputeBIP324ECDHSecret
ECDHSecret ComputeBIP324ECDHSecret(const EllSwiftPubKey &their_ellswift, const EllSwiftPubKey &our_ellswift, bool initiating) const
Compute a BIP324-style ECDH shared secret.
Definition: key.cpp:327

CKey::Set
void Set(const T pbegin, const T pend, bool fCompressedIn)
Initialize using begin and end iterators to byte data.
Definition: key.h:103

ECC_Context
RAII class initializing and deinitializing global state for elliptic curve support.
Definition: key.h:322

FastRandomContext
Fast randomness source.
Definition: random.h:377

FastRandomContext::fillrand
void fillrand(std::span< std::byte > output) noexcept
Fill a byte span with random bytes.
Definition: random.cpp:628

ankerl::nanobench::Bench
Main entry point to nanobench's benchmarking facility.
Definition: nanobench.h:627

ankerl::nanobench::Bench::run
Bench & run(char const *benchmarkName, Op &&op)
Repeatedly calls op() based on the configuration, and performs measurements.
Definition: nanobench.h:1234

ankerl::nanobench::Bench::batch
Bench & batch(T b) noexcept
Sets the batch size.
Definition: nanobench.h:1258

ankerl::nanobench::Bench::unit
Bench & unit(char const *unit)
Sets the operation unit.

key.h

benchmark::HIGH
@ HIGH
Definition: bench.h:48

pubkey.h

span.h

EllSwiftPubKey
An ElligatorSwift-encoded public key.
Definition: pubkey.h:310

EllSwiftPubKey::size
static constexpr size_t size()
Definition: pubkey.h:327