aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSarang Noether <32460187+SarangNoether@users.noreply.github.com>2020-04-14 20:31:30 -0400
committerSarang Noether <32460187+SarangNoether@users.noreply.github.com>2020-04-14 20:31:30 -0400
commit4ed60b626a368132fccad4449f1c4d50e312b60c (patch)
tree6d173b69be8cb344ed84852cb86a573f9ec32fec
parentMerge pull request #6405 (diff)
downloadmonero-4ed60b626a368132fccad4449f1c4d50e312b60c.tar.xz
Bulletproofs: verification speedup
-rw-r--r--src/ringct/bulletproofs.cc20
-rw-r--r--src/ringct/rctOps.cpp12
-rw-r--r--src/ringct/rctOps.h1
-rw-r--r--tests/performance_tests/crypto_ops.h2
-rw-r--r--tests/performance_tests/main.cpp1
-rw-r--r--tests/unit_tests/ringct.cpp8
6 files changed, 36 insertions, 8 deletions
diff --git a/src/ringct/bulletproofs.cc b/src/ringct/bulletproofs.cc
index 2ff88c6e7..6b88fd730 100644
--- a/src/ringct/bulletproofs.cc
+++ b/src/ringct/bulletproofs.cc
@@ -905,7 +905,7 @@ bool bulletproof_VERIFY(const std::vector<const Bulletproof*> &proofs)
rct::key m_y0 = rct::zero(), y1 = rct::zero();
int proof_data_index = 0;
rct::keyV w_cache;
- rct::keyV proof8_V, proof8_L, proof8_R;
+ std::vector<ge_p3> proof8_V, proof8_L, proof8_R;
for (const Bulletproof *p: proofs)
{
const Bulletproof &proof = *p;
@@ -918,13 +918,17 @@ bool bulletproof_VERIFY(const std::vector<const Bulletproof*> &proofs)
const rct::key weight_z = rct::skGen();
// pre-multiply some points by 8
- proof8_V.resize(proof.V.size()); for (size_t i = 0; i < proof.V.size(); ++i) proof8_V[i] = rct::scalarmult8(proof.V[i]);
- proof8_L.resize(proof.L.size()); for (size_t i = 0; i < proof.L.size(); ++i) proof8_L[i] = rct::scalarmult8(proof.L[i]);
- proof8_R.resize(proof.R.size()); for (size_t i = 0; i < proof.R.size(); ++i) proof8_R[i] = rct::scalarmult8(proof.R[i]);
- rct::key proof8_T1 = rct::scalarmult8(proof.T1);
- rct::key proof8_T2 = rct::scalarmult8(proof.T2);
- rct::key proof8_S = rct::scalarmult8(proof.S);
- rct::key proof8_A = rct::scalarmult8(proof.A);
+ proof8_V.resize(proof.V.size()); for (size_t i = 0; i < proof.V.size(); ++i) rct::scalarmult8(proof8_V[i], proof.V[i]);
+ proof8_L.resize(proof.L.size()); for (size_t i = 0; i < proof.L.size(); ++i) rct::scalarmult8(proof8_L[i], proof.L[i]);
+ proof8_R.resize(proof.R.size()); for (size_t i = 0; i < proof.R.size(); ++i) rct::scalarmult8(proof8_R[i], proof.R[i]);
+ ge_p3 proof8_T1;
+ ge_p3 proof8_T2;
+ ge_p3 proof8_S;
+ ge_p3 proof8_A;
+ rct::scalarmult8(proof8_T1, proof.T1);
+ rct::scalarmult8(proof8_T2, proof.T2);
+ rct::scalarmult8(proof8_S, proof.S);
+ rct::scalarmult8(proof8_A, proof.A);
PERF_TIMER_START_BP(VERIFY_line_61);
sc_mulsub(m_y0.bytes, proof.taux.bytes, weight_y.bytes, m_y0.bytes);
diff --git a/src/ringct/rctOps.cpp b/src/ringct/rctOps.cpp
index 6e4d063df..b2dd32ada 100644
--- a/src/ringct/rctOps.cpp
+++ b/src/ringct/rctOps.cpp
@@ -408,6 +408,18 @@ namespace rct {
return res;
}
+ //Computes 8P without byte conversion
+ void scalarmult8(ge_p3 &res, const key &P)
+ {
+ ge_p3 p3;
+ CHECK_AND_ASSERT_THROW_MES_L1(ge_frombytes_vartime(&p3, P.bytes) == 0, "ge_frombytes_vartime failed at "+boost::lexical_cast<std::string>(__LINE__));
+ ge_p2 p2;
+ ge_p3_to_p2(&p2, &p3);
+ ge_p1p1 p1;
+ ge_mul8(&p1, &p2);
+ ge_p1p1_to_p3(&res, &p1);
+ }
+
//Computes lA where l is the curve order
bool isInMainSubgroup(const key & A) {
ge_p3 p3;
diff --git a/src/ringct/rctOps.h b/src/ringct/rctOps.h
index c24d48e9a..74e0ad833 100644
--- a/src/ringct/rctOps.h
+++ b/src/ringct/rctOps.h
@@ -124,6 +124,7 @@ namespace rct {
key scalarmultH(const key & a);
// multiplies a point by 8
key scalarmult8(const key & P);
+ void scalarmult8(ge_p3 &res, const key & P);
// checks a is in the main subgroup (ie, not a small one)
bool isInMainSubgroup(const key & a);
diff --git a/tests/performance_tests/crypto_ops.h b/tests/performance_tests/crypto_ops.h
index 5b215cef4..2859873ef 100644
--- a/tests/performance_tests/crypto_ops.h
+++ b/tests/performance_tests/crypto_ops.h
@@ -48,6 +48,7 @@ enum test_op
op_scalarmultKey,
op_scalarmultH,
op_scalarmult8,
+ op_scalarmult8_p3,
op_ge_dsm_precomp,
op_ge_double_scalarmult_base_vartime,
op_ge_double_scalarmult_precomp_vartime,
@@ -105,6 +106,7 @@ public:
case op_scalarmultKey: rct::scalarmultKey(point0, scalar0); break;
case op_scalarmultH: rct::scalarmultH(scalar0); break;
case op_scalarmult8: rct::scalarmult8(point0); break;
+ case op_scalarmult8_p3: rct::scalarmult8(p3_0,point0); break;
case op_ge_dsm_precomp: ge_dsm_precomp(dsmp, &p3_0); break;
case op_ge_double_scalarmult_base_vartime: ge_double_scalarmult_base_vartime(&tmp_p2, scalar0.bytes, &p3_0, scalar1.bytes); break;
case op_ge_double_scalarmult_precomp_vartime: ge_double_scalarmult_precomp_vartime(&tmp_p2, scalar0.bytes, &p3_0, scalar1.bytes, precomp0); break;
diff --git a/tests/performance_tests/main.cpp b/tests/performance_tests/main.cpp
index bd7414c59..d3ba57270 100644
--- a/tests/performance_tests/main.cpp
+++ b/tests/performance_tests/main.cpp
@@ -254,6 +254,7 @@ int main(int argc, char** argv)
TEST_PERFORMANCE1(filter, p, test_crypto_ops, op_scalarmultKey);
TEST_PERFORMANCE1(filter, p, test_crypto_ops, op_scalarmultH);
TEST_PERFORMANCE1(filter, p, test_crypto_ops, op_scalarmult8);
+ TEST_PERFORMANCE1(filter, p, test_crypto_ops, op_scalarmult8_p3);
TEST_PERFORMANCE1(filter, p, test_crypto_ops, op_ge_dsm_precomp);
TEST_PERFORMANCE1(filter, p, test_crypto_ops, op_ge_double_scalarmult_base_vartime);
TEST_PERFORMANCE1(filter, p, test_crypto_ops, op_ge_double_scalarmult_precomp_vartime);
diff --git a/tests/unit_tests/ringct.cpp b/tests/unit_tests/ringct.cpp
index 075aeac40..64fcbba4c 100644
--- a/tests/unit_tests/ringct.cpp
+++ b/tests/unit_tests/ringct.cpp
@@ -1077,8 +1077,16 @@ TEST(ringct, H)
TEST(ringct, mul8)
{
+ ge_p3 p3;
+ rct::key key;
ASSERT_EQ(rct::scalarmult8(rct::identity()), rct::identity());
+ rct::scalarmult8(p3,rct::identity());
+ ge_p3_tobytes(key.bytes, &p3);
+ ASSERT_EQ(key, rct::identity());
ASSERT_EQ(rct::scalarmult8(rct::H), rct::scalarmultKey(rct::H, rct::EIGHT));
+ rct::scalarmult8(p3,rct::H);
+ ge_p3_tobytes(key.bytes, &p3);
+ ASSERT_EQ(key, rct::scalarmultKey(rct::H, rct::EIGHT));
ASSERT_EQ(rct::scalarmultKey(rct::scalarmultKey(rct::H, rct::INV_EIGHT), rct::EIGHT), rct::H);
}