diff options
author | Sarang Noether <32460187+SarangNoether@users.noreply.github.com> | 2020-04-14 20:31:30 -0400 |
---|---|---|
committer | Sarang Noether <32460187+SarangNoether@users.noreply.github.com> | 2020-04-14 20:31:30 -0400 |
commit | 4ed60b626a368132fccad4449f1c4d50e312b60c (patch) | |
tree | 6d173b69be8cb344ed84852cb86a573f9ec32fec | |
parent | Merge pull request #6405 (diff) | |
download | monero-4ed60b626a368132fccad4449f1c4d50e312b60c.tar.xz |
Bulletproofs: verification speedup
-rw-r--r-- | src/ringct/bulletproofs.cc | 20 | ||||
-rw-r--r-- | src/ringct/rctOps.cpp | 12 | ||||
-rw-r--r-- | src/ringct/rctOps.h | 1 | ||||
-rw-r--r-- | tests/performance_tests/crypto_ops.h | 2 | ||||
-rw-r--r-- | tests/performance_tests/main.cpp | 1 | ||||
-rw-r--r-- | tests/unit_tests/ringct.cpp | 8 |
6 files changed, 36 insertions, 8 deletions
diff --git a/src/ringct/bulletproofs.cc b/src/ringct/bulletproofs.cc index 2ff88c6e7..6b88fd730 100644 --- a/src/ringct/bulletproofs.cc +++ b/src/ringct/bulletproofs.cc @@ -905,7 +905,7 @@ bool bulletproof_VERIFY(const std::vector<const Bulletproof*> &proofs) rct::key m_y0 = rct::zero(), y1 = rct::zero(); int proof_data_index = 0; rct::keyV w_cache; - rct::keyV proof8_V, proof8_L, proof8_R; + std::vector<ge_p3> proof8_V, proof8_L, proof8_R; for (const Bulletproof *p: proofs) { const Bulletproof &proof = *p; @@ -918,13 +918,17 @@ bool bulletproof_VERIFY(const std::vector<const Bulletproof*> &proofs) const rct::key weight_z = rct::skGen(); // pre-multiply some points by 8 - proof8_V.resize(proof.V.size()); for (size_t i = 0; i < proof.V.size(); ++i) proof8_V[i] = rct::scalarmult8(proof.V[i]); - proof8_L.resize(proof.L.size()); for (size_t i = 0; i < proof.L.size(); ++i) proof8_L[i] = rct::scalarmult8(proof.L[i]); - proof8_R.resize(proof.R.size()); for (size_t i = 0; i < proof.R.size(); ++i) proof8_R[i] = rct::scalarmult8(proof.R[i]); - rct::key proof8_T1 = rct::scalarmult8(proof.T1); - rct::key proof8_T2 = rct::scalarmult8(proof.T2); - rct::key proof8_S = rct::scalarmult8(proof.S); - rct::key proof8_A = rct::scalarmult8(proof.A); + proof8_V.resize(proof.V.size()); for (size_t i = 0; i < proof.V.size(); ++i) rct::scalarmult8(proof8_V[i], proof.V[i]); + proof8_L.resize(proof.L.size()); for (size_t i = 0; i < proof.L.size(); ++i) rct::scalarmult8(proof8_L[i], proof.L[i]); + proof8_R.resize(proof.R.size()); for (size_t i = 0; i < proof.R.size(); ++i) rct::scalarmult8(proof8_R[i], proof.R[i]); + ge_p3 proof8_T1; + ge_p3 proof8_T2; + ge_p3 proof8_S; + ge_p3 proof8_A; + rct::scalarmult8(proof8_T1, proof.T1); + rct::scalarmult8(proof8_T2, proof.T2); + rct::scalarmult8(proof8_S, proof.S); + rct::scalarmult8(proof8_A, proof.A); PERF_TIMER_START_BP(VERIFY_line_61); sc_mulsub(m_y0.bytes, proof.taux.bytes, weight_y.bytes, m_y0.bytes); diff --git a/src/ringct/rctOps.cpp b/src/ringct/rctOps.cpp index 6e4d063df..b2dd32ada 100644 --- a/src/ringct/rctOps.cpp +++ b/src/ringct/rctOps.cpp @@ -408,6 +408,18 @@ namespace rct { return res; } + //Computes 8P without byte conversion + void scalarmult8(ge_p3 &res, const key &P) + { + ge_p3 p3; + CHECK_AND_ASSERT_THROW_MES_L1(ge_frombytes_vartime(&p3, P.bytes) == 0, "ge_frombytes_vartime failed at "+boost::lexical_cast<std::string>(__LINE__)); + ge_p2 p2; + ge_p3_to_p2(&p2, &p3); + ge_p1p1 p1; + ge_mul8(&p1, &p2); + ge_p1p1_to_p3(&res, &p1); + } + //Computes lA where l is the curve order bool isInMainSubgroup(const key & A) { ge_p3 p3; diff --git a/src/ringct/rctOps.h b/src/ringct/rctOps.h index c24d48e9a..74e0ad833 100644 --- a/src/ringct/rctOps.h +++ b/src/ringct/rctOps.h @@ -124,6 +124,7 @@ namespace rct { key scalarmultH(const key & a); // multiplies a point by 8 key scalarmult8(const key & P); + void scalarmult8(ge_p3 &res, const key & P); // checks a is in the main subgroup (ie, not a small one) bool isInMainSubgroup(const key & a); diff --git a/tests/performance_tests/crypto_ops.h b/tests/performance_tests/crypto_ops.h index 5b215cef4..2859873ef 100644 --- a/tests/performance_tests/crypto_ops.h +++ b/tests/performance_tests/crypto_ops.h @@ -48,6 +48,7 @@ enum test_op op_scalarmultKey, op_scalarmultH, op_scalarmult8, + op_scalarmult8_p3, op_ge_dsm_precomp, op_ge_double_scalarmult_base_vartime, op_ge_double_scalarmult_precomp_vartime, @@ -105,6 +106,7 @@ public: case op_scalarmultKey: rct::scalarmultKey(point0, scalar0); break; case op_scalarmultH: rct::scalarmultH(scalar0); break; case op_scalarmult8: rct::scalarmult8(point0); break; + case op_scalarmult8_p3: rct::scalarmult8(p3_0,point0); break; case op_ge_dsm_precomp: ge_dsm_precomp(dsmp, &p3_0); break; case op_ge_double_scalarmult_base_vartime: ge_double_scalarmult_base_vartime(&tmp_p2, scalar0.bytes, &p3_0, scalar1.bytes); break; case op_ge_double_scalarmult_precomp_vartime: ge_double_scalarmult_precomp_vartime(&tmp_p2, scalar0.bytes, &p3_0, scalar1.bytes, precomp0); break; diff --git a/tests/performance_tests/main.cpp b/tests/performance_tests/main.cpp index bd7414c59..d3ba57270 100644 --- a/tests/performance_tests/main.cpp +++ b/tests/performance_tests/main.cpp @@ -254,6 +254,7 @@ int main(int argc, char** argv) TEST_PERFORMANCE1(filter, p, test_crypto_ops, op_scalarmultKey); TEST_PERFORMANCE1(filter, p, test_crypto_ops, op_scalarmultH); TEST_PERFORMANCE1(filter, p, test_crypto_ops, op_scalarmult8); + TEST_PERFORMANCE1(filter, p, test_crypto_ops, op_scalarmult8_p3); TEST_PERFORMANCE1(filter, p, test_crypto_ops, op_ge_dsm_precomp); TEST_PERFORMANCE1(filter, p, test_crypto_ops, op_ge_double_scalarmult_base_vartime); TEST_PERFORMANCE1(filter, p, test_crypto_ops, op_ge_double_scalarmult_precomp_vartime); diff --git a/tests/unit_tests/ringct.cpp b/tests/unit_tests/ringct.cpp index 075aeac40..64fcbba4c 100644 --- a/tests/unit_tests/ringct.cpp +++ b/tests/unit_tests/ringct.cpp @@ -1077,8 +1077,16 @@ TEST(ringct, H) TEST(ringct, mul8) { + ge_p3 p3; + rct::key key; ASSERT_EQ(rct::scalarmult8(rct::identity()), rct::identity()); + rct::scalarmult8(p3,rct::identity()); + ge_p3_tobytes(key.bytes, &p3); + ASSERT_EQ(key, rct::identity()); ASSERT_EQ(rct::scalarmult8(rct::H), rct::scalarmultKey(rct::H, rct::EIGHT)); + rct::scalarmult8(p3,rct::H); + ge_p3_tobytes(key.bytes, &p3); + ASSERT_EQ(key, rct::scalarmultKey(rct::H, rct::EIGHT)); ASSERT_EQ(rct::scalarmultKey(rct::scalarmultKey(rct::H, rct::INV_EIGHT), rct::EIGHT), rct::H); } |