highperfocused/bitcoin
1
0
Fork 0
mirror of https://github.com/bitcoin/bitcoin.git synced 2025-12-10 12:43:30 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge bitcoin/bitcoin#21590: Safegcd-based modular inverses in MuHash3072

Browse Source 
f5883286e3 Add a fuzz test for Num3072 multiplication and inversion (Pieter Wuille)
a26ce62894 Safegcd based modular inverse for Num3072 (Pieter Wuille)
91ce8cef2d Add benchmark for MuHash finalization (Pieter Wuille)

Pull request description:

  This implements a safegcd-based modular inverse for MuHash3072. It is a fairly straightforward translation of [the libsecp256k1 implementation](https://github.com/bitcoin-core/secp256k1/pull/831), with the following changes:
  * Generic for 32-bit and 64-bit
  * Specialized for the specific MuHash3072 modulus (2^3072 - 1103717).
  * A bit more C++ish
  * Far fewer sanity checks

  A benchmark is also included for MuHash3072::Finalize. The new implementation is around 100x faster on x86_64 for me (from 5.8 ms to 57 μs); for 32-bit code the factor is likely even larger.

  For more information:
    * [Original paper](https://gcd.cr.yp.to/papers.html) by Daniel J. Bernstein and Bo-Yin Yang
    * [Implementation](https://github.com/bitcoin-core/secp256k1/pull/767) for libsecp256k1 by Peter Dettman; and the [final](https://github.com/bitcoin-core/secp256k1/pull/831) version
    * [Explanation](https://github.com/bitcoin-core/secp256k1/blob/master/doc/safegcd_implementation.md) of the algorithm using Python snippets
    * [Analysis](https://github.com/sipa/safegcd-bounds) of the maximum number of iterations the algorithm needs
     * [Formal proof in Coq](https://medium.com/blockstream/a-formal-proof-of-safegcd-bounds-695e1735a348) by Russell O'Connor (for the 256-bit version of the algorithm; here we use a 3072-bit one).

ACKs for top commit:
  achow101:
    ACK f5883286e3
  TheCharlatan:
    Re-ACK f5883286e3
  dergoegge:
    tACK f5883286e3

Tree-SHA512: 275872c61d30817a82901dee93fc7153afca55c32b72a95b8768f3fd464da1b09b36f952f30e70225e766b580751cfb9b874b2feaeb73ffaa6943c8062aee19a
This commit is contained in:
Ava Chow
2025-01-27 16:50:16 -05:00
parent 0a931a9787 f5883286e3
commit b0869648aa
6 changed files with 514 additions and 93 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
src/bench/crypto_hash.cpp
View File

@@ -249,6 +249,19 @@ static void MuHashPrecompute(benchmark::Bench& bench)
});
}
static void MuHashFinalize(benchmark::Bench& bench)
{
FastRandomContext rng(true);
MuHash3072 acc{rng.randbytes(32)};
acc /= MuHash3072{rng.rand256()};
bench.run([&] {
uint256 out;
acc.Finalize(out);
acc /= MuHash3072{out};
});
}
BENCHMARK(BenchRIPEMD160, benchmark::PriorityLevel::HIGH);
BENCHMARK(SHA1, benchmark::PriorityLevel::HIGH);
BENCHMARK(SHA256_STANDARD, benchmark::PriorityLevel::HIGH);
@@ -272,3 +285,4 @@ BENCHMARK(MuHash, benchmark::PriorityLevel::HIGH);
BENCHMARK(MuHashMul, benchmark::PriorityLevel::HIGH);
BENCHMARK(MuHashDiv, benchmark::PriorityLevel::HIGH);
BENCHMARK(MuHashPrecompute, benchmark::PriorityLevel::HIGH);
BENCHMARK(MuHashFinalize, benchmark::PriorityLevel::HIGH);