Add vector backend for computing δ(aA + bB - C) in variable time

dalek-cryptography · Mar 30, 2024 · c96c810 · c96c810
1 parent 8768bc9
commit c96c810
Show file tree

Hide file tree

Showing 8 changed files with 3,452 additions and 1 deletion.
diff --git a/.gitattributes b/.gitattributes
@@ -1,2 +1,3 @@
 curve25519-dalek/src/backend/serial/u32/constants/affine_odd_multiples_of_b_shl_128.rs linguist-generated=true
 curve25519-dalek/src/backend/serial/u64/constants/affine_odd_multiples_of_b_shl_128.rs linguist-generated=true
+curve25519-dalek/src/backend/vector/avx2/constants/b_shl_128_odd_lookup_table.rs linguist-generated=true
diff --git a/curve25519-dalek/src/backend/mod.rs b/curve25519-dalek/src/backend/mod.rs
@@ -265,5 +265,13 @@ pub fn scalar_mul_abglsv_pornin(
     b: &Scalar,
     C: &EdwardsPoint,
 ) -> EdwardsPoint {
-    serial::scalar_mul::abglsv_pornin::mul(a, A, b, C)
+    match get_selected_backend() {
+        #[cfg(curve25519_dalek_backend = "simd")]
+        BackendKind::Avx2 => vector::scalar_mul::abglsv_pornin::spec_avx2::mul(a, A, b, C),
+        #[cfg(all(curve25519_dalek_backend = "simd", nightly))]
+        BackendKind::Avx512 => {
+            vector::scalar_mul::abglsv_pornin::spec_avx512ifma_avx512vl::mul(a, A, b, C)
+        }
+        BackendKind::Serial => serial::scalar_mul::abglsv_pornin::mul(a, A, b, C),
+    }
 }
diff --git a/curve25519-dalek/src/backend/vector/avx2/constants.rs b/curve25519-dalek/src/backend/vector/avx2/constants.rs
@@ -19,6 +19,11 @@ use crate::backend::vector::avx2::field::FieldElement2625x4;
 #[cfg(feature = "precomputed-tables")]
 use crate::window::NafLookupTable8;
 
+#[cfg(feature = "precomputed-tables")]
+mod b_shl_128_odd_lookup_table;
+#[cfg(feature = "precomputed-tables")]
+pub(crate) use b_shl_128_odd_lookup_table::B_SHL_128_ODD_LOOKUP_TABLE;
+
 /// The identity element as an `ExtendedPoint`.
 pub(crate) static EXTENDEDPOINT_IDENTITY: ExtendedPoint = ExtendedPoint(FieldElement2625x4([
     u32x8::new_const(0, 1, 0, 0, 1, 0, 0, 0),
@@ -1189,3 +1194,46 @@ pub(crate) static BASEPOINT_ODD_LOOKUP_TABLE: NafLookupTable8<CachedPoint> = Naf
         ),
     ])),
 ]);
+
+#[cfg(all(test, feature = "precomputed-tables", curve25519_dalek_generate_tables))]
+mod table_generators {
+    use std::fs::File;
+    use std::io::Write;
+
+    use crate::{
+        backend::vector::avx2::edwards::CachedPoint, constants::ED25519_BASEPOINT_SHL_128,
+        window::NafLookupTable8,
+    };
+
+    #[test]
+    fn b_shl_128_odd_lookup_table() {
+        let table = NafLookupTable8::<CachedPoint>::from(&ED25519_BASEPOINT_SHL_128);
+        let mut table_file = File::create(format!(
+            "{}/src/backend/vector/avx2/constants/b_shl_128_odd_lookup_table.rs",
+            env!("CARGO_MANIFEST_DIR")
+        ))
+        .expect("can open file");
+
+        let table_file_contents = format!(
+            "//! Generated file, do not alter!
+
+            use crate::{{
+                backend::vector::{{
+                    avx2::{{edwards::CachedPoint, field::FieldElement2625x4}},
+                    packed_simd::u32x8,
+                }},
+                window::NafLookupTable8,
+            }};
+
+            /// Odd multiples of `[2^128]B`: `[[2^128]B, [3 2^128]B, [5 2^128]B, [7 2^128]B, ..., [127 2^128]B]`.
+            pub(crate) static B_SHL_128_ODD_LOOKUP_TABLE: NafLookupTable8<CachedPoint> =
+            {:?};
+            ",
+            table
+        ).replace("u32x8(__m256i(", "u32x8::new_const(")
+        .replace(")), ", "), ")
+        .replace("))]", ")]");
+
+        write!(table_file, "{}", table_file_contents).unwrap();
+    }
+}