StarsAC/sqisign
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity

second-round version of SQIsign

Browse Source 
Co-authored-by: Marius A. Aardal <marius.andre.aardal@gmail.com>
Co-authored-by: Gora Adj <gora.adj@tii.ae>
Co-authored-by: Diego F. Aranha <dfaranha@cs.au.dk>
Co-authored-by: Andrea Basso <sqisign@andreabasso.com>
Co-authored-by: Isaac Andrés Canales Martínez <icanalesm0500@gmail.com>
Co-authored-by: Jorge Chávez-Saab <jorgechavezsaab@gmail.com>
Co-authored-by: Maria Corte-Real Santos <mariascrsantos98@gmail.com>
Co-authored-by: Luca De Feo <github@defeo.lu>
Co-authored-by: Max Duparc <max.duparc@epfl.ch>
Co-authored-by: Jonathan Komada Eriksen <jonathan.eriksen97@gmail.com>
Co-authored-by: Décio Luiz Gazzoni Filho <decio@decpp.net>
Co-authored-by: Basil Hess <bhe@zurich.ibm.com>
Co-authored-by: Antonin Leroux <antonin.leroux@polytechnique.org>
Co-authored-by: Patrick Longa <plonga@microsoft.com>
Co-authored-by: Luciano Maino <mainoluciano.96@gmail.com>
Co-authored-by: Michael Meyer <michael@random-oracles.org>
Co-authored-by: Hiroshi Onuki <onuki@mist.i.u-tokyo.ac.jp>
Co-authored-by: Lorenz Panny <lorenz@yx7.cc>
Co-authored-by: Giacomo Pope <giacomopope@gmail.com>
Co-authored-by: Krijn Reijnders <reijnderskrijn@gmail.com>
Co-authored-by: Damien Robert <damien.robert@inria.fr>
Co-authored-by: Francisco Rodríguez-Henriquez <francisco.rodriguez@tii.ae>
Co-authored-by: Sina Schaeffler <sschaeffle@student.ethz.ch>
Co-authored-by: Benjamin Wesolowski <benjamin.wesolowski@ens-lyon.fr>
This commit is contained in:
SQIsign team
2025-02-06 00:00:00 +00:00
committed by Lorenz Panny
parent ff34a8cd18
commit 91e9e464fe
481 changed files with 80785 additions and 55963 deletions
Download Patch File Download Diff File Expand all files Collapse all files

254
src/gf/gfx/test/bench_fp.c Normal file
View File

@@ -0,0 +1,254 @@
#include <bench.h>
#include <bench_test_arguments.h>
#include <stdio.h>
#include <string.h>
#include <time.h>
#include <inttypes.h>
#include "test_utils.h"
#include <rng.h>
#define STRINGIFY2(x) #x
#define STRINGIFY(x) STRINGIFY2(x)
bool
fp_run(int iterations)
{
bool OK = true;
int n, i;
uint64_t cycles1, cycles2;
fp_t a, b;
uint8_t tmp[32];
fp_random_test(&a);
fp_random_test(&b);
printf("\n-------------------------------------------------------------------------------------"
"-------------------\n\n");
printf("Benchmarking GF(p) field arithmetic for " STRINGIFY(SQISIGN_VARIANT) ": \n\n");
// GF(p) addition
uint64_t cycle_runs[20];
for (i = 0; i < 20; i++) {
cycles1 = cpucycles();
for (n = 0; n < iterations; n++) {
fp_add(&a, &a, &b);
fp_add(&b, &b, &a);
fp_add(&a, &a, &b);
fp_add(&b, &b, &a);
fp_add(&a, &a, &b);
fp_add(&b, &b, &a);
}
cycles2 = cpucycles();
cycle_runs[i] = cycles2 - cycles1;
}
fp_encode(tmp, &b);
qsort(cycle_runs + 10, 10, sizeof cycle_runs[0], cmp_u64);
printf(" GF(p) addition runs in .......................................... %" PRIu64 " cycles, (%u ignore me)\n",
cycle_runs[4] / (6 * iterations),
tmp[0]);
// GF(p) subtraction
for (i = 0; i < 20; i++) {
cycles1 = cpucycles();
for (n = 0; n < iterations; n++) {
fp_sub(&a, &a, &b);
fp_sub(&b, &b, &a);
fp_sub(&a, &a, &b);
fp_sub(&b, &b, &a);
fp_sub(&a, &a, &b);
fp_sub(&b, &b, &a);
}
cycles2 = cpucycles();
cycle_runs[i] = cycles2 - cycles1;
}
fp_encode(tmp, &b);
qsort(cycle_runs + 10, 10, sizeof cycle_runs[0], cmp_u64);
printf(" GF(p) subtraction runs in ....................................... %" PRIu64 " cycles, (%u ignore me)\n",
cycle_runs[4] / (6 * iterations),
tmp[0]);
// GF(p) division by 3
for (i = 0; i < 20; i++) {
cycles1 = cpucycles();
for (n = 0; n < iterations; n++) {
fp_div3(&a, &a);
fp_div3(&b, &b);
fp_div3(&a, &a);
fp_div3(&b, &b);
fp_div3(&a, &a);
fp_div3(&b, &b);
}
cycles2 = cpucycles();
cycle_runs[i] = cycles2 - cycles1;
}
fp_encode(tmp, &b);
qsort(cycle_runs + 10, 10, sizeof cycle_runs[0], cmp_u64);
printf(" GF(p) division by 3 runs in ..................................... %" PRIu64 " cycles, (%u ignore me)\n",
cycle_runs[4] / (6 * iterations),
tmp[0]);
// GF(p) multiplication
for (i = 0; i < 20; i++) {
cycles1 = cpucycles();
for (n = 0; n < iterations; n++) {
fp_mul(&a, &a, &b);
fp_mul(&b, &b, &a);
fp_mul(&a, &a, &b);
fp_mul(&b, &b, &a);
fp_mul(&a, &a, &b);
fp_mul(&b, &b, &a);
}
cycles2 = cpucycles();
cycle_runs[i] = cycles2 - cycles1;
}
fp_encode(tmp, &b);
qsort(cycle_runs + 10, 10, sizeof cycle_runs[0], cmp_u64);
printf(" GF(p) multiplication runs in .................................... %" PRIu64 " cycles, (%u ignore me)\n",
cycle_runs[4] / (6 * iterations),
tmp[0]);
// GF(p) small multiplication
for (i = 0; i < 20; i++) {
cycles1 = cpucycles();
uint32_t val = cycles1;
for (n = 0; n < iterations; n++) {
fp_mul_small(&a, &a, val);
fp_mul_small(&a, &a, val);
fp_mul_small(&a, &a, val);
fp_mul_small(&a, &a, val);
fp_mul_small(&a, &a, val);
fp_mul_small(&a, &a, val);
}
cycles2 = cpucycles();
cycle_runs[i] = cycles2 - cycles1;
}
fp_encode(tmp, &a);
qsort(cycle_runs + 10, 10, sizeof cycle_runs[0], cmp_u64);
printf(" GF(p) small multiplication runs in .............................. %" PRIu64 " cycles, (%u ignore me)\n",
cycle_runs[4] / (6 * iterations),
tmp[0]);
// GF(p) squaring
for (i = 0; i < 20; i++) {
cycles1 = cpucycles();
for (n = 0; n < iterations; n++) {
fp_sqr(&a, &a);
}
cycles2 = cpucycles();
cycle_runs[i] = cycles2 - cycles1;
}
fp_encode(tmp, &a);
qsort(cycle_runs + 10, 10, sizeof cycle_runs[0], cmp_u64);
printf(" GF(p) squaring runs in .......................................... %" PRIu64 " cycles, (%u ignore me)\n",
cycle_runs[4] / (iterations),
tmp[0]);
// GF(p) inversion
for (i = 0; i < 20; i++) {
cycles1 = cpucycles();
for (n = 0; n < iterations; n++) {
fp_inv(&a);
fp_add(&a, &b, &a);
}
cycles2 = cpucycles();
cycle_runs[i] = cycles2 - cycles1;
}
fp_encode(tmp, &a);
qsort(cycle_runs + 10, 10, sizeof cycle_runs[0], cmp_u64);
printf(" GF(p) inversion runs in ......................................... %" PRIu64 " cycles, (%u ignore me)\n",
cycle_runs[4] / iterations,
tmp[0]);
// GF(p) sqrt
for (i = 0; i < 20; i++) {
cycles1 = cpucycles();
for (n = 0; n < iterations; n++) {
fp_sqrt(&a);
fp_add(&a, &b, &a);
}
cycles2 = cpucycles();
cycle_runs[i] = cycles2 - cycles1;
}
fp_encode(tmp, &a);
qsort(cycle_runs + 10, 10, sizeof cycle_runs[0], cmp_u64);
printf(" GF(p) sqrt runs in .............................................. %" PRIu64 " cycles, (%u ignore me)\n",
cycle_runs[4] / iterations,
tmp[0]);
// GF(p) is_square
for (i = 0; i < 20; i++) {
cycles1 = cpucycles();
for (n = 0; n < iterations; n++) {
fp_is_square(&a);
fp_add(&a, &b, &a);
}
cycles2 = cpucycles();
cycle_runs[i] = cycles2 - cycles1;
}
fp_encode(tmp, &a);
qsort(cycle_runs + 10, 10, sizeof cycle_runs[0], cmp_u64);
printf(" Square checking runs in ......................................... %" PRIu64 " cycles, (%u ignore me)\n",
cycle_runs[4] / iterations,
tmp[0]);
return OK;
}
int
main(int argc, char *argv[])
{
uint32_t seed[12] = { 0 };
int iterations = 1000 * SQISIGN_TEST_REPS;
int help = 0;
int seed_set = 0;
#ifndef NDEBUG
fprintf(stderr,
"\x1b[31mIt looks like SQIsign was compiled with assertions enabled.\n"
"This will severely impact performance measurements.\x1b[0m\n");
#endif
for (int i = 1; i < argc; i++) {
if (!help && strcmp(argv[i], "--help") == 0) {
help = 1;
continue;
}
if (!seed_set && !parse_seed(argv[i], seed)) {
seed_set = 1;
continue;
}
if (sscanf(argv[i], "--iterations=%d", &iterations) == 1) {
continue;
}
}
if (help || iterations <= 0) {
printf("Usage: %s [--iterations=<iterations>] [--seed=<seed>]\n", argv[0]);
printf("Where <iterations> is the number of iterations used for benchmarking; if not "
"present, uses the default: %d)\n",
iterations);
printf("Where <seed> is the random seed to be used; if not present, a random seed is "
"generated\n");
return 1;
}
if (!seed_set) {
randombytes_select((unsigned char *)seed, sizeof(seed));
}
print_seed(seed);
#if defined(TARGET_BIG_ENDIAN)
for (int i = 0; i < 12; i++) {
seed[i] = BSWAP32(seed[i]);
}
#endif
randombytes_init((unsigned char *)seed, NULL, 256);
cpucycles_init();
return !fp_run(iterations);
}

234
src/gf/gfx/test/bench_fp2.c Normal file
View File

@@ -0,0 +1,234 @@
#include <bench.h>
#include <bench_test_arguments.h>
#include <stdio.h>
#include <string.h>
#include <inttypes.h>
#include "test_utils.h"
#include <rng.h>
#define STRINGIFY2(x) #x
#define STRINGIFY(x) STRINGIFY2(x)
bool
fp2_run(int iterations)
{
bool OK = true;
int n, i;
uint64_t cycles1, cycles2;
fp2_t a, b;
uint8_t tmp[2 * FP_ENCODED_BYTES];
fp2_random_test(&a);
fp2_random_test(&b);
printf("\n-------------------------------------------------------------------------------------"
"-------------------\n\n");
printf("Benchmarking GF(p^2) field arithmetic for " STRINGIFY(SQISIGN_VARIANT) ": \n\n");
// GF(p^2) addition
uint64_t cycle_runs[20];
for (i = 0; i < 20; i++) {
cycles1 = cpucycles();
for (n = 0; n < iterations; n++) {
fp2_add(&a, &a, &b);
fp2_add(&b, &b, &a);
fp2_add(&a, &a, &b);
fp2_add(&b, &b, &a);
fp2_add(&a, &a, &b);
fp2_add(&b, &b, &a);
}
cycles2 = cpucycles();
cycle_runs[i] = cycles2 - cycles1;
}
fp2_encode(tmp, &b);
qsort(cycle_runs + 10, 10, sizeof cycle_runs[0], cmp_u64);
printf(" GF(p^2) addition runs in .......................................... %" PRIu64 " cycles, (%u ignore me)\n",
cycle_runs[4] / (6 * iterations),
tmp[0]);
// GF(p^2) subtraction
for (i = 0; i < 20; i++) {
cycles1 = cpucycles();
for (n = 0; n < iterations; n++) {
fp2_sub(&a, &a, &b);
fp2_sub(&b, &b, &a);
fp2_sub(&a, &a, &b);
fp2_sub(&b, &b, &a);
fp2_sub(&a, &a, &b);
fp2_sub(&b, &b, &a);
}
cycles2 = cpucycles();
cycle_runs[i] = cycles2 - cycles1;
}
fp2_encode(tmp, &b);
qsort(cycle_runs + 10, 10, sizeof cycle_runs[0], cmp_u64);
printf(" GF(p^2) subtraction runs in ....................................... %" PRIu64 " cycles, (%u ignore me)\n",
cycle_runs[4] / (6 * iterations),
tmp[0]);
// GF(p^2) multiplication
for (i = 0; i < 20; i++) {
cycles1 = cpucycles();
for (n = 0; n < iterations; n++) {
fp2_mul(&a, &a, &b);
fp2_mul(&b, &b, &a);
fp2_mul(&a, &a, &b);
fp2_mul(&b, &b, &a);
fp2_mul(&a, &a, &b);
fp2_mul(&b, &b, &a);
}
cycles2 = cpucycles();
cycle_runs[i] = cycles2 - cycles1;
}
fp2_encode(tmp, &b);
qsort(cycle_runs + 10, 10, sizeof cycle_runs[0], cmp_u64);
printf(" GF(p^2) multiplication runs in .................................... %" PRIu64 " cycles, (%u ignore me)\n",
cycle_runs[4] / (6 * iterations),
tmp[0]);
// GF(p^2) squaring
for (i = 0; i < 20; i++) {
cycles1 = cpucycles();
for (n = 0; n < iterations; n++) {
fp2_sqr(&a, &a);
}
cycles2 = cpucycles();
cycle_runs[i] = cycles2 - cycles1;
}
fp2_encode(tmp, &a);
qsort(cycle_runs + 10, 10, sizeof cycle_runs[0], cmp_u64);
printf(" GF(p^2) squaring runs in .......................................... %" PRIu64 " cycles, (%u ignore me)\n",
cycle_runs[4] / (iterations),
tmp[0]);
// GF(p^2) small multiplication
for (i = 0; i < 20; i++) {
cycles1 = cpucycles();
uint32_t val = cycles1;
for (n = 0; n < iterations; n++) {
fp2_mul_small(&a, &a, val);
fp2_mul_small(&a, &a, val);
fp2_mul_small(&a, &a, val);
fp2_mul_small(&a, &a, val);
fp2_mul_small(&a, &a, val);
fp2_mul_small(&a, &a, val);
}
cycles2 = cpucycles();
cycle_runs[i] = cycles2 - cycles1;
}
fp_add(&a.re, &a.re, &a.im);
fp2_encode(tmp, &a);
qsort(cycle_runs + 10, 10, sizeof cycle_runs[0], cmp_u64);
printf(" GF(p^2) small multiplication runs in .............................. %" PRIu64 " cycles, (%u ignore me)\n",
cycle_runs[4] / (6 * iterations),
tmp[0]);
// GF(p^2) inversion
for (i = 0; i < 20; i++) {
cycles1 = cpucycles();
for (n = 0; n < iterations; n++) {
fp2_inv(&a);
fp2_add(&a, &b, &a);
}
cycles2 = cpucycles();
cycle_runs[i] = cycles2 - cycles1;
}
fp2_encode(tmp, &a);
qsort(cycle_runs + 10, 10, sizeof cycle_runs[0], cmp_u64);
printf(" GF(p^2) inversion runs in ......................................... %" PRIu64 " cycles, (%u ignore me)\n",
cycle_runs[4] / iterations,
tmp[0]);
// GF(p^2) sqrt
for (i = 0; i < 20; i++) {
cycles1 = cpucycles();
for (n = 0; n < iterations; n++) {
fp2_sqrt(&a);
fp2_add(&a, &b, &a);
}
cycles2 = cpucycles();
cycle_runs[i] = cycles2 - cycles1;
}
fp2_encode(tmp, &a);
qsort(cycle_runs + 10, 10, sizeof cycle_runs[0], cmp_u64);
printf(" GF(p^2) sqrt runs in .............................................. %" PRIu64 " cycles, (%u ignore me)\n",
cycle_runs[4] / iterations,
tmp[0]);
// GF(p^2) is_square
for (i = 0; i < 20; i++) {
cycles1 = cpucycles();
for (n = 0; n < iterations; n++) {
fp2_is_square(&a);
fp2_add(&a, &b, &a);
}
cycles2 = cpucycles();
cycle_runs[i] = cycles2 - cycles1;
}
fp2_encode(tmp, &a);
qsort(cycle_runs + 10, 10, sizeof cycle_runs[0], cmp_u64);
printf(" Square checking runs in ........................................... %" PRIu64 " cycles, (%u ignore me)\n",
cycle_runs[4] / iterations,
tmp[0]);
return OK;
}
int
main(int argc, char *argv[])
{
uint32_t seed[12] = { 0 };
int iterations = 1000 * SQISIGN_TEST_REPS;
int help = 0;
int seed_set = 0;
#ifndef NDEBUG
fprintf(stderr,
"\x1b[31mIt looks like SQIsign was compiled with assertions enabled.\n"
"This will severely impact performance measurements.\x1b[0m\n");
#endif
for (int i = 1; i < argc; i++) {
if (!help && strcmp(argv[i], "--help") == 0) {
help = 1;
continue;
}
if (!seed_set && !parse_seed(argv[i], seed)) {
seed_set = 1;
continue;
}
if (sscanf(argv[i], "--iterations=%d", &iterations) == 1) {
continue;
}
}
if (help || iterations <= 0) {
printf("Usage: %s [--iterations=<iterations>] [--seed=<seed>]\n", argv[0]);
printf("Where <iterations> is the number of iterations used for benchmarking; if not "
"present, uses the default: %d)\n",
iterations);
printf("Where <seed> is the random seed to be used; if not present, a random seed is "
"generated\n");
return 1;
}
if (!seed_set) {
randombytes_select((unsigned char *)seed, sizeof(seed));
}
print_seed(seed);
#if defined(TARGET_BIG_ENDIAN)
for (int i = 0; i < 12; i++) {
seed[i] = BSWAP32(seed[i]);
}
#endif
randombytes_init((unsigned char *)seed, NULL, 256);
cpucycles_init();
return !fp2_run(iterations);
}

460
src/gf/gfx/test/test_fp.c Normal file
View File

@@ -0,0 +1,460 @@
#include <stdio.h>
#include <string.h>
#include <time.h>
#include <inttypes.h>
#include "test_utils.h"
#include <rng.h>
#include <bench_test_arguments.h>
bool
fp_test(int iterations)
{ // Tests for the field arithmetic
bool OK = true;
int n, passed;
fp_t a, b, c, d, e, f;
printf("\n-------------------------------------------------------------------------------------"
"-------------------\n\n");
printf("Testing field arithmetic over GF(p): \n\n");
// Test equality
passed = 1;
for (n = 0; n < iterations; n++) {
fp_random_test(&a);
fp_add(&b, &a, (fp_t *)&ONE);
fp_set_zero(&c);
if (fp_is_equal(&a, &a) == 0) {
passed = 0;
break;
}
if (fp_is_equal(&a, &b) != 0) {
passed = 0;
break;
}
if (fp_is_equal(&c, (fp_t *)&ZERO) == 0) {
passed = 0;
break;
}
if (fp_is_zero((fp_t *)&ZERO) == 0) {
passed = 0;
break;
}
if (fp_is_zero((fp_t *)&ONE) != 0) {
passed = 0;
break;
}
}
if (passed == 1)
printf(" GF(p) equality tests ............................................ PASSED");
else {
printf(" GF(p) equality tests... FAILED");
printf("\n");
return false;
}
printf("\n");
// Test mul small
passed = 1;
for (n = 0; n < iterations; n++) {
fp_random_test(&a);
uint32_t val = rand();
// Multiply by small value
fp_mul_small(&b, &a, val);
// Convert and use usual multiplication
fp_set_small(&c, val);
fp_mul(&d, &a, &c);
if (fp_is_equal(&b, &d) == 0) {
passed = 0;
break;
}
}
if (passed == 1)
printf(" GF(p) mul small test ............................................ PASSED");
else {
printf(" GF(p) mul small tests... FAILED");
printf("\n");
return false;
}
printf("\n");
// Test half
passed = 1;
for (n = 0; n < iterations; n++) {
fp_random_test(&a);
fp_add(&b, &a, &a);
fp_half(&c, &b);
if (fp_is_equal(&a, &c) == 0) {
passed = 0;
break;
}
fp_random_test(&a);
fp_half(&b, &a);
fp_add(&c, &b, &b);
if (fp_is_equal(&a, &c) == 0) {
passed = 0;
break;
}
}
if (passed == 1)
printf(" GF(p) half test ................................................. PASSED");
else {
printf(" GF(p) half tests... FAILED");
printf("\n");
return false;
}
printf("\n");
// Field division by 3
passed = 1;
for (n = 0; n < iterations; n++) {
fp_random_test(&a);
fp_add(&b, &a, &a);
fp_add(&b, &b, &a);
fp_div3(&c, &b);
if (fp_is_equal(&a, &c) == 0) {
passed = 0;
break;
}
fp_set_zero(&a);
fp_div3(&d, &a); // d = 0/3
if (fp_is_zero(&d) == 0) {
passed = 0;
break;
}
}
if (passed == 1)
printf(" GF(p) div by 3 tests............................................. PASSED");
else {
printf(" GF(p) div by 3 tests... FAILED");
printf("\n");
return false;
}
printf("\n");
// Test set small
passed = 1;
for (n = 0; n < iterations; n++) {
fp_set_one(&a);
fp_add(&b, &a, &a);
fp_set_small(&c, (uint32_t)2);
if (fp_is_equal(&b, &c) == 0) {
passed = 0;
break;
}
fp_set_one(&a);
fp_add(&b, &a, &a);
fp_add(&b, &b, &b);
fp_set_small(&c, 4);
if (fp_is_equal(&b, &c) == 0) {
passed = 0;
break;
}
}
if (passed == 1)
printf(" GF(p) set small test ............................................ PASSED");
else {
printf(" GF(p) set small... FAILED");
printf("\n");
return false;
}
printf("\n");
// Field addition
passed = 1;
for (n = 0; n < iterations; n++) {
fp_random_test(&a);
fp_random_test(&b);
fp_random_test(&c);
fp_random_test(&d);
fp_add(&d, &a, &b);
fp_add(&e, &d, &c); // e = (a+b)+c
fp_add(&d, &b, &c);
fp_add(&f, &d, &a); // f = a+(b+c)
if (fp_is_equal(&e, &f) == 0) {
passed = 0;
break;
}
fp_add(&d, &a, &b); // d = a+b
fp_add(&e, &b, &a); // e = b+a
if (fp_is_equal(&d, &e) == 0) {
passed = 0;
break;
}
fp_set_zero(&b);
fp_add(&d, &a, &b); // d = a+0
if (fp_is_equal(&a, &d) == 0) {
passed = 0;
break;
}
fp_set_zero(&b);
fp_neg(&d, &a);
fp_add(&e, &a, &d); // e = a+(-a)
if (fp_is_equal(&e, &b) == 0) {
passed = 0;
break;
}
}
if (passed == 1)
printf(" GF(p) addition tests ............................................ PASSED");
else {
printf(" GF(p) addition tests... FAILED");
printf("\n");
return false;
}
printf("\n");
// Field subtraction
passed = 1;
for (n = 0; n < iterations; n++) {
fp_random_test(&a);
fp_random_test(&b);
fp_random_test(&c);
fp_random_test(&d);
fp_sub(&d, &a, &b);
fp_sub(&e, &d, &c); // e = (a-b)-c
fp_add(&d, &b, &c);
fp_sub(&f, &a, &d); // f = a-(b+c)
if (fp_is_equal(&e, &f) == 0) {
passed = 0;
break;
}
fp_sub(&d, &a, &b); // d = a-b
fp_sub(&e, &b, &a);
fp_neg(&e, &e); // e = -(b-a)
if (fp_is_equal(&d, &e) == 0) {
passed = 0;
break;
}
fp_set_zero(&b);
fp_sub(&d, &a, &b); // d = a-0
if (fp_is_equal(&a, &d) == 0) {
passed = 0;
break;
}
fp_sub(&e, &a, &a); // e = a+(-a)
if (fp_is_zero(&e) == 0) {
passed = 0;
break;
}
}
if (passed == 1)
printf(" GF(p) subtraction tests ......................................... PASSED");
else {
printf(" GF(p) subtraction tests... FAILED");
printf("\n");
return false;
}
printf("\n");
// Field multiplication
passed = 1;
for (n = 0; n < iterations; n++) {
fp_random_test(&a);
fp_random_test(&b);
fp_random_test(&c);
fp_mul(&d, &a, &b);
fp_mul(&e, &d, &c); // e = (a*b)*c
fp_mul(&d, &b, &c);
fp_mul(&f, &d, &a); // f = a*(b*c)
if (fp_is_equal(&e, &f) == 0) {
passed = 0;
break;
}
fp_add(&d, &b, &c);
fp_mul(&e, &a, &d); // e = a*(b+c)
fp_mul(&d, &a, &b);
fp_mul(&f, &a, &c);
fp_add(&f, &d, &f); // f = a*b+a*c
if (fp_is_equal(&e, &f) == 0) {
passed = 0;
break;
}
fp_mul(&d, &a, &b); // d = a*b
fp_mul(&e, &b, &a); // e = b*a
if (fp_is_equal(&d, &e) == 0) {
passed = 0;
break;
}
fp_set_one(&b);
fp_mul(&d, &a, &b); // d = a*1
if (fp_is_equal(&a, &d) == 0) {
passed = 0;
break;
}
fp_set_zero(&b);
fp_mul(&d, &a, &b); // d = a*0
if (fp_is_equal(&b, &d) == 0) {
passed = 0;
break;
}
}
if (passed == 1)
printf(" GF(p) multiplication tests ...................................... PASSED");
else {
printf(" GF(p) multiplication tests... FAILED");
printf("\n");
return false;
}
printf("\n");
// Field squaring
passed = 1;
for (n = 0; n < iterations; n++) {
fp_random_test(&a);
fp_sqr(&b, &a); // b = a^2
fp_mul(&c, &a, &a); // c = a*a
if (fp_is_equal(&b, &c) == 0) {
passed = 0;
break;
}
fp_set_zero(&a);
fp_sqr(&d, &a); // d = 0^2
if (fp_is_zero(&d) == 0) {
passed = 0;
break;
}
}
if (passed == 1)
printf(" GF(p) squaring tests............................................. PASSED");
else {
printf(" GF(p) squaring tests... FAILED");
printf("\n");
return false;
}
printf("\n");
// Field inversion
passed = 1;
for (n = 0; n < iterations; n++) {
fp_random_test(&a);
fp_copy(&b, &a);
fp_inv(&b);
fp_mul(&c, &a, &b); // c = a*a^-1
if (fp_is_equal(&c, (fp_t *)&ONE) == 0) {
passed = 0;
break;
}
fp_set_zero(&a);
fp_inv(&a); // c = 0^-1
if (fp_is_equal(&a, (fp_t *)&ZERO) == 0) {
passed = 0;
break;
}
}
if (passed == 1)
printf(" GF(p) inversion tests............................................ PASSED");
else {
printf(" GF(p) inversion tests... FAILED");
printf("\n");
return false;
}
printf("\n");
// Square root and square detection
passed = 1;
for (n = 0; n < iterations; n++) {
fp_random_test(&a);
fp_sqr(&c, &a); // c = a^2
if (fp_is_square(&c) == 0) {
passed = 0;
break;
}
fp_sqrt(&c); // c, d = ±sqrt(c)
fp_neg(&d, &c);
if ((fp_is_equal(&a, &c) == 0) && (fp_is_equal(&a, &d) == 0)) {
passed = 0;
break;
}
}
if (passed == 1)
printf(" Square root, square tests........................................ PASSED");
else {
printf(" Square root, square tests... FAILED");
printf("\n");
return false;
}
printf("\n");
return OK;
}
int
main(int argc, char *argv[])
{
uint32_t seed[12] = { 0 };
int iterations = 1000 * SQISIGN_TEST_REPS;
int help = 0;
int seed_set = 0;
for (int i = 1; i < argc; i++) {
if (!help && strcmp(argv[i], "--help") == 0) {
help = 1;
continue;
}
if (!seed_set && !parse_seed(argv[i], seed)) {
seed_set = 1;
continue;
}
if (sscanf(argv[i], "--iterations=%d", &iterations) == 1) {
continue;
}
}
if (help || iterations <= 0) {
printf("Usage: %s [--iterations=<iterations>] [--seed=<seed>]\n", argv[0]);
printf("Where <iterations> is the number of iterations used for testing; if not "
"present, uses the default: %d)\n",
iterations);
printf("Where <seed> is the random seed to be used; if not present, a random seed is "
"generated\n");
return 1;
}
if (!seed_set) {
randombytes_select((unsigned char *)seed, sizeof(seed));
}
print_seed(seed);
#if defined(TARGET_BIG_ENDIAN)
for (int i = 0; i < 12; i++) {
seed[i] = BSWAP32(seed[i]);
}
#endif
randombytes_init((unsigned char *)seed, NULL, 256);
return !fp_test(iterations);
}

349
src/gf/gfx/test/test_fp2.c Normal file
View File

@@ -0,0 +1,349 @@
#include <stdio.h>
#include <string.h>
#include <inttypes.h>
#include "test_utils.h"
#include <rng.h>
#include <bench_test_arguments.h>
bool
fp2_test(int iterations)
{ // Tests for the GF(p^2) arithmetic
bool OK = true;
int n, passed;
fp2_t a, b, c, d, e, f;
printf("\n-------------------------------------------------------------------------------------"
"-------------------\n\n");
printf("Testing arithmetic over GF(p^2): \n\n");
// Addition in GF(p^2)
passed = 1;
for (n = 0; n < iterations; n++) {
fp2_random_test(&a);
fp2_random_test(&b);
fp2_random_test(&c);
fp2_random_test(&d);
fp2_add(&d, &a, &b);
fp2_add(&e, &d, &c); // e = (a+b)+c
fp2_add(&d, &b, &c);
fp2_add(&f, &d, &a); // f = a+(b+c)
if (fp2_is_equal(&e, &f) == 0) {
passed = 0;
break;
}
fp2_add(&d, &a, &b); // d = a+b
fp2_add(&e, &b, &a); // e = b+a
if (fp2_is_equal(&d, &e) == 0) {
passed = 0;
break;
}
fp2_set_zero(&b);
fp2_add(&d, &a, &b); // d = a+0
if (fp2_is_equal(&d, &a) == 0) {
passed = 0;
break;
}
fp2_neg(&d, &a);
fp2_add(&e, &a, &d); // e = a+(-a)
if (fp2_is_zero(&e) == 0) {
passed = 0;
break;
}
// Test add_one special method
fp2_set_one(&b);
fp2_add(&e, &a, &b);
fp2_add_one(&f, &a);
if (fp2_is_equal(&e, &f) == 0) {
passed = 0;
break;
}
}
if (passed == 1)
printf(" GF(p^2) addition tests ............................................ PASSED");
else {
printf(" GF(p^2) addition tests... FAILED");
printf("\n");
return false;
}
printf("\n");
// Subtraction in GF(p^2)
passed = 1;
for (n = 0; n < iterations; n++) {
fp2_random_test(&a);
fp2_random_test(&b);
fp2_random_test(&c);
fp2_random_test(&d);
fp2_sub(&d, &a, &b);
fp2_sub(&e, &d, &c); // e = (a-b)-c
fp2_add(&d, &b, &c);
fp2_sub(&f, &a, &d); // f = a-(b+c)
if (fp2_is_equal(&e, &f) == 0) {
passed = 0;
break;
}
fp2_sub(&d, &a, &b); // d = a-b
fp2_sub(&e, &b, &a);
fp2_neg(&e, &e); // e = -(b-a)
if (fp2_is_equal(&d, &e) == 0) {
passed = 0;
break;
}
fp2_set_zero(&b);
fp2_sub(&d, &a, &b); // d = a-0
if (fp2_is_equal(&d, &a) == 0) {
passed = 0;
break;
}
fp2_sub(&e, &a, &a); // e = a+(-a)
if (fp2_is_zero(&e) == 0) {
passed = 0;
break;
}
}
if (passed == 1)
printf(" GF(p^2) subtraction tests ......................................... PASSED");
else {
printf(" GF(p^2) subtraction tests... FAILED");
printf("\n");
return false;
}
printf("\n");
// Multiplication in GF(p^2)
passed = 1;
for (n = 0; n < iterations; n++) {
fp2_random_test(&a);
fp2_random_test(&b);
fp2_random_test(&c);
fp2_mul(&d, &a, &b);
fp2_mul(&e, &d, &c); // e = (a*b)*c
fp2_mul(&d, &b, &c);
fp2_mul(&f, &d, &a); // f = a*(b*c)
if (fp2_is_equal(&e, &f) == 0) {
passed = 0;
break;
}
fp2_add(&d, &b, &c);
fp2_mul(&e, &a, &d); // e = a*(b+c)
fp2_mul(&d, &a, &b);
fp2_mul(&f, &a, &c);
fp2_add(&f, &d, &f); // f = a*b+a*c
if (fp2_is_equal(&e, &f) == 0) {
passed = 0;
break;
}
fp2_mul(&d, &a, &b); // d = a*b
fp2_mul(&e, &b, &a); // e = b*a
if (fp2_is_equal(&d, &e) == 0) {
passed = 0;
break;
}
fp2_set_one(&b);
fp2_mul(&d, &a, &b); // d = a*1
if (fp2_is_equal(&a, &d) == 0) {
passed = 0;
break;
}
fp2_set_zero(&b);
fp2_mul(&d, &a, &b); // d = a*0
if (fp2_is_zero(&d) == 0) {
passed = 0;
break;
}
}
if (passed == 1)
printf(" GF(p^2) multiplication tests ...................................... PASSED");
else {
printf(" GF(p^2) multiplication tests... FAILED");
printf("\n");
return false;
}
printf("\n");
// Test mul small
passed = 1;
for (n = 0; n < iterations; n++) {
fp2_random_test(&a);
uint32_t val = rand();
// Multiply by a small value
fp2_mul_small(&b, &a, val);
// Convert and multiply as a fp val
fp2_set_small(&c, val);
fp2_mul(&d, &a, &c);
// Values should be the same
if (fp2_is_equal(&b, &d) == 0) {
passed = 0;
break;
}
}
if (passed == 1)
printf(" GF(p^2) mul small test ............................................ PASSED");
else {
printf(" GF(p^2) mul small tests... FAILED");
printf("\n");
return false;
}
printf("\n");
// Squaring in GF(p^2)
passed = 1;
for (n = 0; n < iterations; n++) {
fp2_random_test(&a);
fp2_sqr(&b, &a); // b = a^2
fp2_mul(&c, &a, &a); // c = a*a
if (fp2_is_equal(&b, &c) == 0) {
passed = 0;
break;
}
fp2_set_zero(&a);
fp2_sqr(&d, &a); // d = 0^2
if (fp2_is_zero(&d) == 0) {
passed = 0;
break;
}
}
if (passed == 1)
printf(" GF(p^2) squaring tests............................................. PASSED");
else {
printf(" GF(p^2) squaring tests... FAILED");
printf("\n");
return false;
}
printf("\n");
// Inversion in GF(p^2)
passed = 1;
for (n = 0; n < iterations; n++) {
fp2_random_test(&a);
fp2_set_one(&d);
fp2_copy(&b, &a);
fp2_inv(&a);
fp2_mul(&c, &a, &b); // c = a*a^-1
if (fp2_is_equal(&c, &d) == 0) {
passed = 0;
break;
}
fp2_set_zero(&a);
fp2_set_zero(&d);
fp2_inv(&a); // c = 0^-1
if (fp2_is_equal(&a, &d) == 0) {
passed = 0;
break;
}
}
if (passed == 1)
printf(" GF(p^2) inversion tests............................................ PASSED");
else {
printf(" GF(p^2) inversion tests... FAILED");
printf("\n");
return false;
}
printf("\n");
// Square root and square detection in GF(p^2)
passed = 1;
for (n = 0; n < iterations; n++) {
fp2_random_test(&a);
fp2_sqr(&c, &a); // c = a^2
if (fp2_is_square(&c) == 0) {
passed = 0;
break;
}
fp2_copy(&b, &c);
if (!fp2_sqrt_verify(&b)) {
passed = 0;
break;
}
fp2_sqrt(&c); // c = a = sqrt(c)
fp2_neg(&d, &c);
if ((fp2_is_equal(&a, &c) == 0) && (fp2_is_equal(&a, &d) == 0)) {
passed = 0;
break;
}
}
if (passed == 1)
printf(" Square root, square tests.......................................... PASSED");
else {
printf(" Square root, square tests... FAILED");
printf("\n");
return false;
}
printf("\n");
return OK;
}
int
main(int argc, char *argv[])
{
uint32_t seed[12] = { 0 };
int iterations = 1000 * SQISIGN_TEST_REPS;
int help = 0;
int seed_set = 0;
for (int i = 1; i < argc; i++) {
if (!help && strcmp(argv[i], "--help") == 0) {
help = 1;
continue;
}
if (!seed_set && !parse_seed(argv[i], seed)) {
seed_set = 1;
continue;
}
if (sscanf(argv[i], "--iterations=%d", &iterations) == 1) {
continue;
}
}
if (help || iterations <= 0) {
printf("Usage: %s [--iterations=<iterations>] [--seed=<seed>]\n", argv[0]);
printf("Where <iterations> is the number of iterations used for testing; if not "
"present, uses the default: %d)\n",
iterations);
printf("Where <seed> is the random seed to be used; if not present, a random seed is "
"generated\n");
return 1;
}
if (!seed_set) {
randombytes_select((unsigned char *)seed, sizeof(seed));
}
print_seed(seed);
#if defined(TARGET_BIG_ENDIAN)
for (int i = 0; i < 12; i++) {
seed[i] = BSWAP32(seed[i]);
}
#endif
randombytes_init((unsigned char *)seed, NULL, 256);
return !fp2_test(iterations);
}

39
src/gf/gfx/test/test_utils.c Normal file
View File

@@ -0,0 +1,39 @@
/*
* A custom SHA-3 / SHAKE implementation is used for pseudorandom (but
* reproducible) generation of test values.
*/
#include "test_utils.h"
#include "rng.h"
// Make n random-ish field elements (for tests only!).
void
fp_random_test(fp_t *a)
{
uint8_t tmp[FP_ENCODED_BYTES];
randombytes(tmp, sizeof(tmp));
fp_decode_reduce(a, tmp, sizeof(tmp));
}
void
fp2_random_test(fp2_t *a)
{
fp_random_test(&(a->re));
fp_random_test(&(a->im));
}
int
cmp_u64(const void *v1, const void *v2)
{
uint64_t x1 = *(const uint64_t *)v1;
uint64_t x2 = *(const uint64_t *)v2;
if (x1 < x2) {
return -1;
} else if (x1 == x2) {
return 0;
} else {
return 1;
}
}

19
src/gf/gfx/test/test_utils.h Normal file
View File

@@ -0,0 +1,19 @@
#ifndef test_utils_h__
#define test_utils_h__
#include "fp.h"
#include "fp2.h"
#include <encoded_sizes.h>
#include <stdlib.h>
#define PASSED 0
#define FAILED 1
// Random elements of fp and fp2, only suitable for testing
void fp_random_test(fp_t *a);
void fp2_random_test(fp2_t *a);
// Comparison of u64 for qsort
int cmp_u64(const void *v1, const void *v2);
#endif