Add on-by-default fast crate feature for gating basepoint tables
#251
Conversation
tarcieri
force-pushed
the
feature-gate-basepoint-tables
branch
from
e4b22f2 to
8f56c5c
Compare
|
It might make more sense to give this feature a simpler name like Embedded users who start with Edit: went ahead and renamed the feature to |
tarcieri
changed the title
basepoint-tables crate featurefast crate feature for gating basepoint tables
tarcieri
force-pushed
the
feature-gate-basepoint-tables
branch
2 times, most recently
from
d00d251 to
0d9253e
Compare
tarcieri
changed the title
fast crate feature for gating basepoint tablesfast crate feature for gating basepoint tables
tarcieri
force-pushed
the
feature-gate-basepoint-tables
branch
from
0d9253e to
2c5df02
Compare
|
Not sure why the build is failing. I split out #260 to handle updating to the latest upstream |
tarcieri
force-pushed
the
feature-gate-basepoint-tables
branch
2 times, most recently
from
a067342 to
c807eb1
Compare
|
@rozbb this is ready now |
tarcieri
force-pushed
the
feature-gate-basepoint-tables
branch
2 times, most recently
from
557dbda to
05cced0
Compare
Disabling the feature reduces overall code size at the cost of performance, which is useful for e.g. embedded users. This feature transitively enables the `basepoint-tables` feature in `curve25519-dalek` where the basepoint tables are actually defined.
tarcieri
force-pushed
the
feature-gate-basepoint-tables
branch
from
05cced0 to
65a936a
Compare
|
Just ran some benchmarks on M1 and x86_64. It looks like we get massive (64%) speedups in keygen and signing. But we get a 0-4% slowdown in batch verification, and no effect at all for single verification. Do you wanna rename to |
|
Haha what? That's surprising. If that's really the case then batch verification should always use |
|
Yeah makes sense. First I'll test how the feature interacts with the simd backends. Update: yup, same slowdown even with AVX2 SIMD |
|
Yup same slowdown even with AVX2 SIMD. And actually, single signature verification is 5-9% slower with I'll do the following: rename the feature to |
|
I still think we should remove If there are slowdowns occurring in places where |
|
Perhaps we should open an issue on Tracing the code I'm perplexed how this feature would have any effect on verification, either single signature or batch verification, as as far as I can tell neither use the basepoint tables? (although there are many backends and maybe I haven't grepped/traced properly) Batch verification calls Single signature verification calls |
|
Yeah I ran into the same thing when tracing this down. I have no idea what's causing this. I'll spend a little more time tracing things |
| context: Option<&[u8]>, | ||
| signature: &InternalSignature, | ||
| M: &[u8], | ||
| ) -> EdwardsPoint { |
There was a problem hiding this comment.
Note: this will likely return a CompressedEdwardsY in the process of fixing #267 . Documenting the comment here:
Note that this returns the compressed form of R and the caller does a byte comparison.
This means that all our verification functions do not accept non-canonically encoded R values.
See the validation criteria blog post for more details:
https://hdevalence.ca/blog/2020-10-04-its-25519am
|
@rozbb let me update |
The feature name changed in dalek-cryptography/curve25519-dalek#499
|
Updated and it's green again |
NOTE: depends on dalek-cryptography/curve25519-dalek#489 which needs to be merged firstMerged!NOTE: now depends on #260 which needs to be merged firstMerged!Disabling the feature reduces overall code size at the cost of performance, which is useful for e.g. embedded users.
This feature transitively enables the
basepoint-tablesfeature incurve25519-dalek.TODO: fallback support for using variable-base scalar multiplication by the basepoint when theAdded in 8f56c5cbasepoint-tablesfeature is disabled.