[secp256k1.git] / src / bench_ecmult.c

/**********************************************************************
 * Copyright (c) 2017 Pieter Wuille                                   *
 * Distributed under the MIT software license, see the accompanying   *
 * file COPYING or http://www.opensource.org/licenses/mit-license.php.*
 **********************************************************************/
#include <stdio.h>

#include "include/secp256k1.h"

#include "util.h"
#include "hash_impl.h"
#include "num_impl.h"
#include "field_impl.h"
#include "group_impl.h"
#include "scalar_impl.h"
#include "ecmult_impl.h"
#include "bench.h"
#include "secp256k1.c"

#define POINTS 32768
#define ITERS 10000

typedef struct {
    /* Setup once in advance */
    secp256k1_context* ctx;
    secp256k1_scratch_space* scratch;
    secp256k1_scalar* scalars;
    secp256k1_ge* pubkeys;
    secp256k1_scalar* seckeys;
    secp256k1_gej* expected_output;
    secp256k1_ecmult_multi_func ecmult_multi;

    /* Changes per test */
    size_t count;
    int includes_g;

    /* Changes per test iteration */
    size_t offset1;
    size_t offset2;

    /* Test output. */
    secp256k1_gej* output;
} bench_data;

static int bench_callback(secp256k1_scalar* sc, secp256k1_ge* ge, size_t idx, void* arg) {
    bench_data* data = (bench_data*)arg;
    if (data->includes_g) ++idx;
    if (idx == 0) {
        *sc = data->scalars[data->offset1];
        *ge = secp256k1_ge_const_g;
    } else {
        *sc = data->scalars[(data->offset1 + idx) % POINTS];
        *ge = data->pubkeys[(data->offset2 + idx - 1) % POINTS];
    }
    return 1;
}

static void bench_ecmult(void* arg) {
    bench_data* data = (bench_data*)arg;

    size_t count = data->count;
    int includes_g = data->includes_g;
    size_t iters = 1 + ITERS / count;
    size_t iter;

    for (iter = 0; iter < iters; ++iter) {
        data->ecmult_multi(&data->ctx->error_callback, &data->ctx->ecmult_ctx, data->scratch, &data->output[iter], data->includes_g ? &data->scalars[data->offset1] : NULL, bench_callback, arg, count - includes_g);
        data->offset1 = (data->offset1 + count) % POINTS;
        data->offset2 = (data->offset2 + count - 1) % POINTS;
    }
}

static void bench_ecmult_setup(void* arg) {
    bench_data* data = (bench_data*)arg;
    data->offset1 = (data->count * 0x537b7f6f + 0x8f66a481) % POINTS;
    data->offset2 = (data->count * 0x7f6f537b + 0x6a1a8f49) % POINTS;
}

static void bench_ecmult_teardown(void* arg) {
    bench_data* data = (bench_data*)arg;
    size_t iters = 1 + ITERS / data->count;
    size_t iter;
    /* Verify the results in teardown, to avoid doing comparisons while benchmarking. */
    for (iter = 0; iter < iters; ++iter) {
        secp256k1_gej tmp;
        secp256k1_gej_add_var(&tmp, &data->output[iter], &data->expected_output[iter], NULL);
        CHECK(secp256k1_gej_is_infinity(&tmp));
    }
}

static void generate_scalar(uint32_t num, secp256k1_scalar* scalar) {
    secp256k1_sha256 sha256;
    unsigned char c[11] = {'e', 'c', 'm', 'u', 'l', 't', 0, 0, 0, 0};
    unsigned char buf[32];
    int overflow = 0;
    c[6] = num;
    c[7] = num >> 8;
    c[8] = num >> 16;
    c[9] = num >> 24;
    secp256k1_sha256_initialize(&sha256);
    secp256k1_sha256_write(&sha256, c, sizeof(c));
    secp256k1_sha256_finalize(&sha256, buf);
    secp256k1_scalar_set_b32(scalar, buf, &overflow);
    CHECK(!overflow);
}

static void run_test(bench_data* data, size_t count, int includes_g) {
    char str[32];
    static const secp256k1_scalar zero = SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0);
    size_t iters = 1 + ITERS / count;
    size_t iter;

    data->count = count;
    data->includes_g = includes_g;

    /* Compute (the negation of) the expected results directly. */
    data->offset1 = (data->count * 0x537b7f6f + 0x8f66a481) % POINTS;
    data->offset2 = (data->count * 0x7f6f537b + 0x6a1a8f49) % POINTS;
    for (iter = 0; iter < iters; ++iter) {
        secp256k1_scalar tmp;
        secp256k1_scalar total = data->scalars[(data->offset1++) % POINTS];
        size_t i = 0;
        for (i = 0; i + 1 < count; ++i) {
            secp256k1_scalar_mul(&tmp, &data->seckeys[(data->offset2++) % POINTS], &data->scalars[(data->offset1++) % POINTS]);
            secp256k1_scalar_add(&total, &total, &tmp);
        }
        secp256k1_scalar_negate(&total, &total);
        secp256k1_ecmult(&data->ctx->ecmult_ctx, &data->expected_output[iter], NULL, &zero, &total);
    }

    /* Run the benchmark. */
    sprintf(str, includes_g ? "ecmult_%ig" : "ecmult_%i", (int)count);
    run_benchmark(str, bench_ecmult, bench_ecmult_setup, bench_ecmult_teardown, data, 10, count * (1 + ITERS / count));
}

int main(int argc, char **argv) {
    bench_data data;
    int i, p;
    secp256k1_gej* pubkeys_gej;
    size_t scratch_size;

    data.ctx = secp256k1_context_create(SECP256K1_CONTEXT_SIGN | SECP256K1_CONTEXT_VERIFY);
    scratch_size = secp256k1_strauss_scratch_size(POINTS) + STRAUSS_SCRATCH_OBJECTS*16;
    data.scratch = secp256k1_scratch_space_create(data.ctx, scratch_size);
    data.ecmult_multi = secp256k1_ecmult_multi_var;

    if (argc > 1) {
        if(have_flag(argc, argv, "pippenger_wnaf")) {
            printf("Using pippenger_wnaf:\n");
            data.ecmult_multi = secp256k1_ecmult_pippenger_batch_single;
        } else if(have_flag(argc, argv, "strauss_wnaf")) {
            printf("Using strauss_wnaf:\n");
            data.ecmult_multi = secp256k1_ecmult_strauss_batch_single;
        } else if(have_flag(argc, argv, "simple")) {
            printf("Using simple algorithm:\n");
            data.ecmult_multi = secp256k1_ecmult_multi_var;
            secp256k1_scratch_space_destroy(data.ctx, data.scratch);
            data.scratch = NULL;
        } else {
            fprintf(stderr, "%s: unrecognized argument '%s'.\n", argv[0], argv[1]);
            fprintf(stderr, "Use 'pippenger_wnaf', 'strauss_wnaf', 'simple' or no argument to benchmark a combined algorithm.\n");
            return 1;
        }
    }

    /* Allocate stuff */
    data.scalars = malloc(sizeof(secp256k1_scalar) * POINTS);
    data.seckeys = malloc(sizeof(secp256k1_scalar) * POINTS);
    data.pubkeys = malloc(sizeof(secp256k1_ge) * POINTS);
    data.expected_output = malloc(sizeof(secp256k1_gej) * (ITERS + 1));
    data.output = malloc(sizeof(secp256k1_gej) * (ITERS + 1));

    /* Generate a set of scalars, and private/public keypairs. */
    pubkeys_gej = malloc(sizeof(secp256k1_gej) * POINTS);
    secp256k1_gej_set_ge(&pubkeys_gej[0], &secp256k1_ge_const_g);
    secp256k1_scalar_set_int(&data.seckeys[0], 1);
    for (i = 0; i < POINTS; ++i) {
        generate_scalar(i, &data.scalars[i]);
        if (i) {
            secp256k1_gej_double_var(&pubkeys_gej[i], &pubkeys_gej[i - 1], NULL);
            secp256k1_scalar_add(&data.seckeys[i], &data.seckeys[i - 1], &data.seckeys[i - 1]);
        }
    }
    secp256k1_ge_set_all_gej_var(data.pubkeys, pubkeys_gej, POINTS);
    free(pubkeys_gej);

    for (i = 1; i <= 8; ++i) {
        run_test(&data, i, 1);
    }

    for (p = 0; p <= 11; ++p) {
        for (i = 9; i <= 16; ++i) {
            run_test(&data, i << p, 1);
        }
    }
    if (data.scratch != NULL) {
        secp256k1_scratch_space_destroy(data.ctx, data.scratch);
    }
    secp256k1_context_destroy(data.ctx);
    free(data.scalars);
    free(data.pubkeys);
    free(data.seckeys);
    free(data.output);
    free(data.expected_output);

    return(0);
}
Commit	Line	Data
bc65aa79 PW	1	/**********************************************************************
	2	* Copyright (c) 2017 Pieter Wuille *
	3	* Distributed under the MIT software license, see the accompanying *
	4	* file COPYING or http://www.opensource.org/licenses/mit-license.php.*
	5	**********************************************************************/
	6	#include <stdio.h>
	7
	8	#include "include/secp256k1.h"
	9
	10	#include "util.h"
	11	#include "hash_impl.h"
	12	#include "num_impl.h"
	13	#include "field_impl.h"
	14	#include "group_impl.h"
	15	#include "scalar_impl.h"
	16	#include "ecmult_impl.h"
	17	#include "bench.h"
	18	#include "secp256k1.c"
	19
	20	#define POINTS 32768
	21	#define ITERS 10000
	22
	23	typedef struct {
	24	/* Setup once in advance */
	25	secp256k1_context* ctx;
	26	secp256k1_scratch_space* scratch;
	27	secp256k1_scalar* scalars;
	28	secp256k1_ge* pubkeys;
	29	secp256k1_scalar* seckeys;
	30	secp256k1_gej* expected_output;
a58f543f	31	secp256k1_ecmult_multi_func ecmult_multi;
bc65aa79 PW	32
	33	/* Changes per test */
	34	size_t count;
	35	int includes_g;
	36
	37	/* Changes per test iteration */
	38	size_t offset1;
	39	size_t offset2;
	40
	41	/* Test output. */
	42	secp256k1_gej* output;
	43	} bench_data;
	44
	45	static int bench_callback(secp256k1_scalar* sc, secp256k1_ge* ge, size_t idx, void* arg) {
	46	bench_data* data = (bench_data*)arg;
	47	if (data->includes_g) ++idx;
	48	if (idx == 0) {
	49	*sc = data->scalars[data->offset1];
	50	*ge = secp256k1_ge_const_g;
	51	} else {
	52	*sc = data->scalars[(data->offset1 + idx) % POINTS];
	53	*ge = data->pubkeys[(data->offset2 + idx - 1) % POINTS];
	54	}
	55	return 1;
	56	}
	57
	58	static void bench_ecmult(void* arg) {
	59	bench_data* data = (bench_data*)arg;
	60
	61	size_t count = data->count;
	62	int includes_g = data->includes_g;
	63	size_t iters = 1 + ITERS / count;
	64	size_t iter;
	65
	66	for (iter = 0; iter < iters; ++iter) {
c2b028a2	67	data->ecmult_multi(&data->ctx->error_callback, &data->ctx->ecmult_ctx, data->scratch, &data->output[iter], data->includes_g ? &data->scalars[data->offset1] : NULL, bench_callback, arg, count - includes_g);
bc65aa79 PW	68	data->offset1 = (data->offset1 + count) % POINTS;
	69	data->offset2 = (data->offset2 + count - 1) % POINTS;
	70	}
	71	}
	72
	73	static void bench_ecmult_setup(void* arg) {
	74	bench_data* data = (bench_data*)arg;
	75	data->offset1 = (data->count * 0x537b7f6f + 0x8f66a481) % POINTS;
	76	data->offset2 = (data->count * 0x7f6f537b + 0x6a1a8f49) % POINTS;
	77	}
	78
	79	static void bench_ecmult_teardown(void* arg) {
	80	bench_data* data = (bench_data*)arg;
	81	size_t iters = 1 + ITERS / data->count;
	82	size_t iter;
	83	/* Verify the results in teardown, to avoid doing comparisons while benchmarking. */
	84	for (iter = 0; iter < iters; ++iter) {
	85	secp256k1_gej tmp;
	86	secp256k1_gej_add_var(&tmp, &data->output[iter], &data->expected_output[iter], NULL);
	87	CHECK(secp256k1_gej_is_infinity(&tmp));
	88	}
	89	}
	90
	91	static void generate_scalar(uint32_t num, secp256k1_scalar* scalar) {
	92	secp256k1_sha256 sha256;
	93	unsigned char c[11] = {'e', 'c', 'm', 'u', 'l', 't', 0, 0, 0, 0};
	94	unsigned char buf[32];
	95	int overflow = 0;
	96	c[6] = num;
	97	c[7] = num >> 8;
	98	c[8] = num >> 16;
	99	c[9] = num >> 24;
	100	secp256k1_sha256_initialize(&sha256);
	101	secp256k1_sha256_write(&sha256, c, sizeof(c));
	102	secp256k1_sha256_finalize(&sha256, buf);
	103	secp256k1_scalar_set_b32(scalar, buf, &overflow);
	104	CHECK(!overflow);
	105	}
	106
	107	static void run_test(bench_data* data, size_t count, int includes_g) {
	108	char str[32];
	109	static const secp256k1_scalar zero = SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0);
	110	size_t iters = 1 + ITERS / count;
	111	size_t iter;
	112
	113	data->count = count;
	114	data->includes_g = includes_g;
	115
	116	/* Compute (the negation of) the expected results directly. */
	117	data->offset1 = (data->count * 0x537b7f6f + 0x8f66a481) % POINTS;
	118	data->offset2 = (data->count * 0x7f6f537b + 0x6a1a8f49) % POINTS;
	119	for (iter = 0; iter < iters; ++iter) {
	120	secp256k1_scalar tmp;
	121	secp256k1_scalar total = data->scalars[(data->offset1++) % POINTS];
	122	size_t i = 0;
	123	for (i = 0; i + 1 < count; ++i) {
	124	secp256k1_scalar_mul(&tmp, &data->seckeys[(data->offset2++) % POINTS], &data->scalars[(data->offset1++) % POINTS]);
	125	secp256k1_scalar_add(&total, &total, &tmp);
	126	}
	127	secp256k1_scalar_negate(&total, &total);
	128	secp256k1_ecmult(&data->ctx->ecmult_ctx, &data->expected_output[iter], NULL, &zero, &total);
	129	}
	130
	131	/* Run the benchmark. */
132	sprintf(str, includes_g ? "ecmult_%ig" : "ecmult_%i", (int)count);
133	run_benchmark(str, bench_ecmult, bench_ecmult_setup, bench_ecmult_teardown, data, 10, count * (1 + ITERS / count));
134	}
135
136	int main(int argc, char **argv) {
137	bench_data data;
138	int i, p;
139	secp256k1_gej* pubkeys_gej;
a58f543f JN	140	size_t scratch_size;
a58f543f JN	141
a697d82d JN	142	data.ctx = secp256k1_context_create(SECP256K1_CONTEXT_SIGN \| SECP256K1_CONTEXT_VERIFY);
	143	scratch_size = secp256k1_strauss_scratch_size(POINTS) + STRAUSS_SCRATCH_OBJECTS*16;
	144	data.scratch = secp256k1_scratch_space_create(data.ctx, scratch_size);
0f051736	145	data.ecmult_multi = secp256k1_ecmult_multi_var;
a697d82d	146
a58f543f JN	147	if (argc > 1) {
	148	if(have_flag(argc, argv, "pippenger_wnaf")) {
	149	printf("Using pippenger_wnaf:\n");
	150	data.ecmult_multi = secp256k1_ecmult_pippenger_batch_single;
	151	} else if(have_flag(argc, argv, "strauss_wnaf")) {
	152	printf("Using strauss_wnaf:\n");
	153	data.ecmult_multi = secp256k1_ecmult_strauss_batch_single;
a697d82d JN	154	} else if(have_flag(argc, argv, "simple")) {
	155	printf("Using simple algorithm:\n");
	156	data.ecmult_multi = secp256k1_ecmult_multi_var;
c2b028a2	157	secp256k1_scratch_space_destroy(data.ctx, data.scratch);
a697d82d	158	data.scratch = NULL;
0f051736 JN	159	} else {
0f051736 JN	160	fprintf(stderr, "%s: unrecognized argument '%s'.\n", argv[0], argv[1]);
a697d82d	161	fprintf(stderr, "Use 'pippenger_wnaf', 'strauss_wnaf', 'simple' or no argument to benchmark a combined algorithm.\n");
0f051736	162	return 1;
a58f543f	163	}
a58f543f	164	}
bc65aa79 PW	165
bc65aa79 PW	166	/* Allocate stuff */
bc65aa79 PW	167	data.scalars = malloc(sizeof(secp256k1_scalar) * POINTS);
	168	data.seckeys = malloc(sizeof(secp256k1_scalar) * POINTS);
	169	data.pubkeys = malloc(sizeof(secp256k1_ge) * POINTS);
	170	data.expected_output = malloc(sizeof(secp256k1_gej) * (ITERS + 1));
	171	data.output = malloc(sizeof(secp256k1_gej) * (ITERS + 1));
	172
	173	/* Generate a set of scalars, and private/public keypairs. */
	174	pubkeys_gej = malloc(sizeof(secp256k1_gej) * POINTS);
	175	secp256k1_gej_set_ge(&pubkeys_gej[0], &secp256k1_ge_const_g);
	176	secp256k1_scalar_set_int(&data.seckeys[0], 1);
	177	for (i = 0; i < POINTS; ++i) {
	178	generate_scalar(i, &data.scalars[i]);
	179	if (i) {
	180	secp256k1_gej_double_var(&pubkeys_gej[i], &pubkeys_gej[i - 1], NULL);
	181	secp256k1_scalar_add(&data.seckeys[i], &data.seckeys[i - 1], &data.seckeys[i - 1]);
	182	}
	183	}
7f7a2ed3	184	secp256k1_ge_set_all_gej_var(data.pubkeys, pubkeys_gej, POINTS);
bc65aa79 PW	185	free(pubkeys_gej);
	186
	187	for (i = 1; i <= 8; ++i) {
	188	run_test(&data, i, 1);
	189	}
	190
	191	for (p = 0; p <= 11; ++p) {
	192	for (i = 9; i <= 16; ++i) {
	193	run_test(&data, i << p, 1);
	194	}
	195	}
a697d82d	196	if (data.scratch != NULL) {
c2b028a2	197	secp256k1_scratch_space_destroy(data.ctx, data.scratch);
a697d82d	198	}
c2b028a2	199	secp256k1_context_destroy(data.ctx);
bc65aa79 PW	200	free(data.scalars);
	201	free(data.pubkeys);
	202	free(data.seckeys);
	203	free(data.output);
	204	free(data.expected_output);
	205
	206	return(0);
	207	}