[secp256k1.git] / src / bench_ecmult.c

/***********************************************************************
 * Copyright (c) 2017 Pieter Wuille                                    *
 * Distributed under the MIT software license, see the accompanying    *
 * file COPYING or https://www.opensource.org/licenses/mit-license.php.*
 ***********************************************************************/
#include <stdio.h>

#include "secp256k1.c"
#include "../include/secp256k1.h"

#include "util.h"
#include "hash_impl.h"
#include "field_impl.h"
#include "group_impl.h"
#include "scalar_impl.h"
#include "ecmult_impl.h"
#include "bench.h"

#define POINTS 32768

typedef struct {
    /* Setup once in advance */
    secp256k1_context* ctx;
    secp256k1_scratch_space* scratch;
    secp256k1_scalar* scalars;
    secp256k1_ge* pubkeys;
    secp256k1_scalar* seckeys;
    secp256k1_gej* expected_output;
    secp256k1_ecmult_multi_func ecmult_multi;

    /* Changes per test */
    size_t count;
    int includes_g;

    /* Changes per test iteration */
    size_t offset1;
    size_t offset2;

    /* Test output. */
    secp256k1_gej* output;
} bench_data;

static int bench_callback(secp256k1_scalar* sc, secp256k1_ge* ge, size_t idx, void* arg) {
    bench_data* data = (bench_data*)arg;
    if (data->includes_g) ++idx;
    if (idx == 0) {
        *sc = data->scalars[data->offset1];
        *ge = secp256k1_ge_const_g;
    } else {
        *sc = data->scalars[(data->offset1 + idx) % POINTS];
        *ge = data->pubkeys[(data->offset2 + idx - 1) % POINTS];
    }
    return 1;
}

static void bench_ecmult(void* arg, int iters) {
    bench_data* data = (bench_data*)arg;

    int includes_g = data->includes_g;
    int iter;
    int count = data->count;
    iters = iters / data->count;

    for (iter = 0; iter < iters; ++iter) {
        data->ecmult_multi(&data->ctx->error_callback, &data->ctx->ecmult_ctx, data->scratch, &data->output[iter], data->includes_g ? &data->scalars[data->offset1] : NULL, bench_callback, arg, count - includes_g);
        data->offset1 = (data->offset1 + count) % POINTS;
        data->offset2 = (data->offset2 + count - 1) % POINTS;
    }
}

static void bench_ecmult_setup(void* arg) {
    bench_data* data = (bench_data*)arg;
    data->offset1 = (data->count * 0x537b7f6f + 0x8f66a481) % POINTS;
    data->offset2 = (data->count * 0x7f6f537b + 0x6a1a8f49) % POINTS;
}

static void bench_ecmult_teardown(void* arg, int iters) {
    bench_data* data = (bench_data*)arg;
    int iter;
    iters = iters / data->count;
    /* Verify the results in teardown, to avoid doing comparisons while benchmarking. */
    for (iter = 0; iter < iters; ++iter) {
        secp256k1_gej tmp;
        secp256k1_gej_add_var(&tmp, &data->output[iter], &data->expected_output[iter], NULL);
        CHECK(secp256k1_gej_is_infinity(&tmp));
    }
}

static void generate_scalar(uint32_t num, secp256k1_scalar* scalar) {
    secp256k1_sha256 sha256;
    unsigned char c[11] = {'e', 'c', 'm', 'u', 'l', 't', 0, 0, 0, 0};
    unsigned char buf[32];
    int overflow = 0;
    c[6] = num;
    c[7] = num >> 8;
    c[8] = num >> 16;
    c[9] = num >> 24;
    secp256k1_sha256_initialize(&sha256);
    secp256k1_sha256_write(&sha256, c, sizeof(c));
    secp256k1_sha256_finalize(&sha256, buf);
    secp256k1_scalar_set_b32(scalar, buf, &overflow);
    CHECK(!overflow);
}

static void run_test(bench_data* data, size_t count, int includes_g, int num_iters) {
    char str[32];
    static const secp256k1_scalar zero = SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0);
    size_t iters = 1 + num_iters / count;
    size_t iter;

    data->count = count;
    data->includes_g = includes_g;

    /* Compute (the negation of) the expected results directly. */
    data->offset1 = (data->count * 0x537b7f6f + 0x8f66a481) % POINTS;
    data->offset2 = (data->count * 0x7f6f537b + 0x6a1a8f49) % POINTS;
    for (iter = 0; iter < iters; ++iter) {
        secp256k1_scalar tmp;
        secp256k1_scalar total = data->scalars[(data->offset1++) % POINTS];
        size_t i = 0;
        for (i = 0; i + 1 < count; ++i) {
            secp256k1_scalar_mul(&tmp, &data->seckeys[(data->offset2++) % POINTS], &data->scalars[(data->offset1++) % POINTS]);
            secp256k1_scalar_add(&total, &total, &tmp);
        }
        secp256k1_scalar_negate(&total, &total);
        secp256k1_ecmult(&data->ctx->ecmult_ctx, &data->expected_output[iter], NULL, &zero, &total);
    }

    /* Run the benchmark. */
    sprintf(str, includes_g ? "ecmult_%ig" : "ecmult_%i", (int)count);
    run_benchmark(str, bench_ecmult, bench_ecmult_setup, bench_ecmult_teardown, data, 10, count * iters);
}

int main(int argc, char **argv) {
    bench_data data;
    int i, p;
    secp256k1_gej* pubkeys_gej;
    size_t scratch_size;

    int iters = get_iters(10000);

    data.ctx = secp256k1_context_create(SECP256K1_CONTEXT_SIGN | SECP256K1_CONTEXT_VERIFY);
    scratch_size = secp256k1_strauss_scratch_size(POINTS) + STRAUSS_SCRATCH_OBJECTS*16;
    data.scratch = secp256k1_scratch_space_create(data.ctx, scratch_size);
    data.ecmult_multi = secp256k1_ecmult_multi_var;

    if (argc > 1) {
        if(have_flag(argc, argv, "pippenger_wnaf")) {
            printf("Using pippenger_wnaf:\n");
            data.ecmult_multi = secp256k1_ecmult_pippenger_batch_single;
        } else if(have_flag(argc, argv, "strauss_wnaf")) {
            printf("Using strauss_wnaf:\n");
            data.ecmult_multi = secp256k1_ecmult_strauss_batch_single;
        } else if(have_flag(argc, argv, "simple")) {
            printf("Using simple algorithm:\n");
            data.ecmult_multi = secp256k1_ecmult_multi_var;
            secp256k1_scratch_space_destroy(data.ctx, data.scratch);
            data.scratch = NULL;
        } else {
            fprintf(stderr, "%s: unrecognized argument '%s'.\n", argv[0], argv[1]);
            fprintf(stderr, "Use 'pippenger_wnaf', 'strauss_wnaf', 'simple' or no argument to benchmark a combined algorithm.\n");
            return 1;
        }
    }

    /* Allocate stuff */
    data.scalars = malloc(sizeof(secp256k1_scalar) * POINTS);
    data.seckeys = malloc(sizeof(secp256k1_scalar) * POINTS);
    data.pubkeys = malloc(sizeof(secp256k1_ge) * POINTS);
    data.expected_output = malloc(sizeof(secp256k1_gej) * (iters + 1));
    data.output = malloc(sizeof(secp256k1_gej) * (iters + 1));

    /* Generate a set of scalars, and private/public keypairs. */
    pubkeys_gej = malloc(sizeof(secp256k1_gej) * POINTS);
    secp256k1_gej_set_ge(&pubkeys_gej[0], &secp256k1_ge_const_g);
    secp256k1_scalar_set_int(&data.seckeys[0], 1);
    for (i = 0; i < POINTS; ++i) {
        generate_scalar(i, &data.scalars[i]);
        if (i) {
            secp256k1_gej_double_var(&pubkeys_gej[i], &pubkeys_gej[i - 1], NULL);
            secp256k1_scalar_add(&data.seckeys[i], &data.seckeys[i - 1], &data.seckeys[i - 1]);
        }
    }
    secp256k1_ge_set_all_gej_var(data.pubkeys, pubkeys_gej, POINTS);
    free(pubkeys_gej);

    for (i = 1; i <= 8; ++i) {
        run_test(&data, i, 1, iters);
    }

    /* This is disabled with low count of iterations because the loop runs 77 times even with iters=1
    * and the higher it goes the longer the computation takes(more points)
    * So we don't run this benchmark with low iterations to prevent slow down */
     if (iters > 2) {
        for (p = 0; p <= 11; ++p) {
            for (i = 9; i <= 16; ++i) {
                run_test(&data, i << p, 1, iters);
            }
        }
    }

    if (data.scratch != NULL) {
        secp256k1_scratch_space_destroy(data.ctx, data.scratch);
    }
    secp256k1_context_destroy(data.ctx);
    free(data.scalars);
    free(data.pubkeys);
    free(data.seckeys);
    free(data.output);
    free(data.expected_output);

    return(0);
}
Commit	Line	Data
07aa4c70 DA	1	/***********************************************************************
	2	* Copyright (c) 2017 Pieter Wuille *
	3	* Distributed under the MIT software license, see the accompanying *
	4	* file COPYING or https://www.opensource.org/licenses/mit-license.php.*
	5	***********************************************************************/
bc65aa79 PW	6	#include <stdio.h>
bc65aa79 PW	7
ae9e6485	8	#include "secp256k1.c"
3c90bdda	9	#include "../include/secp256k1.h"
bc65aa79 PW	10
	11	#include "util.h"
	12	#include "hash_impl.h"
bc65aa79 PW	13	#include "field_impl.h"
	14	#include "group_impl.h"
	15	#include "scalar_impl.h"
	16	#include "ecmult_impl.h"
	17	#include "bench.h"
bc65aa79 PW	18
bc65aa79 PW	19	#define POINTS 32768
bc65aa79 PW	20
	21	typedef struct {
	22	/* Setup once in advance */
	23	secp256k1_context* ctx;
	24	secp256k1_scratch_space* scratch;
	25	secp256k1_scalar* scalars;
	26	secp256k1_ge* pubkeys;
	27	secp256k1_scalar* seckeys;
	28	secp256k1_gej* expected_output;
a58f543f	29	secp256k1_ecmult_multi_func ecmult_multi;
bc65aa79 PW	30
	31	/* Changes per test */
	32	size_t count;
	33	int includes_g;
	34
	35	/* Changes per test iteration */
	36	size_t offset1;
	37	size_t offset2;
	38
	39	/* Test output. */
	40	secp256k1_gej* output;
	41	} bench_data;
	42
	43	static int bench_callback(secp256k1_scalar* sc, secp256k1_ge* ge, size_t idx, void* arg) {
	44	bench_data* data = (bench_data*)arg;
	45	if (data->includes_g) ++idx;
	46	if (idx == 0) {
	47	*sc = data->scalars[data->offset1];
	48	*ge = secp256k1_ge_const_g;
	49	} else {
	50	*sc = data->scalars[(data->offset1 + idx) % POINTS];
	51	*ge = data->pubkeys[(data->offset2 + idx - 1) % POINTS];
	52	}
	53	return 1;
	54	}
	55
ca4906b0	56	static void bench_ecmult(void* arg, int iters) {
bc65aa79 PW	57	bench_data* data = (bench_data*)arg;
bc65aa79 PW	58
bc65aa79	59	int includes_g = data->includes_g;
ca4906b0 ET	60	int iter;
	61	int count = data->count;
	62	iters = iters / data->count;
bc65aa79 PW	63
bc65aa79 PW	64	for (iter = 0; iter < iters; ++iter) {
c2b028a2	65	data->ecmult_multi(&data->ctx->error_callback, &data->ctx->ecmult_ctx, data->scratch, &data->output[iter], data->includes_g ? &data->scalars[data->offset1] : NULL, bench_callback, arg, count - includes_g);
bc65aa79 PW	66	data->offset1 = (data->offset1 + count) % POINTS;
	67	data->offset2 = (data->offset2 + count - 1) % POINTS;
	68	}
	69	}
	70
	71	static void bench_ecmult_setup(void* arg) {
	72	bench_data* data = (bench_data*)arg;
	73	data->offset1 = (data->count * 0x537b7f6f + 0x8f66a481) % POINTS;
	74	data->offset2 = (data->count * 0x7f6f537b + 0x6a1a8f49) % POINTS;
	75	}
	76
ca4906b0	77	static void bench_ecmult_teardown(void* arg, int iters) {
bc65aa79	78	bench_data* data = (bench_data*)arg;
ca4906b0 ET	79	int iter;
ca4906b0 ET	80	iters = iters / data->count;
bc65aa79 PW	81	/* Verify the results in teardown, to avoid doing comparisons while benchmarking. */
	82	for (iter = 0; iter < iters; ++iter) {
	83	secp256k1_gej tmp;
	84	secp256k1_gej_add_var(&tmp, &data->output[iter], &data->expected_output[iter], NULL);
	85	CHECK(secp256k1_gej_is_infinity(&tmp));
	86	}
	87	}
	88
	89	static void generate_scalar(uint32_t num, secp256k1_scalar* scalar) {
	90	secp256k1_sha256 sha256;
	91	unsigned char c[11] = {'e', 'c', 'm', 'u', 'l', 't', 0, 0, 0, 0};
	92	unsigned char buf[32];
	93	int overflow = 0;
	94	c[6] = num;
	95	c[7] = num >> 8;
	96	c[8] = num >> 16;
	97	c[9] = num >> 24;
	98	secp256k1_sha256_initialize(&sha256);
	99	secp256k1_sha256_write(&sha256, c, sizeof(c));
	100	secp256k1_sha256_finalize(&sha256, buf);
	101	secp256k1_scalar_set_b32(scalar, buf, &overflow);
	102	CHECK(!overflow);
	103	}
	104
ca4906b0	105	static void run_test(bench_data* data, size_t count, int includes_g, int num_iters) {
bc65aa79 PW	106	char str[32];
bc65aa79 PW	107	static const secp256k1_scalar zero = SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0);
ca4906b0	108	size_t iters = 1 + num_iters / count;
bc65aa79 PW	109	size_t iter;
	110
	111	data->count = count;
	112	data->includes_g = includes_g;
	113
	114	/* Compute (the negation of) the expected results directly. */
	115	data->offset1 = (data->count * 0x537b7f6f + 0x8f66a481) % POINTS;
	116	data->offset2 = (data->count * 0x7f6f537b + 0x6a1a8f49) % POINTS;
	117	for (iter = 0; iter < iters; ++iter) {
	118	secp256k1_scalar tmp;
	119	secp256k1_scalar total = data->scalars[(data->offset1++) % POINTS];
	120	size_t i = 0;
	121	for (i = 0; i + 1 < count; ++i) {
	122	secp256k1_scalar_mul(&tmp, &data->seckeys[(data->offset2++) % POINTS], &data->scalars[(data->offset1++) % POINTS]);
	123	secp256k1_scalar_add(&total, &total, &tmp);
	124	}
	125	secp256k1_scalar_negate(&total, &total);
	126	secp256k1_ecmult(&data->ctx->ecmult_ctx, &data->expected_output[iter], NULL, &zero, &total);
	127	}
	128
	129	/* Run the benchmark. */
	130	sprintf(str, includes_g ? "ecmult_%ig" : "ecmult_%i", (int)count);
ca4906b0	131	run_benchmark(str, bench_ecmult, bench_ecmult_setup, bench_ecmult_teardown, data, 10, count * iters);
bc65aa79 PW	132	}
	133
	134	int main(int argc, char **argv) {
	135	bench_data data;
	136	int i, p;
	137	secp256k1_gej* pubkeys_gej;
a58f543f JN	138	size_t scratch_size;
a58f543f JN	139
ca4906b0 ET	140	int iters = get_iters(10000);
ca4906b0 ET	141
a697d82d JN	142	data.ctx = secp256k1_context_create(SECP256K1_CONTEXT_SIGN \| SECP256K1_CONTEXT_VERIFY);
	143	scratch_size = secp256k1_strauss_scratch_size(POINTS) + STRAUSS_SCRATCH_OBJECTS*16;
	144	data.scratch = secp256k1_scratch_space_create(data.ctx, scratch_size);
0f051736	145	data.ecmult_multi = secp256k1_ecmult_multi_var;
a697d82d	146
a58f543f JN	147	if (argc > 1) {
	148	if(have_flag(argc, argv, "pippenger_wnaf")) {
	149	printf("Using pippenger_wnaf:\n");
	150	data.ecmult_multi = secp256k1_ecmult_pippenger_batch_single;
	151	} else if(have_flag(argc, argv, "strauss_wnaf")) {
	152	printf("Using strauss_wnaf:\n");
	153	data.ecmult_multi = secp256k1_ecmult_strauss_batch_single;
a697d82d JN	154	} else if(have_flag(argc, argv, "simple")) {
	155	printf("Using simple algorithm:\n");
	156	data.ecmult_multi = secp256k1_ecmult_multi_var;
c2b028a2	157	secp256k1_scratch_space_destroy(data.ctx, data.scratch);
a697d82d	158	data.scratch = NULL;
0f051736 JN	159	} else {
0f051736 JN	160	fprintf(stderr, "%s: unrecognized argument '%s'.\n", argv[0], argv[1]);
a697d82d	161	fprintf(stderr, "Use 'pippenger_wnaf', 'strauss_wnaf', 'simple' or no argument to benchmark a combined algorithm.\n");
0f051736	162	return 1;
a58f543f	163	}
a58f543f	164	}
bc65aa79 PW	165
bc65aa79 PW	166	/* Allocate stuff */
bc65aa79 PW	167	data.scalars = malloc(sizeof(secp256k1_scalar) * POINTS);
	168	data.seckeys = malloc(sizeof(secp256k1_scalar) * POINTS);
	169	data.pubkeys = malloc(sizeof(secp256k1_ge) * POINTS);
ca4906b0 ET	170	data.expected_output = malloc(sizeof(secp256k1_gej) * (iters + 1));
ca4906b0 ET	171	data.output = malloc(sizeof(secp256k1_gej) * (iters + 1));
bc65aa79 PW	172
	173	/* Generate a set of scalars, and private/public keypairs. */
	174	pubkeys_gej = malloc(sizeof(secp256k1_gej) * POINTS);
	175	secp256k1_gej_set_ge(&pubkeys_gej[0], &secp256k1_ge_const_g);
	176	secp256k1_scalar_set_int(&data.seckeys[0], 1);
	177	for (i = 0; i < POINTS; ++i) {
	178	generate_scalar(i, &data.scalars[i]);
	179	if (i) {
	180	secp256k1_gej_double_var(&pubkeys_gej[i], &pubkeys_gej[i - 1], NULL);
	181	secp256k1_scalar_add(&data.seckeys[i], &data.seckeys[i - 1], &data.seckeys[i - 1]);
	182	}
	183	}
7f7a2ed3	184	secp256k1_ge_set_all_gej_var(data.pubkeys, pubkeys_gej, POINTS);
bc65aa79 PW	185	free(pubkeys_gej);
	186
	187	for (i = 1; i <= 8; ++i) {
ca4906b0	188	run_test(&data, i, 1, iters);
bc65aa79 PW	189	}
bc65aa79 PW	190
ca4906b0 ET	191	/* This is disabled with low count of iterations because the loop runs 77 times even with iters=1
	192	* and the higher it goes the longer the computation takes(more points)
	193	* So we don't run this benchmark with low iterations to prevent slow down */
	194	if (iters > 2) {
	195	for (p = 0; p <= 11; ++p) {
	196	for (i = 9; i <= 16; ++i) {
	197	run_test(&data, i << p, 1, iters);
	198	}
bc65aa79 PW	199	}
bc65aa79 PW	200	}
ca4906b0	201
a697d82d	202	if (data.scratch != NULL) {
c2b028a2	203	secp256k1_scratch_space_destroy(data.ctx, data.scratch);
a697d82d	204	}
c2b028a2	205	secp256k1_context_destroy(data.ctx);
bc65aa79 PW	206	free(data.scalars);
	207	free(data.pubkeys);
	208	free(data.seckeys);
	209	free(data.output);
	210	free(data.expected_output);
	211
	212	return(0);
	213	}