本文探讨了椭圆曲线密码学中批量标量乘法的不同算法优化,包括Bos-Coster、Straus及Pippenger算法,并通过实验对比了不同参数下算法的性能表现。
1. 引言
multiScalar_multiplication定义如下:
V
=
a
1
P
1
+
a
2
P
2
+
.
.
.
+
a
n
P
n
,
其
中
a
i
为
s
c
a
l
a
r
值
,
P
i
为
e
l
l
i
p
t
i
c
−
c
u
r
v
e
p
o
i
n
t
V=a_1P_1+a_2P_2+...+a_nP_n,其中a_i为scalar值,P_i为elliptic-curve\ point
V=a1P1+a2P2+...+anPn,其中ai为scalar值,Pi为elliptic−curve point
在论文《Faster batch forgery identification》第四节中,分别提及了三种算法:
- Bos-Coster算法:对multiScalar_multiplication速度的提升有限。
- Straus算法:选择
w
=
5
w=5
w=5。
- Pippenger算法:可分别选择
w
=
6
w=6
w=6、
w
=
7
w=7
w=7、
w
=
8
w=8
w=8。
2. curve25519-dalek中算法选择边界
curve25519-dalek的边界为:
- <190: straus
-
=190 && <500: w=6 Pippeneger算法
-
=500 && <800: w=7 Pippeneger算法
-
=800: w=8 Pippeneger算法
all w=8:
Running target/release/deps/dalek_benchmarks-53fcb1faec6cb376
Variable-time variable-base multiscalar multiplication/189
time: [4.4437 ms 4.4703 ms 4.5316 ms]
change: [-1.7336% +23.795% +57.793%] (p = 0.11 > 0.05)
No change in performance detected.
Found 3 outliers among 15 measurements (20.00%)
3 (20.00%) high severe
Variable-time variable-base multiscalar multiplication/190
time: [4.4633 ms 4.4925 ms 4.5632 ms]
change: [+2.0396% +27.568% +58.014%] (p = 0.05 < 0.05)
Performance has regressed.
Found 2 outliers among 15 measurements (13.33%)
2 (13.33%) high severe
Variable-time variable-base multiscalar multiplication/499
time: [7.2052 ms 7.2595 ms 7.3616 ms]
change: [-14.260% +8.9149% +34.793%] (p = 0.53 > 0.05)
No change in performance detected.
Found 2 outliers among 15 measurements (13.33%)
2 (13.33%) high severe
Variable-time variable-base multiscalar multiplication/500
time: [7.2194 ms 7.2761 ms 7.3911 ms]
change: [-12.083% +9.2730% +36.544%] (p = 0.48 > 0.05)
No change in performance detected.
Found 3 outliers among 15 measurements (20.00%)
1 (6.67%) high mild
2 (13.33%) high severe
Variable-time variable-base multiscalar multiplication/799
time: [9.8895 ms 9.9910 ms 10.142 ms]
change: [-13.810% +4.7550% +23.994%] (p = 0.70 > 0.05)
No change in performance detected.
Found 3 outliers among 15 measurements (20.00%)
3 (20.00%) high severe
Variable-time variable-base multiscalar multiplication/800
time: [9.9245 ms 9.9687 ms 10.077 ms]
change: [-15.381% +3.3416% +29.183%] (p = 0.78 > 0.05)
No change in performance detected.
Found 2 outliers among 15 measurements (13.33%)
2 (13.33%) high severe
all w=7:
Running target/release/deps/dalek_benchmarks-53fcb1faec6cb376
Variable-time variable-base multiscalar multiplication/189
time: [3.5630 ms 3.5914 ms 3.6504 ms]
change: [-11.315% +12.310% +41.991%] (p = 0.39 > 0.05)
No change in performance detected.
Found 3 outliers among 15 measurements (20.00%)
3 (20.00%) high severe
Variable-time variable-base multiscalar multiplication/190
time: [3.5012 ms 3.5234 ms 3.5752 ms]
change: [-10.315% +10.701% +39.224%] (p = 0.41 > 0.05)
No change in performance detected.
Found 3 outliers among 15 measurements (20.00%)
3 (20.00%) high severe
Variable-time variable-base multiscalar multiplication/499
time: [6.6358 ms 6.6664 ms 6.7455 ms]
change: [-22.010% -2.0152% +25.105%] (p = 0.83 > 0.05)
No change in performance detected.
Found 2 outliers among 15 measurements (13.33%)
2 (13.33%) high severe
Variable-time variable-base multiscalar multiplication/500
time: [6.6411 ms 6.6746 ms 6.7609 ms]
change: [-22.621% -3.1515% +24.251%] (p = 0.80 > 0.05)
No change in performance detected.
Found 2 outliers among 15 measurements (13.33%)
2 (13.33%) high severe
Variable-time variable-base multiscalar multiplication/799
time: [9.6734 ms 9.7493 ms 9.8566 ms]
change: [-32.201% -15.383% +6.3693%] (p = 0.20 > 0.05)
No change in performance detected.
Found 2 outliers among 15 measurements (13.33%)
2 (13.33%) high severe
Variable-time variable-base multiscalar multiplication/800
time: [9.6891 ms 9.7310 ms 9.8314 ms]
change: [-21.197% -4.7756% +15.300%] (p = 0.66 > 0.05)
No change in performance detected.
Found 2 outliers among 15 measurements (13.33%)
2 (13.33%) high severe
all w=6:
Running target/release/deps/dalek_benchmarks-53fcb1faec6cb376
Variable-time variable-base multiscalar multiplication/189
time: [3.1587 ms 3.1799 ms 3.2284 ms]
change: [-17.560% +4.6755% +32.986%] (p = 0.74 > 0.05)
No change in performance detected.
Found 3 outliers among 15 measurements (20.00%)
3 (20.00%) high severe
Variable-time variable-base multiscalar multiplication/190
time: [3.1706 ms 3.1918 ms 3.2404 ms]
change: [-21.148% +1.7730% +30.036%] (p = 0.90 > 0.05)
No change in performance detected.
Found 3 outliers among 15 measurements (20.00%)
3 (20.00%) high severe
Variable-time variable-base multiscalar multiplication/499
time: [6.8064 ms 6.8407 ms 6.9261 ms]
change: [-30.371% -12.039% +12.024%] (p = 0.32 > 0.05)
No change in performance detected.
Found 2 outliers among 15 measurements (13.33%)
2 (13.33%) high severe
Variable-time variable-base multiscalar multiplication/500
time: [6.8180 ms 6.8740 ms 6.9684 ms]
change: [-31.891% -13.085% +10.826%] (p = 0.29 > 0.05)
No change in performance detected.
Found 3 outliers among 15 measurements (20.00%)
1 (6.67%) high mild
2 (13.33%) high severe
Variable-time variable-base multiscalar multiplication/799
time: [10.399 ms 10.546 ms 10.819 ms]
change: [-27.627% -9.1493% +13.573%] (p = 0.46 > 0.05)
No change in performance detected.
Found 3 outliers among 15 measurements (20.00%)
1 (6.67%) high mild
2 (13.33%) high severe
Variable-time variable-base multiscalar multiplication/800
time: [10.281 ms 10.318 ms 10.392 ms]
change: [-39.340% -22.582% -2.0183%] (p = 0.06 > 0.05)
No change in performance detected.
Found 2 outliers among 15 measurements (13.33%)
2 (13.33%) high severe
all straus:
Running target/release/deps/dalek_benchmarks-53fcb1faec6cb376
Variable-time variable-base multiscalar multiplication/189
time: [2.9865 ms 3.0344 ms 3.1013 ms]
change: [-18.787% +2.8603% +30.058%] (p = 0.84 > 0.05)
No change in performance detected.
Found 3 outliers among 15 measurements (20.00%)
1 (6.67%) high mild
2 (13.33%) high severe
Variable-time variable-base multiscalar multiplication/190
time: [2.9745 ms 3.0011 ms 3.0599 ms]
change: [-22.820% -0.3394% +30.681%] (p = 0.98 > 0.05)
No change in performance detected.
Found 3 outliers among 15 measurements (20.00%)
3 (20.00%) high severe
Variable-time variable-base multiscalar multiplication/499
time: [7.7750 ms 7.8195 ms 7.9154 ms]
change: [-17.989% +2.7770% +32.322%] (p = 0.83 > 0.05)
No change in performance detected.
Found 2 outliers among 15 measurements (13.33%)
2 (13.33%) high severe
Variable-time variable-base multiscalar multiplication/500
time: [7.8235 ms 7.8651 ms 7.9713 ms]
change: [-7.2904% +16.179% +49.302%] (p = 0.26 > 0.05)
No change in performance detected.
Found 2 outliers among 15 measurements (13.33%)
2 (13.33%) high severe
Variable-time variable-base multiscalar multiplication/799
time: [12.478 ms 12.538 ms 12.667 ms]
change: [+4.1941% +28.354% +57.937%] (p = 0.02 < 0.05)
Performance has regressed.
Found 2 outliers among 15 measurements (13.33%)
2 (13.33%) high severe
Variable-time variable-base multiscalar multiplication/800
time: [12.667 ms 12.782 ms 12.937 ms]
change: [+4.4294% +34.305% +70.910%] (p = 0.03 < 0.05)
Performance has regressed.
Found 2 outliers among 15 measurements (13.33%)
2 (13.33%) high severe
default:
Running target/release/deps/dalek_benchmarks-53fcb1faec6cb376
Variable-time variable-base multiscalar multiplication/189
time: [2.9304 ms 2.9669 ms 3.0377 ms]
change: [-78.836% -74.890% -70.059%] (p = 0.00 < 0.05)
Performance has improved.
Found 3 outliers among 15 measurements (20.00%)
1 (6.67%) high mild
2 (13.33%) high severe
Variable-time variable-base multiscalar multiplication/190
time: [3.1322 ms 3.1516 ms 3.1971 ms]
change: [-78.159% -74.341% -68.876%] (p = 0.00 < 0.05)
Performance has improved.
Found 3 outliers among 15 measurements (20.00%)
1 (6.67%) high mild
2 (13.33%) high severe
Variable-time variable-base multiscalar multiplication/499
time: [6.8036 ms 7.0906 ms 7.7292 ms]
change: [-74.384% -69.294% -62.834%] (p = 0.00 < 0.05)
Performance has improved.
Found 3 outliers among 15 measurements (20.00%)
2 (13.33%) high mild
1 (6.67%) high severe
Variable-time variable-base multiscalar multiplication/500
time: [6.6848 ms 6.7521 ms 6.8618 ms]
Found 2 outliers among 15 measurements (13.33%)
2 (13.33%) high severe
Variable-time variable-base multiscalar multiplication/799
time: [9.5685 ms 9.7077 ms 9.9853 ms]
Found 3 outliers among 15 measurements (20.00%)
3 (20.00%) high severe
Variable-time variable-base multiscalar multiplication/800
time: [9.7910 ms 9.8422 ms 9.9460 ms]
Found 2 outliers among 15 measurements (13.33%)
2 (13.33%) high severe
#[cfg(feature = "alloc")]
impl VartimeMultiscalarMul for EdwardsPoint {
type Point = EdwardsPoint;
fn optional_multiscalar_mul<I, J>(scalars: I, points: J) -> Option<EdwardsPoint>
where
I: IntoIterator,
I::Item: Borrow<Scalar>,
J: IntoIterator<Item = Option<EdwardsPoint>>,
{
// Sanity-check lengths of input iterators
let mut scalars = scalars.into_iter();
let mut points = points.into_iter();
// Lower and upper bounds on iterators
let (s_lo, s_hi) = scalars.by_ref().size_hint();
let (p_lo, p_hi) = points.by_ref().size_hint();
// They should all be equal
assert_eq!(s_lo, p_lo);
assert_eq!(s_hi, Some(s_lo));
assert_eq!(p_hi, Some(p_lo));
// Now we know there's a single size.
// Use this as the hint to decide which algorithm to use.
let size = s_lo;
if size < 190 {
scalar_mul::straus::Straus::optional_multiscalar_mul(scalars, points)
} else {
scalar_mul::pippenger::Pippenger::optional_multiscalar_mul(scalars, points)
}
}
}
参考资料:
[1] 论文《Faster batch forgery identification》
扫一扫
398
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
