Let us walk on the 3-isogeny graph
Loading...
Searching...
No Matches
ctidh.c
Go to the documentation of this file.
1#undef NDEBUG
2#include <time.h>
3
4#include <secsidh/secsidh.h>
5#include <assert.h>
6#include <string.h>
7#include <stdlib.h>
8#include <stdio.h>
9#include "cycle.h"
10#include "fp-counters.h"
11#include "primes.h"
12#include "ctidh.h"
13#include "ctidh_api.h"
14
15#include "fp/fp2.h"
16
17#if GLOBAL_COUNTERS != 0
18#define cprintf(...) printf(__VA_ARGS__)
19#else
20#define cprintf(...)
21#endif
22
23#define CPASTER(x, y) SECSIDH_CTIDH##x##_##y
24#define CEVALUATOR(x, y) CPASTER(x, y)
25#define CONSTNAMESPACE(name) CEVALUATOR(BITS, name)
26#define SK_SIZE CONSTNAMESPACE(SK_SIZE)
27#define PK_SIZE CONSTNAMESPACE(PK_SIZE)
28#define SS_SIZE CONSTNAMESPACE(SS_SIZE)
29
30#define pk_size FNAMESPACE(pk_size)
31#define sk_size FNAMESPACE(sk_size)
32#define ss_size FNAMESPACE(ss_size)
33
34#define FPASTER(x, y) secsidh_CTIDH##x##_##y
35#define FEVALUATOR(x, y) FPASTER(x, y)
36#define FNAMESPACE(name) FEVALUATOR(BITS, name)
37
38#define keygen FNAMESPACE(keygen)
39#define derive FNAMESPACE(derive)
40
41static void ss_print(const uint8_t *ss, char *c, size_t size)
42{
43 printf("%s := 0x", c);
44 int i;
45 for (i = size - 1; i > -1; i--)
46 printf("%02" PRIX8 "", ss[i]);
47 printf(";\n");
48}
49
50static int dumb_fp_isequal(const uint8_t *a, const uint8_t *b, size_t size)
51{
52 return memcmp(a, b, size) == 0;
53}
54
55static int run_benchmark_action(int64_t target, int64_t KEYS);
56static int run_benchmark_keygen(int64_t target, int64_t KEYS);
57static int run_benchmark_fp(long long target);
58
59int main(int argc, char *argv[])
60{
61#if !defined(_M1_) && !defined(_M2_) && !defined(_M3_) && !defined(_M4_) && !defined(_M5_)
62 printf("\nNOT using radical 3-isogenies (original dCTIDH).\n\n");
63#else
64 printf("\nUsing 2^%ld radical 3-isogenies.\n\n", batch_start[0] - 1);
65#endif
66 if (argc == 3)
67 {
68 if (strcmp(argv[1], "-bact") == 0)
69 {
70 run_benchmark_action(atoi(argv[2]), 10);
71 }
72 else if (strcmp(argv[1], "-bkey") == 0)
73 {
74 run_benchmark_keygen(atoi(argv[2]), 10);
75 }
76 else if (strcmp(argv[1], "-bkey") == 0)
77 {
78 run_benchmark_fp(atoi(argv[2]));
79 }
80 else
81 {
82 printf("usage: \t%s\t\t\t\t// for a quick test\n\t%s -bact [number of runs]\t//run benchmark for the action\n\t%s -bfp [number of runs]\t//run benchmark for fp_mul", argv[0], argv[0], argv[0]);
83 }
84 return 0;
85 }
86 else if (argc == 2)
87 {
88
89 if (strcmp(argv[1], "-fp2test") == 0)
90 {
91 printf("Starting fp^2 test ...\n");
92 fflush(stdout);
93 fp2_test();
94 printf("All tests passed!\n");
95 return 0;
96 }
97 else
98 {
99 printf("usage: \t%s\t\t\t\t// for a quick test\n\t%s -bact [number of runs]\t//run benchmark for the action\n\t%s -bfp [number of runs]\t//run benchmark for fp_mul", argv[0], argv[0], argv[0]);
100 }
101 }
102
103 ticks cc0, cc1; // for measuringthe clock cycles
104 // printf("PK_SIZE = %d and pk_size = %d\n", (int)PK_SIZE, (int)pk_size);
105 // printf("SK_SIZE = %d and sk_size = %d\n", (int)SK_SIZE, (int)sk_size);
106 // printf("SS_SIZE = %d and ss_size = %d\n", (int)SS_SIZE, (int)ss_size);
107 // assert(PK_SIZE == pk_size);
108 // assert(SK_SIZE == sk_size);
109 // assert(SS_SIZE == ss_size);
110
111 //------------------------------------------------------
112 // Key generation
113 printf("\033[0;33m// --------------\033[0m\n");
114 printf("\033[0;33m// Key generation\033[0m\n");
115
116 printf("sizeof private key = %lu \n", sizeof(private_key));
117 printf("sizeof public key = %lu \n", sizeof(public_key));
118
119 // ----------
120 // Alice
121 printf("\n\033[0;35m// Alice\033[0m\n");
122 // uint8_t a[sizeof(private_key)] = {0}, A[sizeof(public_key)] = {0}, ss_a[sizeof(public_key)];
123 uint8_t a[SK_SIZE] = {0}, A[PK_SIZE] = {0}, ss_a[SS_SIZE];
124 cc0 = getticks();
125 keygen(A, a);
126 cc1 = getticks();
127 ss_print(a, "sk_a", SK_SIZE);
128 ss_print(A, "pk_a", PK_SIZE);
129 cprintf("Running-time (millions): %2.03lfM + %2.03lfS + %2.03lfa = \033[1;35m%2.03lfM\033[0m\n", (1.0 * fpmul) / 1000000.0, (1.0 * fpsqr) / 1000000.0, (1.0 * fpadd) / 1000000.0, (1.0 * (fpmul + fpsqr)) / 1000000.0);
130 printf("Clock cycles (millions): \033[1;35m%7.03lf\033[0m\n", (1.0 * (cc1 - cc0)) / 1000000.0);
131 // ----------
132 // Bob
133 printf("\n\033[0;34m// Bob\033[0m\n");
134 uint8_t b[SK_SIZE], B[PK_SIZE], ss_b[SS_SIZE];
135 cc0 = getticks();
136 keygen(B, b);
137 cc1 = getticks();
138 ss_print(b, "sk_b", SK_SIZE);
139 ss_print(B, "pk_b", PK_SIZE);
140 cprintf("Running-time (millions): %2.03lfM + %2.03lfS + %2.03lfa = \033[1;34m%2.03lfM\033[0m\n", (1.0 * fpmul) / 1000000.0, (1.0 * fpsqr) / 1000000.0, (1.0 * fpadd) / 1000000.0, (1.0 * (fpmul + fpsqr)) / 1000000.0);
141 printf("Clock cycles (millions): \033[1;34m%7.03lf\033[0m\n", (1.0 * (cc1 - cc0)) / 1000000.0);
142
143 fflush(stdout);
144 //------------------------------------------------------
145 // Secret sharing derivation
146 printf("\n\033[0;33m// -------------------------\033[0m\n");
147 printf("\033[0;33m// Secret sharing generation\033[0m\n");
148
149 // ----------------
150 // Alice
151 printf("\n\033[0;35m// Alice\033[0m\n");
152 cc0 = getticks();
153 assert(derive(ss_a, B, a) == 0);
154 cc1 = getticks();
155 ss_print(ss_a, "ss_a", SS_SIZE);
156 cprintf("Running-time (millions) [without validation]: %2.03lfM + %2.03lfS + %2.03lfa = \033[1;35m%2.03lfM\033[0m\n",
157 (1.0 * fpmul) / 1000000.0, (1.0 * fpsqr) / 1000000.0, (1.0 * fpadd) / 1000000.0, (1.0 * (fpmul + fpsqr)) / 1000000.0);
158 printf("Clock cycles (millions) [including validation]: \033[1;35m%7.03lf\033[0m\n", (1.0 * (cc1 - cc0)) / 1000000.0);
159
160 fflush(stdout);
161 // ----------------
162 // Bob
163 printf("\n\033[0;34m// Bob\033[0m\n");
164 cc0 = getticks();
165 assert(derive(ss_b, A, b) == 0);
166 cc1 = getticks();
167 ss_print(ss_b, "ss_b", SS_SIZE);
168 cprintf("Running-time (millions) [without validation]: %2.03lfM + %2.03lfS + %2.03lfa = \033[1;34m%ld\033[0m\n",
169 (1.0 * fpmul) / 1000000.0, (1.0 * fpsqr) / 1000000.0, (1.0 * fpadd) / 1000000.0, (fpmul + fpsqr));
170 printf("Clock cycles (millions) [including validation]: \033[1;34m%7.03lf\033[0m\n", (1.0 * (cc1 - cc0)) / 1000000.0);
171 fflush(stdout);
172 // =============================
173 // Verifying same secret sharing
174 assert(dumb_fp_isequal(ss_a, ss_b, SS_SIZE));
175
176 //------------------------------------------------------
177 printf("\n\033[0;32m// Successfully secret sharing computation!\033[0m\n");
178 return 0;
179}
180
181static int run_benchmark_action(int64_t target, int64_t KEYS)
182{
183
184 for (long long loop = 0; loop != target; ++loop)
185 {
186 private_key a;
187 private_key b;
188 public_key B;
189 public_key result;
190
191 ctidh_private(&a);
192 ctidh_private(&b);
193
194 action(&B, &base, &b); // Secrect sharing Montgomery curve affine coefficient: [sk] * pk
195 fp u;
196 fulltorsion_points(u, B.A);
197 B.seed = u[0];
198
199 for (long long key = 0; key < KEYS; ++key)
200 {
201 fpmul = fpsqr = fpadd = 0;
202 long long cycles = getticks();
203 bool ok = validate(&B);
204 cycles = getticks() - cycles;
205 printf("%lld %lld validate \t\t mulsq %7ld sq %7ld addsub %7ld cycles %12lld\n", loop, key, fpmul, fpsqr, fpadd, cycles);
206 assert(ok);
207
208 fpmul = fpsqr = fpadd = 0;
209 cycles = getticks();
210 action(&result, &B, &a);
211 cycles = getticks() - cycles;
212 printf("%lld %lld action \t\t mulsq %7ld sq %7ld addsub %7ld cycles %12lld\n", loop, key, fpmul, fpsqr, fpadd, cycles);
213
214 // fpmul = fpsqr = fpadd = 0;
215 // cycles = getticks();
216 // fulltorsion_points(u, result.A);
217 // cycles = getticks() - cycles;
218 // result.seed = u[0];
219 // printf("%lld %lld torsionpoint \t mulsq %7ld sq %7ld addsub %7ld cycles %12lld\n", loop, key, fpmul, fpsqr, fpadd, cycles);
220
221 fflush(stdout);
222 //assert(validate(&result));
223 }
224 }
225
226 return 0;
227}
228
229static int run_benchmark_keygen(int64_t target, int64_t KEYS)
230{
231
232 for (long long loop = 0; loop != target; ++loop)
233 {
234 private_key a;
235 private_key b;
236 public_key B;
237 public_key result;
238
239 ctidh_private(&a);
240 ctidh_private(&b);
241
242 action(&B, &base, &b); // Secrect sharing Montgomery curve affine coefficient: [sk] * pk
243 fp u;
244 fulltorsion_points(u, B.A);
245 B.seed = u[0];
246
247 for (long long key = 0; key < KEYS; ++key)
248 {
249 fpmul = fpsqr = fpadd = 0;
250 long long cycles = getticks();
251 bool ok = validate(&B);
252 cycles = getticks() - cycles;
253 printf("%lld %lld validate \t\t mulsq %7ld sq %7ld addsub %7ld cycles %12lld\n", loop, key, fpmul, fpsqr, fpadd, cycles);
254 assert(ok);
255
256 fpmul = fpsqr = fpadd = 0;
257 cycles = getticks();
258 action(&result, &B, &a);
259 fulltorsion_points(u, result.A);
260 cycles = getticks() - cycles;
261 printf("%lld %lld action \t\t mulsq %7ld sq %7ld addsub %7ld cycles %12lld\n", loop, key, fpmul, fpsqr, fpadd, cycles);
262
263 // fpmul = fpsqr = fpadd = 0;
264 // cycles = getticks();
265 // fulltorsion_points(u, result.A);
266 // cycles = getticks() - cycles;
267 // result.seed = u[0];
268 // printf("%lld %lld torsionpoint \t mulsq %7ld sq %7ld addsub %7ld cycles %12lld\n", loop, key, fpmul, fpsqr, fpadd, cycles);
269
270 fflush(stdout);
271 //assert(validate(&result));
272 }
273 }
274
275 return 0;
276}
277
278static int run_benchmark_fp(long long target)
279{
280 long long total = 0;
281 for (long long loop = 0; loop != target; ++loop)
282 {
283 fpmul = fpsqr = fpadd = 0;
284 fp a, b, c;
285 fp_random(a);
286 fp_random(b);
287
288 long long cycles = getticks();
289
290 // 100 mults
291 fp_mul3(&c, (const fp *)&b, (const fp *)&a);
292 fp_mul3(&b, (const fp *)&a, (const fp *)&a);
293 fp_mul3(&c, (const fp *)&b, (const fp *)&c);
294 fp_mul3(&b, (const fp *)&a, (const fp *)&c);
295 fp_mul3(&c, (const fp *)&b, (const fp *)&a);
296 fp_mul3(&a, (const fp *)&b, (const fp *)&c);
297 fp_mul3(&c, (const fp *)&a, (const fp *)&a);
298 fp_mul3(&a, (const fp *)&b, (const fp *)&c);
299 fp_mul3(&c, (const fp *)&b, (const fp *)&a);
300 fp_mul3(&b, (const fp *)&c, (const fp *)&b);
301
302 fp_mul3(&c, (const fp *)&b, (const fp *)&a);
303 fp_mul3(&b, (const fp *)&a, (const fp *)&a);
304 fp_mul3(&c, (const fp *)&b, (const fp *)&c);
305 fp_mul3(&b, (const fp *)&a, (const fp *)&c);
306 fp_mul3(&c, (const fp *)&b, (const fp *)&a);
307 fp_mul3(&a, (const fp *)&b, (const fp *)&c);
308 fp_mul3(&c, (const fp *)&a, (const fp *)&a);
309 fp_mul3(&a, (const fp *)&b, (const fp *)&c);
310 fp_mul3(&c, (const fp *)&b, (const fp *)&a);
311 fp_mul3(&b, (const fp *)&c, (const fp *)&b);
312
313 fp_mul3(&c, (const fp *)&b, (const fp *)&a);
314 fp_mul3(&b, (const fp *)&a, (const fp *)&a);
315 fp_mul3(&c, (const fp *)&b, (const fp *)&c);
316 fp_mul3(&b, (const fp *)&a, (const fp *)&c);
317 fp_mul3(&c, (const fp *)&b, (const fp *)&a);
318 fp_mul3(&a, (const fp *)&b, (const fp *)&c);
319 fp_mul3(&c, (const fp *)&a, (const fp *)&a);
320 fp_mul3(&a, (const fp *)&b, (const fp *)&c);
321 fp_mul3(&c, (const fp *)&b, (const fp *)&a);
322 fp_mul3(&b, (const fp *)&c, (const fp *)&b);
323
324 fp_mul3(&c, (const fp *)&b, (const fp *)&a);
325 fp_mul3(&b, (const fp *)&a, (const fp *)&a);
326 fp_mul3(&c, (const fp *)&b, (const fp *)&c);
327 fp_mul3(&b, (const fp *)&a, (const fp *)&c);
328 fp_mul3(&c, (const fp *)&b, (const fp *)&a);
329 fp_mul3(&a, (const fp *)&b, (const fp *)&c);
330 fp_mul3(&c, (const fp *)&a, (const fp *)&a);
331 fp_mul3(&a, (const fp *)&b, (const fp *)&c);
332 fp_mul3(&c, (const fp *)&b, (const fp *)&a);
333 fp_mul3(&b, (const fp *)&c, (const fp *)&b);
334
335 fp_mul3(&c, (const fp *)&b, (const fp *)&a);
336 fp_mul3(&b, (const fp *)&a, (const fp *)&a);
337 fp_mul3(&c, (const fp *)&b, (const fp *)&c);
338 fp_mul3(&b, (const fp *)&a, (const fp *)&c);
339 fp_mul3(&c, (const fp *)&b, (const fp *)&a);
340 fp_mul3(&a, (const fp *)&b, (const fp *)&c);
341 fp_mul3(&c, (const fp *)&a, (const fp *)&a);
342 fp_mul3(&a, (const fp *)&b, (const fp *)&c);
343 fp_mul3(&c, (const fp *)&b, (const fp *)&a);
344 fp_mul3(&b, (const fp *)&c, (const fp *)&b);
345
346 fp_mul3(&c, (const fp *)&b, (const fp *)&a);
347 fp_mul3(&b, (const fp *)&a, (const fp *)&a);
348 fp_mul3(&c, (const fp *)&b, (const fp *)&c);
349 fp_mul3(&b, (const fp *)&a, (const fp *)&c);
350 fp_mul3(&c, (const fp *)&b, (const fp *)&a);
351 fp_mul3(&a, (const fp *)&b, (const fp *)&c);
352 fp_mul3(&c, (const fp *)&a, (const fp *)&a);
353 fp_mul3(&a, (const fp *)&b, (const fp *)&c);
354 fp_mul3(&c, (const fp *)&b, (const fp *)&a);
355 fp_mul3(&b, (const fp *)&c, (const fp *)&b);
356
357 fp_mul3(&c, (const fp *)&b, (const fp *)&a);
358 fp_mul3(&b, (const fp *)&a, (const fp *)&a);
359 fp_mul3(&c, (const fp *)&b, (const fp *)&c);
360 fp_mul3(&b, (const fp *)&a, (const fp *)&c);
361 fp_mul3(&c, (const fp *)&b, (const fp *)&a);
362 fp_mul3(&a, (const fp *)&b, (const fp *)&c);
363 fp_mul3(&c, (const fp *)&a, (const fp *)&a);
364 fp_mul3(&a, (const fp *)&b, (const fp *)&c);
365 fp_mul3(&c, (const fp *)&b, (const fp *)&a);
366 fp_mul3(&b, (const fp *)&c, (const fp *)&b);
367
368 fp_mul3(&c, (const fp *)&b, (const fp *)&a);
369 fp_mul3(&b, (const fp *)&a, (const fp *)&a);
370 fp_mul3(&c, (const fp *)&b, (const fp *)&c);
371 fp_mul3(&b, (const fp *)&a, (const fp *)&c);
372 fp_mul3(&c, (const fp *)&b, (const fp *)&a);
373 fp_mul3(&a, (const fp *)&b, (const fp *)&c);
374 fp_mul3(&c, (const fp *)&a, (const fp *)&a);
375 fp_mul3(&a, (const fp *)&b, (const fp *)&c);
376 fp_mul3(&c, (const fp *)&b, (const fp *)&a);
377 fp_mul3(&b, (const fp *)&c, (const fp *)&b);
378
379 fp_mul3(&c, (const fp *)&b, (const fp *)&a);
380 fp_mul3(&b, (const fp *)&a, (const fp *)&a);
381 fp_mul3(&c, (const fp *)&b, (const fp *)&c);
382 fp_mul3(&b, (const fp *)&a, (const fp *)&c);
383 fp_mul3(&c, (const fp *)&b, (const fp *)&a);
384 fp_mul3(&a, (const fp *)&b, (const fp *)&c);
385 fp_mul3(&c, (const fp *)&a, (const fp *)&a);
386 fp_mul3(&a, (const fp *)&b, (const fp *)&c);
387 fp_mul3(&c, (const fp *)&b, (const fp *)&a);
388 fp_mul3(&b, (const fp *)&c, (const fp *)&b);
389
390 fp_mul3(&c, (const fp *)&b, (const fp *)&a);
391 fp_mul3(&b, (const fp *)&a, (const fp *)&a);
392 fp_mul3(&c, (const fp *)&b, (const fp *)&c);
393 fp_mul3(&b, (const fp *)&a, (const fp *)&c);
394 fp_mul3(&c, (const fp *)&b, (const fp *)&a);
395 fp_mul3(&a, (const fp *)&b, (const fp *)&c);
396 fp_mul3(&c, (const fp *)&a, (const fp *)&a);
397 fp_mul3(&a, (const fp *)&b, (const fp *)&c);
398 fp_mul3(&c, (const fp *)&b, (const fp *)&a);
399 fp_mul3(&b, (const fp *)&c, (const fp *)&b);
400
401 cycles = getticks() - cycles;
402 total += cycles;
403
404 // printf("%lld 0 mults \t mulsq %7ld sq %7ld addsub %7ld cycles %12lld\n", loop, fpmul, fpsqr, fpadd, cycles);
405 fflush(stdout);
406 }
407
408 printf("mul = %lld\n", total / (target * 100));
409 fflush(stdout);
410
411 total = 0;
412
413 for (long long loop = 0; loop != target; ++loop)
414 {
415 fpmul = fpsqr = fpadd = 0;
416 fp a, b, c;
417 fp_random(a);
418 fp_random(b);
419 fp_random(c);
420
421 long long cycles = getticks();
422 // 100 sq
423 fp_sq2(&c, (const fp *)&b);
424 fp_sq2(&b, (const fp *)&a);
425 fp_sq2(&c, (const fp *)&b);
426 fp_sq2(&b, (const fp *)&a);
427 fp_sq2(&c, (const fp *)&b);
428 fp_sq2(&a, (const fp *)&b);
429 fp_sq2(&c, (const fp *)&a);
430 fp_sq2(&a, (const fp *)&b);
431 fp_sq2(&c, (const fp *)&b);
432 fp_sq2(&b, (const fp *)&c);
433
434 fp_sq2(&c, (const fp *)&b);
435 fp_sq2(&b, (const fp *)&a);
436 fp_sq2(&c, (const fp *)&b);
437 fp_sq2(&b, (const fp *)&a);
438 fp_sq2(&c, (const fp *)&b);
439 fp_sq2(&a, (const fp *)&b);
440 fp_sq2(&c, (const fp *)&a);
441 fp_sq2(&a, (const fp *)&b);
442 fp_sq2(&c, (const fp *)&b);
443 fp_sq2(&b, (const fp *)&c);
444
445 fp_sq2(&c, (const fp *)&b);
446 fp_sq2(&b, (const fp *)&a);
447 fp_sq2(&c, (const fp *)&b);
448 fp_sq2(&b, (const fp *)&a);
449 fp_sq2(&c, (const fp *)&b);
450 fp_sq2(&a, (const fp *)&b);
451 fp_sq2(&c, (const fp *)&a);
452 fp_sq2(&a, (const fp *)&b);
453 fp_sq2(&c, (const fp *)&b);
454 fp_sq2(&b, (const fp *)&c);
455
456 fp_sq2(&c, (const fp *)&b);
457 fp_sq2(&b, (const fp *)&a);
458 fp_sq2(&c, (const fp *)&b);
459 fp_sq2(&b, (const fp *)&a);
460 fp_sq2(&c, (const fp *)&b);
461 fp_sq2(&a, (const fp *)&b);
462 fp_sq2(&c, (const fp *)&a);
463 fp_sq2(&a, (const fp *)&b);
464 fp_sq2(&c, (const fp *)&b);
465 fp_sq2(&b, (const fp *)&c);
466
467 fp_sq2(&c, (const fp *)&b);
468 fp_sq2(&b, (const fp *)&a);
469 fp_sq2(&c, (const fp *)&b);
470 fp_sq2(&b, (const fp *)&a);
471 fp_sq2(&c, (const fp *)&b);
472 fp_sq2(&a, (const fp *)&b);
473 fp_sq2(&c, (const fp *)&a);
474 fp_sq2(&a, (const fp *)&b);
475 fp_sq2(&c, (const fp *)&b);
476 fp_sq2(&b, (const fp *)&c);
477
478 fp_sq2(&c, (const fp *)&b);
479 fp_sq2(&b, (const fp *)&a);
480 fp_sq2(&c, (const fp *)&b);
481 fp_sq2(&b, (const fp *)&a);
482 fp_sq2(&c, (const fp *)&b);
483 fp_sq2(&a, (const fp *)&b);
484 fp_sq2(&c, (const fp *)&a);
485 fp_sq2(&a, (const fp *)&b);
486 fp_sq2(&c, (const fp *)&b);
487 fp_sq2(&b, (const fp *)&c);
488
489 fp_sq2(&c, (const fp *)&b);
490 fp_sq2(&b, (const fp *)&a);
491 fp_sq2(&c, (const fp *)&b);
492 fp_sq2(&b, (const fp *)&a);
493 fp_sq2(&c, (const fp *)&b);
494 fp_sq2(&a, (const fp *)&b);
495 fp_sq2(&c, (const fp *)&a);
496 fp_sq2(&a, (const fp *)&b);
497 fp_sq2(&c, (const fp *)&b);
498 fp_sq2(&b, (const fp *)&c);
499
500 fp_sq2(&c, (const fp *)&b);
501 fp_sq2(&b, (const fp *)&a);
502 fp_sq2(&c, (const fp *)&b);
503 fp_sq2(&b, (const fp *)&a);
504 fp_sq2(&c, (const fp *)&b);
505 fp_sq2(&a, (const fp *)&b);
506 fp_sq2(&c, (const fp *)&a);
507 fp_sq2(&a, (const fp *)&b);
508 fp_sq2(&c, (const fp *)&b);
509 fp_sq2(&b, (const fp *)&c);
510
511 fp_sq2(&c, (const fp *)&b);
512 fp_sq2(&b, (const fp *)&a);
513 fp_sq2(&c, (const fp *)&b);
514 fp_sq2(&b, (const fp *)&a);
515 fp_sq2(&c, (const fp *)&b);
516 fp_sq2(&a, (const fp *)&b);
517 fp_sq2(&c, (const fp *)&a);
518 fp_sq2(&a, (const fp *)&b);
519 fp_sq2(&c, (const fp *)&b);
520 fp_sq2(&b, (const fp *)&c);
521
522 fp_sq2(&c, (const fp *)&b);
523 fp_sq2(&b, (const fp *)&a);
524 fp_sq2(&c, (const fp *)&b);
525 fp_sq2(&b, (const fp *)&a);
526 fp_sq2(&c, (const fp *)&b);
527 fp_sq2(&a, (const fp *)&b);
528 fp_sq2(&c, (const fp *)&a);
529 fp_sq2(&a, (const fp *)&b);
530 fp_sq2(&c, (const fp *)&b);
531 fp_sq2(&b, (const fp *)&c);
532
533 cycles = getticks() - cycles;
534 total += cycles;
535
536 // printf("%lld 0 sqs \t mulsq %7ld sq %7ld addsub %7ld cycles %12lld\n", loop, fpmul, fpsqr, fpadd, cycles);
537 fflush(stdout);
538 }
539
540 printf("sqr = %lld\n", total / (target * 100));
541 fflush(stdout);
542
543 total = 0;
544
545 for (long long loop = 0; loop != target; ++loop)
546 {
547 fpmul = fpsqr = fpadd = 0;
548 fp a, b, c;
549 fp_random(a);
550 fp_random(b);
551
552 long long cycles = getticks();
553
554 // 100 add
555 fp_add3(&c, (const fp *)&b, (const fp *)&a);
556 fp_add3(&b, (const fp *)&a, (const fp *)&a);
557 fp_add3(&c, (const fp *)&b, (const fp *)&c);
558 fp_add3(&b, (const fp *)&a, (const fp *)&c);
559 fp_add3(&c, (const fp *)&b, (const fp *)&a);
560 fp_add3(&a, (const fp *)&b, (const fp *)&c);
561 fp_add3(&c, (const fp *)&a, (const fp *)&a);
562 fp_add3(&a, (const fp *)&b, (const fp *)&c);
563 fp_add3(&c, (const fp *)&b, (const fp *)&a);
564 fp_add3(&b, (const fp *)&c, (const fp *)&b);
565
566 fp_add3(&c, (const fp *)&b, (const fp *)&a);
567 fp_add3(&b, (const fp *)&a, (const fp *)&a);
568 fp_add3(&c, (const fp *)&b, (const fp *)&c);
569 fp_add3(&b, (const fp *)&a, (const fp *)&c);
570 fp_add3(&c, (const fp *)&b, (const fp *)&a);
571 fp_add3(&a, (const fp *)&b, (const fp *)&c);
572 fp_add3(&c, (const fp *)&a, (const fp *)&a);
573 fp_add3(&a, (const fp *)&b, (const fp *)&c);
574 fp_add3(&c, (const fp *)&b, (const fp *)&a);
575 fp_add3(&b, (const fp *)&c, (const fp *)&b);
576
577 fp_add3(&c, (const fp *)&b, (const fp *)&a);
578 fp_add3(&b, (const fp *)&a, (const fp *)&a);
579 fp_add3(&c, (const fp *)&b, (const fp *)&c);
580 fp_add3(&b, (const fp *)&a, (const fp *)&c);
581 fp_add3(&c, (const fp *)&b, (const fp *)&a);
582 fp_add3(&a, (const fp *)&b, (const fp *)&c);
583 fp_add3(&c, (const fp *)&a, (const fp *)&a);
584 fp_add3(&a, (const fp *)&b, (const fp *)&c);
585 fp_add3(&c, (const fp *)&b, (const fp *)&a);
586 fp_add3(&b, (const fp *)&c, (const fp *)&b);
587
588 fp_add3(&c, (const fp *)&b, (const fp *)&a);
589 fp_add3(&b, (const fp *)&a, (const fp *)&a);
590 fp_add3(&c, (const fp *)&b, (const fp *)&c);
591 fp_add3(&b, (const fp *)&a, (const fp *)&c);
592 fp_add3(&c, (const fp *)&b, (const fp *)&a);
593 fp_add3(&a, (const fp *)&b, (const fp *)&c);
594 fp_add3(&c, (const fp *)&a, (const fp *)&a);
595 fp_add3(&a, (const fp *)&b, (const fp *)&c);
596 fp_add3(&c, (const fp *)&b, (const fp *)&a);
597 fp_add3(&b, (const fp *)&c, (const fp *)&b);
598
599 fp_add3(&c, (const fp *)&b, (const fp *)&a);
600 fp_add3(&b, (const fp *)&a, (const fp *)&a);
601 fp_add3(&c, (const fp *)&b, (const fp *)&c);
602 fp_add3(&b, (const fp *)&a, (const fp *)&c);
603 fp_add3(&c, (const fp *)&b, (const fp *)&a);
604 fp_add3(&a, (const fp *)&b, (const fp *)&c);
605 fp_add3(&c, (const fp *)&a, (const fp *)&a);
606 fp_add3(&a, (const fp *)&b, (const fp *)&c);
607 fp_add3(&c, (const fp *)&b, (const fp *)&a);
608 fp_add3(&b, (const fp *)&c, (const fp *)&b);
609
610 fp_add3(&c, (const fp *)&b, (const fp *)&a);
611 fp_add3(&b, (const fp *)&a, (const fp *)&a);
612 fp_add3(&c, (const fp *)&b, (const fp *)&c);
613 fp_add3(&b, (const fp *)&a, (const fp *)&c);
614 fp_add3(&c, (const fp *)&b, (const fp *)&a);
615 fp_add3(&a, (const fp *)&b, (const fp *)&c);
616 fp_add3(&c, (const fp *)&a, (const fp *)&a);
617 fp_add3(&a, (const fp *)&b, (const fp *)&c);
618 fp_add3(&c, (const fp *)&b, (const fp *)&a);
619 fp_add3(&b, (const fp *)&c, (const fp *)&b);
620
621 fp_add3(&c, (const fp *)&b, (const fp *)&a);
622 fp_add3(&b, (const fp *)&a, (const fp *)&a);
623 fp_add3(&c, (const fp *)&b, (const fp *)&c);
624 fp_add3(&b, (const fp *)&a, (const fp *)&c);
625 fp_add3(&c, (const fp *)&b, (const fp *)&a);
626 fp_add3(&a, (const fp *)&b, (const fp *)&c);
627 fp_add3(&c, (const fp *)&a, (const fp *)&a);
628 fp_add3(&a, (const fp *)&b, (const fp *)&c);
629 fp_add3(&c, (const fp *)&b, (const fp *)&a);
630 fp_add3(&b, (const fp *)&c, (const fp *)&b);
631
632 fp_add3(&c, (const fp *)&b, (const fp *)&a);
633 fp_add3(&b, (const fp *)&a, (const fp *)&a);
634 fp_add3(&c, (const fp *)&b, (const fp *)&c);
635 fp_add3(&b, (const fp *)&a, (const fp *)&c);
636 fp_add3(&c, (const fp *)&b, (const fp *)&a);
637 fp_add3(&a, (const fp *)&b, (const fp *)&c);
638 fp_add3(&c, (const fp *)&a, (const fp *)&a);
639 fp_add3(&a, (const fp *)&b, (const fp *)&c);
640 fp_add3(&c, (const fp *)&b, (const fp *)&a);
641 fp_add3(&b, (const fp *)&c, (const fp *)&b);
642
643 fp_add3(&c, (const fp *)&b, (const fp *)&a);
644 fp_add3(&b, (const fp *)&a, (const fp *)&a);
645 fp_add3(&c, (const fp *)&b, (const fp *)&c);
646 fp_add3(&b, (const fp *)&a, (const fp *)&c);
647 fp_add3(&c, (const fp *)&b, (const fp *)&a);
648 fp_add3(&a, (const fp *)&b, (const fp *)&c);
649 fp_add3(&c, (const fp *)&a, (const fp *)&a);
650 fp_add3(&a, (const fp *)&b, (const fp *)&c);
651 fp_add3(&c, (const fp *)&b, (const fp *)&a);
652 fp_add3(&b, (const fp *)&c, (const fp *)&b);
653
654 fp_add3(&c, (const fp *)&b, (const fp *)&a);
655 fp_add3(&b, (const fp *)&a, (const fp *)&a);
656 fp_add3(&c, (const fp *)&b, (const fp *)&c);
657 fp_add3(&b, (const fp *)&a, (const fp *)&c);
658 fp_add3(&c, (const fp *)&b, (const fp *)&a);
659 fp_add3(&a, (const fp *)&b, (const fp *)&c);
660 fp_add3(&c, (const fp *)&a, (const fp *)&a);
661 fp_add3(&a, (const fp *)&b, (const fp *)&c);
662 fp_add3(&c, (const fp *)&b, (const fp *)&a);
663 fp_add3(&b, (const fp *)&c, (const fp *)&b);
664
665 cycles = getticks() - cycles;
666
667 total += cycles;
668 // printf("%lld 0 adds \t mulsq %7ld sq %7ld addsub %7ld cycles %12lld\n", loop, fpmul, fpsqr, fpadd, cycles);
669 fflush(stdout);
670 }
671
672 printf("add = %lld\n", total / (target * 100));
673 fflush(stdout);
674
675 return 0;
676}
SK_SIZE
#define SK_SIZE
Definition checkct.c:24
PK_SIZE
#define PK_SIZE
Definition checkct.c:25
SS_SIZE
#define SS_SIZE
Definition checkct.c:26
main
int main(void)
Definition checkct.c:52
validate
#define validate
Definition ctidh.h:53
ctidh_private
#define ctidh_private
Definition ctidh.h:47
base
#define base
Definition ctidh.h:44
fulltorsion_points
#define fulltorsion_points
Definition ctidh.h:57
action
#define action
Definition ctidh.h:54
ctidh_api.h
fp
uint64_t fp[NUMBER_OF_WORDS]
Definition fp-gmp.h:22
fp_random
#define fp_random
Definition fp-gmp.h:85
assert
assert(var1 eq var2)
derive
#define derive
Definition ctidh.c:39
keygen
#define keygen
Definition ctidh.c:38
cprintf
#define cprintf(...)
Definition ctidh.c:20
analyze_bench.target
dict target
Definition analyze_bench.py:32
i
for i
Definition prime_search.m:10
batch_start
#define batch_start
Definition primes.h:55
private_key
Definition ctidh.h:31
public_key
Definition ctidh.h:39
public_key::seed
uint64_t seed
Definition ctidh.h:41
public_key::A
fp A
Definition ctidh.h:40
a
f a
Definition to_model.m:12