├── M4058 ├── README.md ├── intel64-avx2-4x1-16limb │ ├── include │ │ ├── M4058.h │ │ ├── basic_types.h │ │ ├── gf_p44417_arith.h │ │ ├── gf_p44417_pack.h │ │ ├── gf_p44417_type.h │ │ └── measure.h │ ├── source │ │ ├── M4058_const.s │ │ ├── M4058_mladder.s │ │ ├── M4058_mladder_base.s │ │ ├── M4058_scalarmult.c │ │ ├── gf_p44417_inv.c │ │ ├── gf_p44417_makeunique.s │ │ ├── gf_p44417_mul.s │ │ ├── gf_p44417_mulx.s │ │ ├── gf_p44417_nsqr.s │ │ ├── gf_p44417_nsqrx.s │ │ └── gf_p44417_pack.c │ └── test │ │ ├── M4058.mak │ │ └── M4058_test.c ├── intel64-maa-8limb │ ├── include │ │ ├── M4058.h │ │ ├── basic_types.h │ │ ├── gf_p44417_arith.h │ │ ├── gf_p44417_pack.h │ │ ├── gf_p44417_type.h │ │ └── measure.h │ ├── source │ │ ├── M4058_const.s │ │ ├── M4058_mladder.s │ │ ├── M4058_mladder_base.s │ │ ├── M4058_scalarmult.c │ │ ├── gf_p44417_inv.c │ │ ├── gf_p44417_makeunique.s │ │ ├── gf_p44417_mul.s │ │ ├── gf_p44417_nsqr.s │ │ └── gf_p44417_pack.c │ └── test │ │ ├── M4058.mak │ │ └── M4058_test.c ├── intel64-maax-7limb │ ├── include │ │ ├── M4058.h │ │ ├── basic_types.h │ │ ├── gf_p44417_arith.h │ │ ├── gf_p44417_pack.h │ │ ├── gf_p44417_type.h │ │ └── measure.h │ ├── source │ │ ├── M4058_const.s │ │ ├── M4058_mladder.s │ │ ├── M4058_mladder_base.s │ │ ├── M4058_scalarmult.c │ │ ├── gf_p44417_inv.c │ │ ├── gf_p44417_makeunique.s │ │ ├── gf_p44417_mulx.s │ │ ├── gf_p44417_nsqrx.s │ │ └── gf_p44417_pack.c │ └── test │ │ ├── M4058.mak │ │ └── M4058_test.c ├── intel64-mxaa-7limb │ ├── include │ │ ├── M4058.h │ │ ├── basic_types.h │ │ ├── gf_p44417_arith.h │ │ ├── gf_p44417_pack.h │ │ ├── gf_p44417_type.h │ │ └── measure.h │ ├── source │ │ ├── M4058_const.s │ │ ├── M4058_mladder.s │ │ ├── M4058_mladder_base.s │ │ ├── M4058_scalarmult.c │ │ ├── gf_p44417_inv.c │ │ ├── gf_p44417_makeunique.s │ │ ├── gf_p44417_mul.s │ │ ├── gf_p44417_nsqr.s │ │ └── gf_p44417_pack.c │ └── test │ │ ├── M4058.mak │ │ └── M4058_test.c └── portable-c │ ├── include │ ├── M4058.h │ ├── basic_types.h │ ├── gf_p44417_arith.h │ ├── gf_p44417_pack.h │ └── gf_p44417_type.h │ ├── source │ ├── M4058_scalarmult.c │ ├── gf_p44417_add.c │ ├── gf_p44417_inv.c │ ├── gf_p44417_makeunique.c │ ├── gf_p44417_mul.c │ ├── gf_p44417_mulc.c │ ├── gf_p44417_pack.c │ ├── gf_p44417_sqr.c │ └── gf_p44417_sub.c │ └── test │ ├── M4058.mak │ └── M4058_test.c ├── M4698 ├── README.md ├── intel64-avx2-4x1-9limb │ ├── include │ │ ├── M4698.h │ │ ├── basic_types.h │ │ ├── gf_p2519_arith.h │ │ ├── gf_p2519_pack.h │ │ ├── gf_p2519_type.h │ │ └── measure.h │ ├── source │ │ ├── M4698_const.s │ │ ├── M4698_mladder.s │ │ ├── M4698_mladder_base.s │ │ ├── M4698_scalarmult.c │ │ ├── gf_p2519_inv.c │ │ ├── gf_p2519_makeunique.s │ │ ├── gf_p2519_mul.s │ │ ├── gf_p2519_mulx.s │ │ ├── gf_p2519_nsqr.s │ │ ├── gf_p2519_nsqrx.s │ │ └── gf_p2519_pack.c │ └── test │ │ ├── M4698.mak │ │ └── M4698_test.c ├── intel64-maa-4limb │ ├── include │ │ ├── M4698.h │ │ ├── basic_types.h │ │ ├── gf_p2519_arith.h │ │ ├── gf_p2519_pack.h │ │ ├── gf_p2519_type.h │ │ └── measure.h │ ├── source │ │ ├── M4698_const.s │ │ ├── M4698_mladder.s │ │ ├── M4698_mladder_base.s │ │ ├── M4698_scalarmult.c │ │ ├── gf_p2519_inv.c │ │ ├── gf_p2519_makeunique.s │ │ ├── gf_p2519_mul.s │ │ ├── gf_p2519_nsqr.s │ │ └── gf_p2519_pack.c │ └── test │ │ ├── M4698.mak │ │ └── M4698_test.c ├── intel64-maa-5limb │ ├── include │ │ ├── M4698.h │ │ ├── basic_types.h │ │ ├── gf_p2519_arith.h │ │ ├── gf_p2519_pack.h │ │ ├── gf_p2519_type.h │ │ └── measure.h │ ├── source │ │ ├── M4698_const.s │ │ ├── M4698_mladder.s │ │ ├── M4698_mladder_base.s │ │ ├── M4698_scalarmult.c │ │ ├── gf_p2519_inv.c │ │ ├── gf_p2519_makeunique.s │ │ ├── gf_p2519_mul.s │ │ ├── gf_p2519_nsqr.s │ │ └── gf_p2519_pack.c │ └── test │ │ ├── M4698.mak │ │ └── M4698_test.c ├── intel64-maax-4limb │ ├── include │ │ ├── M4698.h │ │ ├── basic_types.h │ │ ├── gf_p2519_arith.h │ │ ├── gf_p2519_pack.h │ │ ├── gf_p2519_type.h │ │ └── measure.h │ ├── source │ │ ├── M4698_const.s │ │ ├── M4698_mladder.s │ │ ├── M4698_mladder_base.s │ │ ├── M4698_scalarmult.c │ │ ├── gf_p2519_inv.c │ │ ├── gf_p2519_makeunique.s │ │ ├── gf_p2519_mulx.s │ │ ├── gf_p2519_nsqrx.s │ │ └── gf_p2519_pack.c │ └── test │ │ ├── M4698.mak │ │ └── M4698_test.c ├── intel64-mxaa-4limb │ ├── include │ │ ├── M4698.h │ │ ├── basic_types.h │ │ ├── gf_p2519_arith.h │ │ ├── gf_p2519_pack.h │ │ ├── gf_p2519_type.h │ │ └── measure.h │ ├── source │ │ ├── M4698_const.s │ │ ├── M4698_mladder.s │ │ ├── M4698_mladder_base.s │ │ ├── M4698_scalarmult.c │ │ ├── gf_p2519_inv.c │ │ ├── gf_p2519_makeunique.s │ │ ├── gf_p2519_mul.s │ │ ├── gf_p2519_nsqr.s │ │ └── gf_p2519_pack.c │ └── test │ │ ├── M4698.mak │ │ └── M4698_test.c └── portable-c │ ├── include │ ├── M4698.h │ ├── basic_types.h │ ├── gf_p2519_arith.h │ ├── gf_p2519_pack.h │ └── gf_p2519_type.h │ ├── source │ ├── M4698_scalarmult.c │ ├── gf_p2519_add.c │ ├── gf_p2519_inv.c │ ├── gf_p2519_makeunique.c │ ├── gf_p2519_mul.c │ ├── gf_p2519_mulc.c │ ├── gf_p2519_pack.c │ ├── gf_p2519_sqr.c │ └── gf_p2519_sub.c │ └── test │ ├── M4698.mak │ └── M4698_test.c ├── Magma └── curve-search.m └── README.md /M4058/README.md: -------------------------------------------------------------------------------- 1 | ## Assembly and high-level implementations of scalar multiplication on the Montgomery curve M4058 2 | 3 | The source code of this directory correspond to the work [Security and Efficiency Trade-offs for Elliptic Curve Diffie-Hellman 4 | at the 128-bit and 224-bit Security Levels](https://eprint.iacr.org/2019/1259), authored by [Kaushik Nath](kaushikn_r@isical.ac.in) & [Palash Sarkar](palash@isical.ac.in) of [Indian Statistical Institute, Kolkata, India](https://www.isical.ac.in), 5 | containing various assembly and high-level (using only C) implementations of scalar multiplication on the Montgomery curve M4698. The implementations of Montgomery ladder are developed targeting the modern Intel architectures like Skylake and Haswell. 6 | 7 | To report a bug or make a comment regarding the implementations please drop a mail to: [Kaushik Nath](kaushikn_r@isical.ac.in). 8 | 9 | --- 10 | 11 | ### Compilation and execution of programs 12 | 13 | * Please compile the ```makefile``` in the **test** directory and execute the generated executable file. 14 | * One can change the architecture accordingly in the makefile before compilation. Default provided is ```Skylake```. 15 | --- 16 | 17 | ### Overview of the implementations in the repository 18 | 19 | * **intel64-maa-8limb**: 8-limb 64-bit assembly implementation using the instructions ```mul/add/adc```. 20 | 21 | * **intel64-mxaa-7limb**: 7-limb 64-bit assembly implementation using the instructions ```mulx/add/adc```. 22 | 23 | * **intel64-maax-7limb**: 7-limb 64-bit assembly implementation using the instructions ```mulx/adcx/adox```. 24 | 25 | * **intel64-avx2-4x1-16limb**: 16-limb 4-way vectorized assembly implementations using Algorithms 7, 8 and 9 of [Efficient 4-way Vectorizations of the Montgomery Ladder](https://eprint.iacr.org/2020/378.pdf). 26 | 27 | * **portable-c**: 8-limb 64-bit high-level implementation using only C. 28 | 29 | 30 | 31 | --- 32 | -------------------------------------------------------------------------------- /M4058/intel64-avx2-4x1-16limb/include/M4058.h: -------------------------------------------------------------------------------- 1 | /* 2 | +-----------------------------------------------------------------------------+ 3 | | This code corresponds to the paper https://eprint.iacr.org/2019/1259.pdf by | 4 | | Kaushik Nath, Indian Statistical Institute, Kolkata, India, and | 5 | | Palash Sarkar, Indian Statistical Institute, Kolkata, India. | 6 | +-----------------------------------------------------------------------------+ 7 | | Copyright (c) 2020, Kaushik Nath and Palash Sarkar. | 8 | | | 9 | | Permission to use this code is granted. | 10 | | | 11 | | Redistribution and use in source and binary forms, with or without | 12 | | modification, are permitted provided that the following conditions are | 13 | | met: | 14 | | | 15 | | * Redistributions of source code must retain the above copyright notice, | 16 | | this list of conditions and the following disclaimer. | 17 | | | 18 | | * Redistributions in binary form must reproduce the above copyright | 19 | | notice, this list of conditions and the following disclaimer in the | 20 | | documentation and/or other materials provided with the distribution. | 21 | | | 22 | | * The names of the contributors may not be used to endorse or promote | 23 | | products derived from this software without specific prior written | 24 | | permission. | 25 | +-----------------------------------------------------------------------------+ 26 | | THIS SOFTWARE IS PROVIDED BY THE AUTHORS ""AS IS"" AND ANY EXPRESS OR | 27 | | IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | 28 | | OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | 29 | | IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, | 30 | | INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | 31 | | NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | 32 | | DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | 33 | | THEORY LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING | 34 | | NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,| 35 | | EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 36 | +-----------------------------------------------------------------------------+ 37 | */ 38 | 39 | #ifndef __M4058_H__ 40 | #define __M4058_H__ 41 | 42 | #include "basic_types.h" 43 | #include "gf_p44417_type.h" 44 | 45 | #define CRYPTO_BYTES 56 46 | 47 | extern void M4058_mladder(vec *, const vec *, const uchar8 *); 48 | extern void M4058_mladder_base(vec *, const vec, const uchar8 *); 49 | 50 | int M4058_scalarmult(uchar8 *, const uchar8 *, const uchar8 *); 51 | int M4058_scalarmult_base(uchar8 *, const uchar8 *, const uchar8 *); 52 | 53 | #endif 54 | -------------------------------------------------------------------------------- /M4058/intel64-avx2-4x1-16limb/include/basic_types.h: -------------------------------------------------------------------------------- 1 | /* 2 | +-----------------------------------------------------------------------------+ 3 | | This code corresponds to the paper https://eprint.iacr.org/2019/1259.pdf by | 4 | | Kaushik Nath, Indian Statistical Institute, Kolkata, India, and | 5 | | Palash Sarkar, Indian Statistical Institute, Kolkata, India. | 6 | +-----------------------------------------------------------------------------+ 7 | | Copyright (c) 2020, Kaushik Nath and Palash Sarkar. | 8 | | | 9 | | Permission to use this code is granted. | 10 | | | 11 | | Redistribution and use in source and binary forms, with or without | 12 | | modification, are permitted provided that the following conditions are | 13 | | met: | 14 | | | 15 | | * Redistributions of source code must retain the above copyright notice, | 16 | | this list of conditions and the following disclaimer. | 17 | | | 18 | | * Redistributions in binary form must reproduce the above copyright | 19 | | notice, this list of conditions and the following disclaimer in the | 20 | | documentation and/or other materials provided with the distribution. | 21 | | | 22 | | * The names of the contributors may not be used to endorse or promote | 23 | | products derived from this software without specific prior written | 24 | | permission. | 25 | +-----------------------------------------------------------------------------+ 26 | | THIS SOFTWARE IS PROVIDED BY THE AUTHORS ""AS IS"" AND ANY EXPRESS OR | 27 | | IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | 28 | | OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | 29 | | IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, | 30 | | INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | 31 | | NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | 32 | | DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | 33 | | THEORY LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING | 34 | | NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,| 35 | | EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 36 | +-----------------------------------------------------------------------------+ 37 | */ 38 | 39 | #ifndef __BASIC_TYPE_H__ 40 | #define __BASIC_TYPE_H__ 41 | 42 | typedef unsigned char uchar8; 43 | typedef unsigned long long uint64; 44 | 45 | #endif 46 | -------------------------------------------------------------------------------- /M4058/intel64-avx2-4x1-16limb/include/gf_p44417_pack.h: -------------------------------------------------------------------------------- 1 | /* 2 | +-----------------------------------------------------------------------------+ 3 | | This code corresponds to the paper https://eprint.iacr.org/2019/1259.pdf by | 4 | | Kaushik Nath, Indian Statistical Institute, Kolkata, India, and | 5 | | Palash Sarkar, Indian Statistical Institute, Kolkata, India. | 6 | +-----------------------------------------------------------------------------+ 7 | | Copyright (c) 2020, Kaushik Nath and Palash Sarkar. | 8 | | | 9 | | Permission to use this code is granted. | 10 | | | 11 | | Redistribution and use in source and binary forms, with or without | 12 | | modification, are permitted provided that the following conditions are | 13 | | met: | 14 | | | 15 | | * Redistributions of source code must retain the above copyright notice, | 16 | | this list of conditions and the following disclaimer. | 17 | | | 18 | | * Redistributions in binary form must reproduce the above copyright | 19 | | notice, this list of conditions and the following disclaimer in the | 20 | | documentation and/or other materials provided with the distribution. | 21 | | | 22 | | * The names of the contributors may not be used to endorse or promote | 23 | | products derived from this software without specific prior written | 24 | | permission. | 25 | +-----------------------------------------------------------------------------+ 26 | | THIS SOFTWARE IS PROVIDED BY THE AUTHORS ""AS IS"" AND ANY EXPRESS OR | 27 | | IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | 28 | | OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | 29 | | IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, | 30 | | INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | 31 | | NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | 32 | | DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | 33 | | THEORY LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING | 34 | | NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,| 35 | | EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 36 | +-----------------------------------------------------------------------------+ 37 | */ 38 | 39 | #ifndef __P44417_PACK_H__ 40 | #define __P44417_PACK_H__ 41 | 42 | #include "basic_types.h" 43 | #include "gf_p44417_type.h" 44 | 45 | void gfp44417pack(gfe_p44417_16L *, const uchar8 *); 46 | void gfp44417pack167(gfe_p44417_7L *, const gfe_p44417_16L *); 47 | void gfp44417unpack(uchar8 *, const gfe_p44417_7L *); 48 | 49 | #endif 50 | -------------------------------------------------------------------------------- /M4058/intel64-avx2-4x1-16limb/include/gf_p44417_type.h: -------------------------------------------------------------------------------- 1 | /* 2 | +-----------------------------------------------------------------------------+ 3 | | This code corresponds to the paper https://eprint.iacr.org/2019/1259.pdf by | 4 | | Kaushik Nath, Indian Statistical Institute, Kolkata, India, and | 5 | | Palash Sarkar, Indian Statistical Institute, Kolkata, India. | 6 | +-----------------------------------------------------------------------------+ 7 | | Copyright (c) 2020, Kaushik Nath and Palash Sarkar. | 8 | | | 9 | | Permission to use this code is granted. | 10 | | | 11 | | Redistribution and use in source and binary forms, with or without | 12 | | modification, are permitted provided that the following conditions are | 13 | | met: | 14 | | | 15 | | * Redistributions of source code must retain the above copyright notice, | 16 | | this list of conditions and the following disclaimer. | 17 | | | 18 | | * Redistributions in binary form must reproduce the above copyright | 19 | | notice, this list of conditions and the following disclaimer in the | 20 | | documentation and/or other materials provided with the distribution. | 21 | | | 22 | | * The names of the contributors may not be used to endorse or promote | 23 | | products derived from this software without specific prior written | 24 | | permission. | 25 | +-----------------------------------------------------------------------------+ 26 | | THIS SOFTWARE IS PROVIDED BY THE AUTHORS ""AS IS"" AND ANY EXPRESS OR | 27 | | IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | 28 | | OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | 29 | | IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, | 30 | | INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | 31 | | NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | 32 | | DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | 33 | | THEORY LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING | 34 | | NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,| 35 | | EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 36 | +-----------------------------------------------------------------------------+ 37 | */ 38 | 39 | #ifndef __P44417_TYPE_H__ 40 | #define __P44417_TYPE_H__ 41 | 42 | #include "basic_types.h" 43 | 44 | #define NLIMBS 7 45 | #define NLIMBS_VEC 16 46 | 47 | #define ALIGN32 __attribute__ ((aligned(32))) 48 | 49 | typedef struct { 50 | uint64 l[NLIMBS]; 51 | } 52 | gfe_p44417_7L; 53 | 54 | typedef struct { 55 | uint64 l[NLIMBS_VEC]; 56 | } 57 | gfe_p44417_16L; 58 | 59 | typedef uint64 ALIGN32 vec[4]; 60 | 61 | #endif 62 | -------------------------------------------------------------------------------- /M4058/intel64-avx2-4x1-16limb/include/measure.h: -------------------------------------------------------------------------------- 1 | /* 2 | +-------------------------------------------------------------------------------+ 3 | | This file has the performance measurement strategy used in the paper titled | 4 | | "The Software Performance of Authenticated-Encryption Modes" by the authors | 5 | | Ted Krovetz and Phillip Rogaway. | 6 | | Web link: http://dx.doi.org/10.1007/978-3-642-21702-9_18 | 7 | +-------------------------------------------------------------------------------+ 8 | */ 9 | 10 | #ifndef __MEASURE__ 11 | #define __MEASURE__ 12 | 13 | int comp(const void *, const void *); 14 | void median_next(unsigned); 15 | extern void qsort(void *, size_t, size_t, int (*)(const void *, const void *)); 16 | 17 | #define CACHE_WARM_ITER 1000 18 | #define MAX_ITER 2000 19 | #define M 1000 20 | #define N 1000 21 | 22 | #define STAMP ({unsigned res; __asm__ __volatile__ ("rdtsc" : "=a"(res) : : "edx"); res;}) /* Time stamp */ 23 | 24 | #define MEASURE_TIME(x) \ 25 | do { \ 26 | int i,j; \ 27 | for (i = 0; i < M; i++) { \ 28 | \ 29 | unsigned c2, c1; \ 30 | for(j=0;j 43 | 44 | typedef unsigned char uchar8; 45 | typedef unsigned long long uint64; 46 | typedef __uint128_t uint128; 47 | 48 | #endif 49 | -------------------------------------------------------------------------------- /M4058/portable-c/include/gf_p44417_pack.h: -------------------------------------------------------------------------------- 1 | /* 2 | +-----------------------------------------------------------------------------+ 3 | | This code corresponds to the paper https://eprint.iacr.org/2019/1259.pdf by | 4 | | Kaushik Nath, Indian Statistical Institute, Kolkata, India, and | 5 | | Palash Sarkar, Indian Statistical Institute, Kolkata, India. | 6 | +-----------------------------------------------------------------------------+ 7 | | Copyright (c) 2020, Kaushik Nath and Palash Sarkar. | 8 | | | 9 | | Permission to use this code is granted. | 10 | | | 11 | | Redistribution and use in source and binary forms, with or without | 12 | | modification, are permitted provided that the following conditions are | 13 | | met: | 14 | | | 15 | | * Redistributions of source code must retain the above copyright notice, | 16 | | this list of conditions and the following disclaimer. | 17 | | | 18 | | * Redistributions in binary form must reproduce the above copyright | 19 | | notice, this list of conditions and the following disclaimer in the | 20 | | documentation and/or other materials provided with the distribution. | 21 | | | 22 | | * The names of the contributors may not be used to endorse or promote | 23 | | products derived from this software without specific prior written | 24 | | permission. | 25 | +-----------------------------------------------------------------------------+ 26 | | THIS SOFTWARE IS PROVIDED BY THE AUTHORS ""AS IS"" AND ANY EXPRESS OR | 27 | | IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | 28 | | OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | 29 | | IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, | 30 | | INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | 31 | | NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | 32 | | DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | 33 | | THEORY LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING | 34 | | NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,| 35 | | EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 36 | +-----------------------------------------------------------------------------+ 37 | */ 38 | 39 | #ifndef __P44417_PACK_H__ 40 | #define __P44417_PACK_H__ 41 | 42 | #include "basic_types.h" 43 | #include "gf_p44417_type.h" 44 | 45 | void gfp44417pack(gfe_p44417_8L *,const uchar8 *); 46 | void gfp44417unpack(uchar8 *,const gfe_p44417_7L *); 47 | void gfp44417pack87(gfe_p44417_7L *,const gfe_p44417_8L *); 48 | 49 | #endif 50 | -------------------------------------------------------------------------------- /M4058/portable-c/include/gf_p44417_type.h: -------------------------------------------------------------------------------- 1 | /* 2 | +-----------------------------------------------------------------------------+ 3 | | This code corresponds to the paper https://eprint.iacr.org/2019/1259.pdf by | 4 | | Kaushik Nath, Indian Statistical Institute, Kolkata, India, and | 5 | | Palash Sarkar, Indian Statistical Institute, Kolkata, India. | 6 | +-----------------------------------------------------------------------------+ 7 | | Copyright (c) 2020, Kaushik Nath and Palash Sarkar. | 8 | | | 9 | | Permission to use this code is granted. | 10 | | | 11 | | Redistribution and use in source and binary forms, with or without | 12 | | modification, are permitted provided that the following conditions are | 13 | | met: | 14 | | | 15 | | * Redistributions of source code must retain the above copyright notice, | 16 | | this list of conditions and the following disclaimer. | 17 | | | 18 | | * Redistributions in binary form must reproduce the above copyright | 19 | | notice, this list of conditions and the following disclaimer in the | 20 | | documentation and/or other materials provided with the distribution. | 21 | | | 22 | | * The names of the contributors may not be used to endorse or promote | 23 | | products derived from this software without specific prior written | 24 | | permission. | 25 | +-----------------------------------------------------------------------------+ 26 | | THIS SOFTWARE IS PROVIDED BY THE AUTHORS ""AS IS"" AND ANY EXPRESS OR | 27 | | IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | 28 | | OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | 29 | | IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, | 30 | | INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | 31 | | NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | 32 | | DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | 33 | | THEORY LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING | 34 | | NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,| 35 | | EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 36 | +-----------------------------------------------------------------------------+ 37 | */ 38 | 39 | #ifndef __P44417_TYPE_H__ 40 | #define __P44417_TYPE_H__ 41 | 42 | #define NLIMBS 7 43 | 44 | #include "basic_types.h" 45 | 46 | typedef struct { 47 | uint64 l[NLIMBS]; 48 | } 49 | gfe_p44417_7L; 50 | 51 | typedef struct { 52 | uint64 l[NLIMBS+1]; 53 | } 54 | gfe_p44417_8L; 55 | 56 | #endif 57 | -------------------------------------------------------------------------------- /M4058/portable-c/source/gf_p44417_add.c: -------------------------------------------------------------------------------- 1 | /* 2 | +-----------------------------------------------------------------------------+ 3 | | This code corresponds to the paper https://eprint.iacr.org/2019/1259.pdf by | 4 | | Kaushik Nath, Indian Statistical Institute, Kolkata, India, and | 5 | | Palash Sarkar, Indian Statistical Institute, Kolkata, India. | 6 | +-----------------------------------------------------------------------------+ 7 | | Copyright (c) 2020, Kaushik Nath and Palash Sarkar. | 8 | | | 9 | | Permission to use this code is granted. | 10 | | | 11 | | Redistribution and use in source and binary forms, with or without | 12 | | modification, are permitted provided that the following conditions are | 13 | | met: | 14 | | | 15 | | * Redistributions of source code must retain the above copyright notice, | 16 | | this list of conditions and the following disclaimer. | 17 | | | 18 | | * Redistributions in binary form must reproduce the above copyright | 19 | | notice, this list of conditions and the following disclaimer in the | 20 | | documentation and/or other materials provided with the distribution. | 21 | | | 22 | | * The names of the contributors may not be used to endorse or promote | 23 | | products derived from this software without specific prior written | 24 | | permission. | 25 | +-----------------------------------------------------------------------------+ 26 | | THIS SOFTWARE IS PROVIDED BY THE AUTHORS ""AS IS"" AND ANY EXPRESS OR | 27 | | IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | 28 | | OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | 29 | | IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, | 30 | | INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | 31 | | NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | 32 | | DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | 33 | | THEORY LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING | 34 | | NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,| 35 | | EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 36 | +-----------------------------------------------------------------------------+ 37 | */ 38 | 39 | #include "basic_types.h" 40 | #include "gf_p44417_type.h" 41 | #include "gf_p44417_arith.h" 42 | 43 | void gfp44417add(gfe_p44417_8L *h,const gfe_p44417_8L *f,const gfe_p44417_8L *g) { 44 | 45 | uchar8 i; 46 | uint64 t[NLIMBS+1]; 47 | 48 | for (i=0; il[i] + g->l[i]; 51 | h->l[i] = t[i]; 52 | } 53 | } 54 | -------------------------------------------------------------------------------- /M4058/portable-c/source/gf_p44417_makeunique.c: -------------------------------------------------------------------------------- 1 | /* 2 | +-----------------------------------------------------------------------------+ 3 | | This code corresponds to the paper https://eprint.iacr.org/2019/1259.pdf by | 4 | | Kaushik Nath, Indian Statistical Institute, Kolkata, India, and | 5 | | Palash Sarkar, Indian Statistical Institute, Kolkata, India. | 6 | +-----------------------------------------------------------------------------+ 7 | | Copyright (c) 2020, Kaushik Nath and Palash Sarkar. | 8 | | | 9 | | Permission to use this code is granted. | 10 | | | 11 | | Redistribution and use in source and binary forms, with or without | 12 | | modification, are permitted provided that the following conditions are | 13 | | met: | 14 | | | 15 | | * Redistributions of source code must retain the above copyright notice, | 16 | | this list of conditions and the following disclaimer. | 17 | | | 18 | | * Redistributions in binary form must reproduce the above copyright | 19 | | notice, this list of conditions and the following disclaimer in the | 20 | | documentation and/or other materials provided with the distribution. | 21 | | | 22 | | * The names of the contributors may not be used to endorse or promote | 23 | | products derived from this software without specific prior written | 24 | | permission. | 25 | +-----------------------------------------------------------------------------+ 26 | | THIS SOFTWARE IS PROVIDED BY THE AUTHORS ""AS IS"" AND ANY EXPRESS OR | 27 | | IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | 28 | | OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | 29 | | IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, | 30 | | INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | 31 | | NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | 32 | | DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | 33 | | THEORY LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING | 34 | | NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,| 35 | | EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 36 | +-----------------------------------------------------------------------------+ 37 | */ 38 | 39 | #include "basic_types.h" 40 | #include "gf_p44417_type.h" 41 | #include "gf_p44417_arith.h" 42 | 43 | void gfp44417makeunique(gfe_p44417_7L *h) { 44 | 45 | uchar8 i; 46 | uint64 u,v; 47 | 48 | u = (h->l[0] >= p0); 49 | for (i=1; il[i] == p1_5); 51 | u = u & (h->l[NLIMBS-1] == p6); 52 | v = -u; u = ~v; 53 | 54 | h->l[0] = (h->l[0] & u) | ((h->l[0] - p0) & v); 55 | for (i=1; il[i] = (h->l[i] & u) | (0ULL & v); 57 | } 58 | -------------------------------------------------------------------------------- /M4058/portable-c/source/gf_p44417_sub.c: -------------------------------------------------------------------------------- 1 | /* 2 | +-----------------------------------------------------------------------------+ 3 | | This code corresponds to the paper https://eprint.iacr.org/2019/1259.pdf by | 4 | | Kaushik Nath, Indian Statistical Institute, Kolkata, India, and | 5 | | Palash Sarkar, Indian Statistical Institute, Kolkata, India. | 6 | +-----------------------------------------------------------------------------+ 7 | | Copyright (c) 2020, Kaushik Nath and Palash Sarkar. | 8 | | | 9 | | Permission to use this code is granted. | 10 | | | 11 | | Redistribution and use in source and binary forms, with or without | 12 | | modification, are permitted provided that the following conditions are | 13 | | met: | 14 | | | 15 | | * Redistributions of source code must retain the above copyright notice, | 16 | | this list of conditions and the following disclaimer. | 17 | | | 18 | | * Redistributions in binary form must reproduce the above copyright | 19 | | notice, this list of conditions and the following disclaimer in the | 20 | | documentation and/or other materials provided with the distribution. | 21 | | | 22 | | * The names of the contributors may not be used to endorse or promote | 23 | | products derived from this software without specific prior written | 24 | | permission. | 25 | +-----------------------------------------------------------------------------+ 26 | | THIS SOFTWARE IS PROVIDED BY THE AUTHORS ""AS IS"" AND ANY EXPRESS OR | 27 | | IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | 28 | | OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | 29 | | IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, | 30 | | INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | 31 | | NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | 32 | | DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | 33 | | THEORY LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING | 34 | | NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,| 35 | | EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 36 | +-----------------------------------------------------------------------------+ 37 | */ 38 | 39 | #include "basic_types.h" 40 | #include "gf_p44417_type.h" 41 | #include "gf_p44417_arith.h" 42 | 43 | void gfp44417sub(gfe_p44417_8L *h,const gfe_p44417_8L *f,const gfe_p44417_8L *g) { 44 | 45 | uchar8 i; 46 | uint64 t[NLIMBS+1]; 47 | 48 | t[0] = f->l[0] + _2p0; 49 | for (i=1; il[i] + _2p1_6; 50 | t[NLIMBS] = f->l[NLIMBS] + _2p7; 51 | 52 | for (i=0; il[i]; 55 | h->l[i] = t[i]; 56 | } 57 | } 58 | -------------------------------------------------------------------------------- /M4698/README.md: -------------------------------------------------------------------------------- 1 | ## Assembly and high-level implementations of scalar multiplication on the Montgomery curve M4698 2 | 3 | The source code of this directory correspond to the work [Security and Efficiency Trade-offs for Elliptic Curve Diffie-Hellman 4 | at the 128-bit and 224-bit Security Levels](https://eprint.iacr.org/2019/1259), authored by [Kaushik Nath](kaushikn_r@isical.ac.in) & [Palash Sarkar](palash@isical.ac.in) of [Indian Statistical Institute, Kolkata, India](https://www.isical.ac.in), 5 | containing various assembly and high-level (using only C) implementations of scalar multiplication on the Montgomery curve M4698. The implementations of Montgomery ladder are developed targeting the modern Intel architectures like Skylake and Haswell. 6 | 7 | To report a bug or make a comment regarding the implementations please drop a mail to: [Kaushik Nath](kaushikn_r@isical.ac.in). 8 | 9 | --- 10 | 11 | ### Compilation and execution of programs 12 | 13 | * Please compile the ```makefile``` in the **test** directory and execute the generated executable file. 14 | * One can change the architecture accordingly in the makefile before compilation. Default provided is ```Skylake```. 15 | --- 16 | 17 | ### Overview of the implementations in the repository 18 | 19 | * **intel64-maa-5limb**: 5-limb 64-bit assembly implementation using the instructions ```mul/add/adc```. 20 | 21 | * **intel64-maa-4limb**: 4-limb 64-bit assembly implementation using the instructions ```mul/add/adc```. 22 | 23 | * **intel64-mxaa-4limb**: 4-limb 64-bit assembly implementation using the instructions ```mulx/add/adc```. 24 | 25 | * **intel64-maax-4limb**: 4-limb 64-bit assembly implementation using the instructions ```mulx/adcx/adox```. 26 | 27 | * **intel64-avx2-4x1-9limb**: 9-limb 4-way vectorized assembly implementations using Algorithms 7, 8 and 9 of [Efficient 4-way Vectorizations of the Montgomery Ladder](https://eprint.iacr.org/2020/378.pdf). 28 | 29 | * **portable-c**: 5-limb 64-bit high-level implementation using only C. 30 | 31 | 32 | 33 | --- 34 | -------------------------------------------------------------------------------- /M4698/intel64-avx2-4x1-9limb/include/M4698.h: -------------------------------------------------------------------------------- 1 | /* 2 | +-----------------------------------------------------------------------------+ 3 | | This code corresponds to the paper https://eprint.iacr.org/2019/1259.pdf by | 4 | | Kaushik Nath, Indian Statistical Institute, Kolkata, India, and | 5 | | Palash Sarkar, Indian Statistical Institute, Kolkata, India. | 6 | +-----------------------------------------------------------------------------+ 7 | | Copyright (c) 2020, Kaushik Nath and Palash Sarkar. | 8 | | | 9 | | Permission to use this code is granted. | 10 | | | 11 | | Redistribution and use in source and binary forms, with or without | 12 | | modification, are permitted provided that the following conditions are | 13 | | met: | 14 | | | 15 | | * Redistributions of source code must retain the above copyright notice, | 16 | | this list of conditions and the following disclaimer. | 17 | | | 18 | | * Redistributions in binary form must reproduce the above copyright | 19 | | notice, this list of conditions and the following disclaimer in the | 20 | | documentation and/or other materials provided with the distribution. | 21 | | | 22 | | * The names of the contributors may not be used to endorse or promote | 23 | | products derived from this software without specific prior written | 24 | | permission. | 25 | +-----------------------------------------------------------------------------+ 26 | | THIS SOFTWARE IS PROVIDED BY THE AUTHORS ""AS IS"" AND ANY EXPRESS OR | 27 | | IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | 28 | | OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | 29 | | IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, | 30 | | INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | 31 | | NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | 32 | | DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | 33 | | THEORY LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING | 34 | | NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,| 35 | | EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 36 | +-----------------------------------------------------------------------------+ 37 | */ 38 | 39 | #ifndef __M4698_H__ 40 | #define __M4698_H__ 41 | 42 | #include "basic_types.h" 43 | #include "gf_p2519_type.h" 44 | 45 | #define CRYPTO_BYTES 32 46 | 47 | extern void M4698_mladder(vec *, const vec *, const uchar8 *); 48 | extern void M4698_mladder_base(vec *, const vec, const uchar8 *); 49 | 50 | int M4698_scalarmult(uchar8 *, const uchar8 *, const uchar8 *); 51 | int M4698_scalarmult_base(uchar8 *, const uchar8 *, const uchar8 *); 52 | 53 | #endif 54 | -------------------------------------------------------------------------------- /M4698/intel64-avx2-4x1-9limb/include/basic_types.h: -------------------------------------------------------------------------------- 1 | /* 2 | +-----------------------------------------------------------------------------+ 3 | | This code corresponds to the paper https://eprint.iacr.org/2019/1259.pdf by | 4 | | Kaushik Nath, Indian Statistical Institute, Kolkata, India, and | 5 | | Palash Sarkar, Indian Statistical Institute, Kolkata, India. | 6 | +-----------------------------------------------------------------------------+ 7 | | Copyright (c) 2020, Kaushik Nath and Palash Sarkar. | 8 | | | 9 | | Permission to use this code is granted. | 10 | | | 11 | | Redistribution and use in source and binary forms, with or without | 12 | | modification, are permitted provided that the following conditions are | 13 | | met: | 14 | | | 15 | | * Redistributions of source code must retain the above copyright notice, | 16 | | this list of conditions and the following disclaimer. | 17 | | | 18 | | * Redistributions in binary form must reproduce the above copyright | 19 | | notice, this list of conditions and the following disclaimer in the | 20 | | documentation and/or other materials provided with the distribution. | 21 | | | 22 | | * The names of the contributors may not be used to endorse or promote | 23 | | products derived from this software without specific prior written | 24 | | permission. | 25 | +-----------------------------------------------------------------------------+ 26 | | THIS SOFTWARE IS PROVIDED BY THE AUTHORS ""AS IS"" AND ANY EXPRESS OR | 27 | | IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | 28 | | OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | 29 | | IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, | 30 | | INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | 31 | | NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | 32 | | DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | 33 | | THEORY LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING | 34 | | NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,| 35 | | EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 36 | +-----------------------------------------------------------------------------+ 37 | */ 38 | 39 | #ifndef __BASIC_TYPE_H__ 40 | #define __BASIC_TYPE_H__ 41 | 42 | typedef unsigned char uchar8; 43 | typedef unsigned long long uint64; 44 | 45 | #endif 46 | -------------------------------------------------------------------------------- /M4698/intel64-avx2-4x1-9limb/include/gf_p2519_pack.h: -------------------------------------------------------------------------------- 1 | /* 2 | +-----------------------------------------------------------------------------+ 3 | | This code corresponds to the paper https://eprint.iacr.org/2019/1259.pdf by | 4 | | Kaushik Nath, Indian Statistical Institute, Kolkata, India, and | 5 | | Palash Sarkar, Indian Statistical Institute, Kolkata, India. | 6 | +-----------------------------------------------------------------------------+ 7 | | Copyright (c) 2020, Kaushik Nath and Palash Sarkar. | 8 | | | 9 | | Permission to use this code is granted. | 10 | | | 11 | | Redistribution and use in source and binary forms, with or without | 12 | | modification, are permitted provided that the following conditions are | 13 | | met: | 14 | | | 15 | | * Redistributions of source code must retain the above copyright notice, | 16 | | this list of conditions and the following disclaimer. | 17 | | | 18 | | * Redistributions in binary form must reproduce the above copyright | 19 | | notice, this list of conditions and the following disclaimer in the | 20 | | documentation and/or other materials provided with the distribution. | 21 | | | 22 | | * The names of the contributors may not be used to endorse or promote | 23 | | products derived from this software without specific prior written | 24 | | permission. | 25 | +-----------------------------------------------------------------------------+ 26 | | THIS SOFTWARE IS PROVIDED BY THE AUTHORS ""AS IS"" AND ANY EXPRESS OR | 27 | | IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | 28 | | OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | 29 | | IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, | 30 | | INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | 31 | | NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | 32 | | DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | 33 | | THEORY LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING | 34 | | NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,| 35 | | EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 36 | +-----------------------------------------------------------------------------+ 37 | */ 38 | 39 | #ifndef __P2519_PACK_H__ 40 | #define __P2519_PACK_H__ 41 | 42 | #include "basic_types.h" 43 | #include "gf_p2519_type.h" 44 | 45 | void gfp2519pack(gfe_p2519_9L *, const uchar8 *); 46 | void gfp2519pack94(gfe_p2519_4L *, const gfe_p2519_9L *); 47 | void gfp2519unpack(uchar8 *, const gfe_p2519_4L *); 48 | 49 | #endif 50 | -------------------------------------------------------------------------------- /M4698/intel64-avx2-4x1-9limb/include/gf_p2519_type.h: -------------------------------------------------------------------------------- 1 | /* 2 | +-----------------------------------------------------------------------------+ 3 | | This code corresponds to the paper https://eprint.iacr.org/2019/1259.pdf by | 4 | | Kaushik Nath, Indian Statistical Institute, Kolkata, India, and | 5 | | Palash Sarkar, Indian Statistical Institute, Kolkata, India. | 6 | +-----------------------------------------------------------------------------+ 7 | | Copyright (c) 2020, Kaushik Nath and Palash Sarkar. | 8 | | | 9 | | Permission to use this code is granted. | 10 | | | 11 | | Redistribution and use in source and binary forms, with or without | 12 | | modification, are permitted provided that the following conditions are | 13 | | met: | 14 | | | 15 | | * Redistributions of source code must retain the above copyright notice, | 16 | | this list of conditions and the following disclaimer. | 17 | | | 18 | | * Redistributions in binary form must reproduce the above copyright | 19 | | notice, this list of conditions and the following disclaimer in the | 20 | | documentation and/or other materials provided with the distribution. | 21 | | | 22 | | * The names of the contributors may not be used to endorse or promote | 23 | | products derived from this software without specific prior written | 24 | | permission. | 25 | +-----------------------------------------------------------------------------+ 26 | | THIS SOFTWARE IS PROVIDED BY THE AUTHORS ""AS IS"" AND ANY EXPRESS OR | 27 | | IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | 28 | | OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | 29 | | IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, | 30 | | INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | 31 | | NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | 32 | | DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | 33 | | THEORY LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING | 34 | | NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,| 35 | | EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 36 | +-----------------------------------------------------------------------------+ 37 | */ 38 | 39 | #ifndef __P2519_TYPE_H__ 40 | #define __P2519_TYPE_H__ 41 | 42 | #include "basic_types.h" 43 | 44 | #define NLIMBS 4 45 | #define NLIMBS_VEC 9 46 | 47 | #define ALIGN32 __attribute__ ((aligned(32))) 48 | 49 | typedef struct { 50 | uint64 l[NLIMBS]; 51 | } 52 | gfe_p2519_4L; 53 | 54 | typedef struct { 55 | uint64 l[NLIMBS_VEC]; 56 | } 57 | gfe_p2519_9L; 58 | 59 | typedef uint64 ALIGN32 vec[4]; 60 | 61 | #endif 62 | -------------------------------------------------------------------------------- /M4698/intel64-avx2-4x1-9limb/include/measure.h: -------------------------------------------------------------------------------- 1 | /* 2 | +-------------------------------------------------------------------------------+ 3 | | This file has the performance measurement strategy used in the paper titled | 4 | | "The Software Performance of Authenticated-Encryption Modes" by the authors | 5 | | Ted Krovetz and Phillip Rogaway. | 6 | | Web link: http://dx.doi.org/10.1007/978-3-642-21702-9_18 | 7 | +-------------------------------------------------------------------------------+ 8 | */ 9 | 10 | #ifndef __MEASURE__ 11 | #define __MEASURE__ 12 | 13 | int comp(const void *, const void *); 14 | void median_next(unsigned); 15 | extern void qsort(void *, size_t, size_t, int (*)(const void *, const void *)); 16 | 17 | #define CACHE_WARM_ITER 1000 18 | #define MAX_ITER 2000 19 | #define M 1000 20 | #define N 1000 21 | 22 | #define STAMP ({unsigned res; __asm__ __volatile__ ("rdtsc" : "=a"(res) : : "edx"); res;}) /* Time stamp */ 23 | 24 | #define MEASURE_TIME(x) \ 25 | do { \ 26 | int i,j; \ 27 | for (i = 0; i < M; i++) { \ 28 | \ 29 | unsigned c2, c1; \ 30 | for(j=0;j 43 | 44 | typedef unsigned char uchar8; 45 | typedef unsigned long long uint64; 46 | typedef __uint128_t uint128; 47 | 48 | #endif 49 | -------------------------------------------------------------------------------- /M4698/portable-c/include/gf_p2519_pack.h: -------------------------------------------------------------------------------- 1 | /* 2 | +-----------------------------------------------------------------------------+ 3 | | This code corresponds to the paper https://eprint.iacr.org/2019/1259.pdf by | 4 | | Kaushik Nath, Indian Statistical Institute, Kolkata, India, and | 5 | | Palash Sarkar, Indian Statistical Institute, Kolkata, India. | 6 | +-----------------------------------------------------------------------------+ 7 | | Copyright (c) 2020, Kaushik Nath and Palash Sarkar. | 8 | | | 9 | | Permission to use this code is granted. | 10 | | | 11 | | Redistribution and use in source and binary forms, with or without | 12 | | modification, are permitted provided that the following conditions are | 13 | | met: | 14 | | | 15 | | * Redistributions of source code must retain the above copyright notice, | 16 | | this list of conditions and the following disclaimer. | 17 | | | 18 | | * Redistributions in binary form must reproduce the above copyright | 19 | | notice, this list of conditions and the following disclaimer in the | 20 | | documentation and/or other materials provided with the distribution. | 21 | | | 22 | | * The names of the contributors may not be used to endorse or promote | 23 | | products derived from this software without specific prior written | 24 | | permission. | 25 | +-----------------------------------------------------------------------------+ 26 | | THIS SOFTWARE IS PROVIDED BY THE AUTHORS ""AS IS"" AND ANY EXPRESS OR | 27 | | IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | 28 | | OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | 29 | | IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, | 30 | | INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | 31 | | NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | 32 | | DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | 33 | | THEORY LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING | 34 | | NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,| 35 | | EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 36 | +-----------------------------------------------------------------------------+ 37 | */ 38 | 39 | #ifndef __P2519_PACK_H__ 40 | #define __P2519_PACK_H__ 41 | 42 | #include "basic_types.h" 43 | #include "gf_p2519_type.h" 44 | 45 | void gfp2519pack(gfe_p2519_5L *,const uchar8 *); 46 | void gfp2519unpack(uchar8 *,const gfe_p2519_4L *); 47 | void gfp2519pack54(gfe_p2519_4L *,const gfe_p2519_5L *); 48 | 49 | #endif 50 | -------------------------------------------------------------------------------- /M4698/portable-c/include/gf_p2519_type.h: -------------------------------------------------------------------------------- 1 | /* 2 | +-----------------------------------------------------------------------------+ 3 | | This code corresponds to the paper https://eprint.iacr.org/2019/1259.pdf by | 4 | | Kaushik Nath, Indian Statistical Institute, Kolkata, India, and | 5 | | Palash Sarkar, Indian Statistical Institute, Kolkata, India. | 6 | +-----------------------------------------------------------------------------+ 7 | | Copyright (c) 2020, Kaushik Nath and Palash Sarkar. | 8 | | | 9 | | Permission to use this code is granted. | 10 | | | 11 | | Redistribution and use in source and binary forms, with or without | 12 | | modification, are permitted provided that the following conditions are | 13 | | met: | 14 | | | 15 | | * Redistributions of source code must retain the above copyright notice, | 16 | | this list of conditions and the following disclaimer. | 17 | | | 18 | | * Redistributions in binary form must reproduce the above copyright | 19 | | notice, this list of conditions and the following disclaimer in the | 20 | | documentation and/or other materials provided with the distribution. | 21 | | | 22 | | * The names of the contributors may not be used to endorse or promote | 23 | | products derived from this software without specific prior written | 24 | | permission. | 25 | +-----------------------------------------------------------------------------+ 26 | | THIS SOFTWARE IS PROVIDED BY THE AUTHORS ""AS IS"" AND ANY EXPRESS OR | 27 | | IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | 28 | | OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | 29 | | IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, | 30 | | INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | 31 | | NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | 32 | | DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | 33 | | THEORY LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING | 34 | | NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,| 35 | | EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 36 | +-----------------------------------------------------------------------------+ 37 | */ 38 | 39 | #ifndef __P2519_TYPE_H__ 40 | #define __P2519_TYPE_H__ 41 | 42 | #define NLIMBS 4 43 | 44 | #include "basic_types.h" 45 | 46 | typedef struct { 47 | uint64 l[NLIMBS]; 48 | } 49 | gfe_p2519_4L; 50 | 51 | typedef struct { 52 | uint64 l[NLIMBS+1]; 53 | } 54 | gfe_p2519_5L; 55 | 56 | #endif 57 | -------------------------------------------------------------------------------- /M4698/portable-c/source/gf_p2519_add.c: -------------------------------------------------------------------------------- 1 | /* 2 | +-----------------------------------------------------------------------------+ 3 | | This code corresponds to the paper https://eprint.iacr.org/2019/1259.pdf by | 4 | | Kaushik Nath, Indian Statistical Institute, Kolkata, India, and | 5 | | Palash Sarkar, Indian Statistical Institute, Kolkata, India. | 6 | +-----------------------------------------------------------------------------+ 7 | | Copyright (c) 2020, Kaushik Nath and Palash Sarkar. | 8 | | | 9 | | Permission to use this code is granted. | 10 | | | 11 | | Redistribution and use in source and binary forms, with or without | 12 | | modification, are permitted provided that the following conditions are | 13 | | met: | 14 | | | 15 | | * Redistributions of source code must retain the above copyright notice, | 16 | | this list of conditions and the following disclaimer. | 17 | | | 18 | | * Redistributions in binary form must reproduce the above copyright | 19 | | notice, this list of conditions and the following disclaimer in the | 20 | | documentation and/or other materials provided with the distribution. | 21 | | | 22 | | * The names of the contributors may not be used to endorse or promote | 23 | | products derived from this software without specific prior written | 24 | | permission. | 25 | +-----------------------------------------------------------------------------+ 26 | | THIS SOFTWARE IS PROVIDED BY THE AUTHORS ""AS IS"" AND ANY EXPRESS OR | 27 | | IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | 28 | | OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | 29 | | IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, | 30 | | INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | 31 | | NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | 32 | | DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | 33 | | THEORY LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING | 34 | | NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,| 35 | | EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 36 | +-----------------------------------------------------------------------------+ 37 | */ 38 | 39 | #include "basic_types.h" 40 | #include "gf_p2519_type.h" 41 | #include "gf_p2519_arith.h" 42 | 43 | void gfp2519add(gfe_p2519_5L *h,const gfe_p2519_5L *f,const gfe_p2519_5L *g) { 44 | 45 | uchar8 i; 46 | uint64 t[NLIMBS+1]; 47 | 48 | for (i=0; il[i] + g->l[i]; 51 | h->l[i] = t[i]; 52 | } 53 | } 54 | -------------------------------------------------------------------------------- /M4698/portable-c/source/gf_p2519_makeunique.c: -------------------------------------------------------------------------------- 1 | /* 2 | +-----------------------------------------------------------------------------+ 3 | | This code corresponds to the paper https://eprint.iacr.org/2019/1259.pdf by | 4 | | Kaushik Nath, Indian Statistical Institute, Kolkata, India, and | 5 | | Palash Sarkar, Indian Statistical Institute, Kolkata, India. | 6 | +-----------------------------------------------------------------------------+ 7 | | Copyright (c) 2020, Kaushik Nath and Palash Sarkar. | 8 | | | 9 | | Permission to use this code is granted. | 10 | | | 11 | | Redistribution and use in source and binary forms, with or without | 12 | | modification, are permitted provided that the following conditions are | 13 | | met: | 14 | | | 15 | | * Redistributions of source code must retain the above copyright notice, | 16 | | this list of conditions and the following disclaimer. | 17 | | | 18 | | * Redistributions in binary form must reproduce the above copyright | 19 | | notice, this list of conditions and the following disclaimer in the | 20 | | documentation and/or other materials provided with the distribution. | 21 | | | 22 | | * The names of the contributors may not be used to endorse or promote | 23 | | products derived from this software without specific prior written | 24 | | permission. | 25 | +-----------------------------------------------------------------------------+ 26 | | THIS SOFTWARE IS PROVIDED BY THE AUTHORS ""AS IS"" AND ANY EXPRESS OR | 27 | | IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | 28 | | OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | 29 | | IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, | 30 | | INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | 31 | | NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | 32 | | DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | 33 | | THEORY LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING | 34 | | NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,| 35 | | EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 36 | +-----------------------------------------------------------------------------+ 37 | */ 38 | 39 | #include "basic_types.h" 40 | #include "gf_p2519_type.h" 41 | #include "gf_p2519_arith.h" 42 | 43 | void gfp2519makeunique(gfe_p2519_4L *h) { 44 | 45 | uchar8 i; 46 | uint64 u,v; 47 | 48 | u = (h->l[0] >= p0); 49 | for (i=1; il[i] == p12); 51 | u = u & (h->l[NLIMBS-1] == p3); 52 | v = -u; u = ~v; 53 | 54 | h->l[0] = (h->l[0] & u) | ((h->l[0] - p0) & v); 55 | for (i=1; il[i] = (h->l[i] & u) | (0ULL & v); 57 | } 58 | -------------------------------------------------------------------------------- /M4698/portable-c/source/gf_p2519_sub.c: -------------------------------------------------------------------------------- 1 | /* 2 | +-----------------------------------------------------------------------------+ 3 | | This code corresponds to the paper https://eprint.iacr.org/2019/1259.pdf by | 4 | | Kaushik Nath, Indian Statistical Institute, Kolkata, India, and | 5 | | Palash Sarkar, Indian Statistical Institute, Kolkata, India. | 6 | +-----------------------------------------------------------------------------+ 7 | | Copyright (c) 2020, Kaushik Nath and Palash Sarkar. | 8 | | | 9 | | Permission to use this code is granted. | 10 | | | 11 | | Redistribution and use in source and binary forms, with or without | 12 | | modification, are permitted provided that the following conditions are | 13 | | met: | 14 | | | 15 | | * Redistributions of source code must retain the above copyright notice, | 16 | | this list of conditions and the following disclaimer. | 17 | | | 18 | | * Redistributions in binary form must reproduce the above copyright | 19 | | notice, this list of conditions and the following disclaimer in the | 20 | | documentation and/or other materials provided with the distribution. | 21 | | | 22 | | * The names of the contributors may not be used to endorse or promote | 23 | | products derived from this software without specific prior written | 24 | | permission. | 25 | +-----------------------------------------------------------------------------+ 26 | | THIS SOFTWARE IS PROVIDED BY THE AUTHORS ""AS IS"" AND ANY EXPRESS OR | 27 | | IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES | 28 | | OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. | 29 | | IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, | 30 | | INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | 31 | | NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | 32 | | DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | 33 | | THEORY LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING | 34 | | NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,| 35 | | EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 36 | +-----------------------------------------------------------------------------+ 37 | */ 38 | 39 | #include "basic_types.h" 40 | #include "gf_p2519_type.h" 41 | #include "gf_p2519_arith.h" 42 | 43 | void gfp2519sub(gfe_p2519_5L *h,const gfe_p2519_5L *f,const gfe_p2519_5L *g) { 44 | 45 | uchar8 i; 46 | uint64 t[NLIMBS+1]; 47 | 48 | t[0] = f->l[0] + _2p0; 49 | for (i=1; il[i] + _2p123; 50 | t[NLIMBS] = f->l[NLIMBS] + _2p4; 51 | 52 | for (i=0; il[i]; 55 | h->l[i] = t[i]; 56 | } 57 | } 58 | -------------------------------------------------------------------------------- /Magma/curve-search.m: -------------------------------------------------------------------------------- 1 | p := 2^251-9; 2 | F := GF(p); 3 | Z := IntegerRing(); 4 | 5 | function getSecParams(A) 6 | 7 | E := EllipticCurve([F!0,F!A,F!0,F!1,F!0]); 8 | n := #E; nT := 2*(p+1)-n; 9 | ell := n; h := 1; 10 | while (Z!ell mod 2) eq 0 do ell := ell/2; h := h*2; end while; 11 | while (Z!ell mod 3) eq 0 do ell := ell/3; h := h*3; end while; 12 | ellT := nT; hT := 1; 13 | while (Z!ellT mod 2) eq 0 do ellT := ellT/2; hT := hT*2; end while; 14 | while (Z!ellT mod 3) eq 0 do ellT := ellT/3; hT := hT*3; end while; 15 | if ( (h le 32) and (hT le 32) and (IsPrime(Z!ell)) and (IsPrime(Z!ellT)) ) then 16 | print "Success"; 17 | print "A = ", A; 18 | print "E = ", E; 19 | print "ordE = ", n; 20 | print "maxSubSz = ", ell; 21 | print "log(ell) = ", Log(2,ell); 22 | print "h = ", h; 23 | print "ordTwist = ", nT; 24 | print "maxSubSzT = " , ellT; 25 | print "log(ellT) = ", Log(2,ellT); 26 | print "hT = ", hT; 27 | return 1; 28 | end if; 29 | return 0; 30 | end function; 31 | 32 | // start main search 33 | 34 | for alpha := lo to hi do 35 | A := F!(4*alpha-2); 36 | flg := getSecParams(A); 37 | if (flg eq 1) then 38 | print "(A+2)/4 = ", alpha; 39 | end if; 40 | end for; 41 | 42 | print "Completed"; 43 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | ## Assembly and high-level implementations of scalar multiplication on the Montgomery curves M4698 and M4058 2 | 3 | The source code of this repository correspond to the work [Security and Efficiency Trade-offs for Elliptic Curve Diffie-Hellman 4 | at the 128-bit and 224-bit Security Levels](https://eprint.iacr.org/2019/1259), authored by [Kaushik Nath](kaushikn_r@isical.ac.in) & [Palash Sarkar](palash@isical.ac.in) of [Indian Statistical Institute, Kolkata, India](https://www.isical.ac.in), 5 | containing various assembly and high-level (using only C) implementations of scalar multiplication on the Montgomery curves M4058 and M4698. 6 | The implementations of Montgomery ladder are developed targeting the modern Intel architectures like Skylake and Haswell. 7 | 8 | To report a bug or make a comment regarding the implementations please drop a mail to: [Kaushik Nath](kaushikn_r@isical.ac.in). 9 | 10 | --- 11 | --------------------------------------------------------------------------------