yggm/libs/ed25519.cu

#include <ed25519.cuh>
#include <f25519.cuh>
__device__ __constant__ struct ed25519_pt ed25519_base = {
    {0x1a,0xd5,0x25,0x8f,0x60,0x2d,0x56,0xc9,0xb2,0xa7,0x25,0x95,0x60,0xc7,0x2c,0x69,
     0x5c,0xdc,0xd6,0xfd,0x31,0xe2,0xa4,0xc0,0xfe,0x53,0x6e,0xcd,0xd3,0x36,0x69,0x21},
    {0x58,0x66,0x66,0x66,0x66,0x66,0x66,0x66,0x66,0x66,0x66,0x66,0x66,0x66,0x66,0x66,
     0x66,0x66,0x66,0x66,0x66,0x66,0x66,0x66,0x66,0x66,0x66,0x66,0x66,0x66,0x66,0x66},
    {0xa3,0xdd,0xb7,0xa5,0xb3,0x8a,0xde,0x6d,0xf5,0x52,0x51,0x77,0x80,0x9f,0xf0,0x20,
     0x7d,0xe3,0xab,0x64,0x8e,0x4e,0xea,0x66,0x65,0x76,0x8b,0xd7,0x0f,0x5f,0x87,0x67},
    {1,0}
};
__device__ __constant__ struct ed25519_pt ed25519_neutral = {
    {0}, {1,0}, {0}, {1,0}
};
__device__ __constant__ unsigned char ed25519_d[32] = {
    0xa3,0x78,0x59,0x13,0xca,0x4d,0xeb,0x75,0xab,0xd8,0x41,0x41,0x4d,0x0a,0x70,0x00,
    0x98,0xe8,0x79,0x77,0x79,0x40,0xc7,0x8c,0x73,0xfe,0x6f,0x2b,0xee,0x6c,0x03,0x52
};
__device__ __constant__ unsigned char ed25519_k[32] = {
    0x59,0xf1,0xb2,0x26,0x94,0x9b,0xd6,0xeb,0x56,0xb1,0x83,0x82,0x9a,0x14,0xe0,0x00,
    0x30,0xd1,0xf3,0xee,0xf2,0x80,0x8e,0x19,0xe7,0xfc,0xdf,0x56,0xdc,0xd9,0x06,0x24
};
__device__ void ed25519_unproject(unsigned char* __restrict__ x, unsigned char* __restrict__ y, const struct ed25519_pt* __restrict__ p) {
    unsigned char z1[32];
    f25519_inv__distinct(z1, p->z);
    f25519_mul__distinct(x, p->x, z1);
    f25519_mul__distinct(y, p->y, z1);
    f25519_normalize(x);
    f25519_normalize(y);
}
__device__ void ed25519_pack(unsigned char* __restrict__ c, const unsigned char* __restrict__ x, const unsigned char* __restrict__ y) {
    unsigned char tmp[32];
    unsigned char parity;
    f25519_copy(tmp, x);
    f25519_normalize(tmp);
    parity = (tmp[0] & 1) << 7;
    f25519_copy(c, y);
    f25519_normalize(c);
    c[31] |= parity;
}
__device__ __forceinline__ void ed25519_add(struct ed25519_pt* __restrict__ r, const struct ed25519_pt* __restrict__ p1, const struct ed25519_pt* __restrict__ p2) {
    unsigned char a[32], b[32], c[32], d[32], e[32], f[32], g[32], h[32];
    f25519_sub(c, p1->y, p1->x);
    f25519_sub(d, p2->y, p2->x);
    f25519_mul__distinct(a, c, d);
    f25519_add(c, p1->y, p1->x);
    f25519_add(d, p2->y, p2->x);
    f25519_mul__distinct(b, c, d);
    f25519_mul__distinct(d, p1->t, p2->t);
    f25519_mul__distinct(c, d, ed25519_k);
    f25519_mul__distinct(d, p1->z, p2->z);
    f25519_add(d, d, d);
    f25519_sub(e, b, a);
    f25519_sub(f, d, c);
    f25519_add(g, d, c);
    f25519_add(h, b, a);
    f25519_mul__distinct(r->x, e, f);
    f25519_mul__distinct(r->y, g, h);
    f25519_mul__distinct(r->t, e, h);
    f25519_mul__distinct(r->z, f, g);
}
__device__ __forceinline__ void ed25519_double(struct ed25519_pt* __restrict__ r, const struct ed25519_pt* __restrict__ p) {
    unsigned char a[32], b[32], c[32], e[32], f[32], g[32], h[32];
    f25519_mul__distinct(a, p->x, p->x);
    f25519_mul__distinct(b, p->y, p->y);
    f25519_mul__distinct(c, p->z, p->z);
    f25519_add(c, c, c);
    f25519_add(f, p->x, p->y);
    f25519_mul__distinct(e, f, f);
    f25519_sub(e, e, a);
    f25519_sub(e, e, b);
    f25519_sub(g, b, a);
    f25519_sub(f, g, c);
    f25519_neg(h, b);
    f25519_sub(h, h, a);
    f25519_mul__distinct(r->x, e, f);
    f25519_mul__distinct(r->y, g, h);
    f25519_mul__distinct(r->t, e, h);
    f25519_mul__distinct(r->z, f, g);
}
__device__ __forceinline__ void ed25519_copy(struct ed25519_pt* __restrict__ dst, const struct ed25519_pt* __restrict__ src) {
    f25519_copy(dst->x, src->x);
    f25519_copy(dst->y, src->y);
    f25519_copy(dst->t, src->t);
    f25519_copy(dst->z, src->z);
}
__device__ void ed25519_smult(ed25519_pt* r_out, const struct ed25519_pt* __restrict__ p, const unsigned char* __restrict__ e) {
    ed25519_pt r = ed25519_neutral;
#pragma unroll 256
    for (int i = 255; i >= 0; i--) {
        struct ed25519_pt s;
        ed25519_double(&r, &r);
        ed25519_add(&s, &r, p);
        unsigned char bit = (e[i >> 3] >> (i & 7)) & 1;
        f25519_select(r.x, r.x, s.x, bit);
        f25519_select(r.y, r.y, s.y, bit);
        f25519_select(r.z, r.z, s.z, bit);
        f25519_select(r.t, r.t, s.t, bit);
    }
    ed25519_copy(r_out, &r);
}
__device__ void ed25519_prepare(unsigned char* __restrict__ e) {
    e[0] &= 0xf8;
    e[31] &= 0x7f;
    e[31] |= 0x40;
}
fixes 2025-03-14 22:52:59 +05:00			`#include <ed25519.cuh>`
			`#include <f25519.cuh>`
			`__device__ __constant__ struct ed25519_pt ed25519_base = {`
			`{0x1a,0xd5,0x25,0x8f,0x60,0x2d,0x56,0xc9,0xb2,0xa7,0x25,0x95,0x60,0xc7,0x2c,0x69,`
			`0x5c,0xdc,0xd6,0xfd,0x31,0xe2,0xa4,0xc0,0xfe,0x53,0x6e,0xcd,0xd3,0x36,0x69,0x21},`
			`{0x58,0x66,0x66,0x66,0x66,0x66,0x66,0x66,0x66,0x66,0x66,0x66,0x66,0x66,0x66,0x66,`
			`0x66,0x66,0x66,0x66,0x66,0x66,0x66,0x66,0x66,0x66,0x66,0x66,0x66,0x66,0x66,0x66},`
			`{0xa3,0xdd,0xb7,0xa5,0xb3,0x8a,0xde,0x6d,0xf5,0x52,0x51,0x77,0x80,0x9f,0xf0,0x20,`
			`0x7d,0xe3,0xab,0x64,0x8e,0x4e,0xea,0x66,0x65,0x76,0x8b,0xd7,0x0f,0x5f,0x87,0x67},`
			`{1,0}`
			`};`
			`__device__ __constant__ struct ed25519_pt ed25519_neutral = {`
			`{0}, {1,0}, {0}, {1,0}`
			`};`
optimized 2025-03-15 04:42:31 +05:00			`__device__ __constant__ unsigned char ed25519_d[32] = {`
fixes 2025-03-14 22:52:59 +05:00			`0xa3,0x78,0x59,0x13,0xca,0x4d,0xeb,0x75,0xab,0xd8,0x41,0x41,0x4d,0x0a,0x70,0x00,`
			`0x98,0xe8,0x79,0x77,0x79,0x40,0xc7,0x8c,0x73,0xfe,0x6f,0x2b,0xee,0x6c,0x03,0x52`
			`};`
optimized 2025-03-15 04:42:31 +05:00			`__device__ __constant__ unsigned char ed25519_k[32] = {`
fixes 2025-03-14 22:52:59 +05:00			`0x59,0xf1,0xb2,0x26,0x94,0x9b,0xd6,0xeb,0x56,0xb1,0x83,0x82,0x9a,0x14,0xe0,0x00,`
			`0x30,0xd1,0xf3,0xee,0xf2,0x80,0x8e,0x19,0xe7,0xfc,0xdf,0x56,0xdc,0xd9,0x06,0x24`
			`};`
optimized 2025-03-15 04:42:31 +05:00			`__device__ void ed25519_unproject(unsigned char* __restrict__ x, unsigned char* __restrict__ y, const struct ed25519_pt* __restrict__ p) {`
			`unsigned char z1[32];`
fixes 2025-03-14 22:52:59 +05:00			`f25519_inv__distinct(z1, p->z);`
			`f25519_mul__distinct(x, p->x, z1);`
			`f25519_mul__distinct(y, p->y, z1);`
			`f25519_normalize(x);`
			`f25519_normalize(y);`
			`}`
optimized 2025-03-15 04:42:31 +05:00			`__device__ void ed25519_pack(unsigned char* __restrict__ c, const unsigned char* __restrict__ x, const unsigned char* __restrict__ y) {`
			`unsigned char tmp[32];`
fixes 2025-03-14 22:52:59 +05:00			`unsigned char parity;`
			`f25519_copy(tmp, x);`
			`f25519_normalize(tmp);`
			`parity = (tmp[0] & 1) << 7;`
			`f25519_copy(c, y);`
			`f25519_normalize(c);`
			`c[31] \|= parity;`
			`}`
optimized 2025-03-15 04:42:31 +05:00			`__device__ __forceinline__ void ed25519_add(struct ed25519_pt* __restrict__ r, const struct ed25519_pt* __restrict__ p1, const struct ed25519_pt* __restrict__ p2) {`
			`unsigned char a[32], b[32], c[32], d[32], e[32], f[32], g[32], h[32];`
fixes 2025-03-14 22:52:59 +05:00			`f25519_sub(c, p1->y, p1->x);`
			`f25519_sub(d, p2->y, p2->x);`
			`f25519_mul__distinct(a, c, d);`
			`f25519_add(c, p1->y, p1->x);`
			`f25519_add(d, p2->y, p2->x);`
			`f25519_mul__distinct(b, c, d);`
			`f25519_mul__distinct(d, p1->t, p2->t);`
			`f25519_mul__distinct(c, d, ed25519_k);`
			`f25519_mul__distinct(d, p1->z, p2->z);`
			`f25519_add(d, d, d);`
			`f25519_sub(e, b, a);`
			`f25519_sub(f, d, c);`
			`f25519_add(g, d, c);`
			`f25519_add(h, b, a);`
			`f25519_mul__distinct(r->x, e, f);`
			`f25519_mul__distinct(r->y, g, h);`
			`f25519_mul__distinct(r->t, e, h);`
			`f25519_mul__distinct(r->z, f, g);`
			`}`
optimized 2025-03-15 04:42:31 +05:00			`__device__ __forceinline__ void ed25519_double(struct ed25519_pt* __restrict__ r, const struct ed25519_pt* __restrict__ p) {`
			`unsigned char a[32], b[32], c[32], e[32], f[32], g[32], h[32];`
fixes 2025-03-14 22:52:59 +05:00			`f25519_mul__distinct(a, p->x, p->x);`
			`f25519_mul__distinct(b, p->y, p->y);`
			`f25519_mul__distinct(c, p->z, p->z);`
			`f25519_add(c, c, c);`
			`f25519_add(f, p->x, p->y);`
			`f25519_mul__distinct(e, f, f);`
			`f25519_sub(e, e, a);`
			`f25519_sub(e, e, b);`
			`f25519_sub(g, b, a);`
			`f25519_sub(f, g, c);`
			`f25519_neg(h, b);`
			`f25519_sub(h, h, a);`
			`f25519_mul__distinct(r->x, e, f);`
			`f25519_mul__distinct(r->y, g, h);`
			`f25519_mul__distinct(r->t, e, h);`
			`f25519_mul__distinct(r->z, f, g);`
			`}`
optimized 2025-03-15 04:42:31 +05:00			`__device__ __forceinline__ void ed25519_copy(struct ed25519_pt* __restrict__ dst, const struct ed25519_pt* __restrict__ src) {`
fixes 2025-03-14 22:52:59 +05:00			`f25519_copy(dst->x, src->x);`
			`f25519_copy(dst->y, src->y);`
			`f25519_copy(dst->t, src->t);`
			`f25519_copy(dst->z, src->z);`
			`}`
optimized 2025-03-15 04:42:31 +05:00			`__device__ void ed25519_smult(ed25519_pt* r_out, const struct ed25519_pt* __restrict__ p, const unsigned char* __restrict__ e) {`
			`ed25519_pt r = ed25519_neutral;`
			`#pragma unroll 256`
fixes 2025-03-14 22:52:59 +05:00			`for (int i = 255; i >= 0; i--) {`
			`struct ed25519_pt s;`
			`ed25519_double(&r, &r);`
			`ed25519_add(&s, &r, p);`
			`unsigned char bit = (e[i >> 3] >> (i & 7)) & 1;`
			`f25519_select(r.x, r.x, s.x, bit);`
			`f25519_select(r.y, r.y, s.y, bit);`
			`f25519_select(r.z, r.z, s.z, bit);`
			`f25519_select(r.t, r.t, s.t, bit);`
			`}`
			`ed25519_copy(r_out, &r);`
			`}`
optimized 2025-03-15 04:42:31 +05:00			`__device__ void ed25519_prepare(unsigned char* __restrict__ e) {`
fixes 2025-03-14 22:52:59 +05:00			`e[0] &= 0xf8;`
			`e[31] &= 0x7f;`
			`e[31] \|= 0x40;`
			`}`