Refactor pairing+elliptic curve code, especially targeting the 192-bit security level.

.github/workflows/gmp-sec.yml

@@ -61,6 +61,7 @@ jobs:
             gcc
             cmake
             gmp
+            gmp-devel
           update: true
 
       - name: Run CMake (MingW)

.github/workflows/gmp.yml

@@ -61,6 +61,7 @@ jobs:
             gcc
             cmake
             gmp
+            gmp-devel
           update: true
 
       - name: Run CMake (MingW)

bench/bench_dv.c

@@ -67,16 +67,16 @@ static void copy(void) {
 		BENCH_ADD(dv_copy(a, b, RLC_DV_DIGS));
 	} BENCH_END;
 
-	BENCH_RUN("dv_copy_cond") {
+	BENCH_RUN("dv_copy_sec") {
 		rand_bytes((uint8_t *)a, RLC_DV_DIGS * sizeof(dig_t));
 		rand_bytes((uint8_t *)b, RLC_DV_DIGS * sizeof(dig_t));
-		BENCH_ADD(dv_copy_cond(a, b, RLC_DV_DIGS, 1));
+		BENCH_ADD(dv_copy_sec(a, b, RLC_DV_DIGS, 1));
 	} BENCH_END;
 
-	BENCH_RUN("dv_swap_cond") {
+	BENCH_RUN("dv_swap_sec") {
 		rand_bytes((uint8_t *)a, RLC_DV_DIGS * sizeof(dig_t));
 		rand_bytes((uint8_t *)b, RLC_DV_DIGS * sizeof(dig_t));
-		BENCH_ADD(dv_swap_cond(a, b, RLC_DV_DIGS, 1));
+		BENCH_ADD(dv_swap_sec(a, b, RLC_DV_DIGS, 1));
 	} BENCH_END;
 
 	BENCH_RUN("dv_cmp") {
@@ -85,10 +85,10 @@ static void copy(void) {
 		BENCH_ADD(dv_cmp(a, b, RLC_DV_DIGS));
 	} BENCH_END;
 
-	BENCH_RUN("dv_cmp_const") {
+	BENCH_RUN("dv_cmp_sec") {
 		rand_bytes((uint8_t *)a, RLC_DV_DIGS * sizeof(dig_t));
 		rand_bytes((uint8_t *)b, RLC_DV_DIGS * sizeof(dig_t));
-		BENCH_ADD(dv_cmp_const(a, b, RLC_DV_DIGS));
+		BENCH_ADD(dv_cmp_sec(a, b, RLC_DV_DIGS));
 	} BENCH_END;
 
 	dv_free(a);

bench/bench_eb.c

@@ -116,7 +116,7 @@ static void util(void) {
 
 	BENCH_RUN("eb_rhs") {
 		eb_rand(p);
-		BENCH_ADD(eb_rhs(q->x, p));
+		BENCH_ADD(eb_rhs(q->x, p->x));
 	} BENCH_END;
 
 	BENCH_RUN("eb_tab (4)") {

bench/bench_ed.c

@@ -116,7 +116,7 @@ static void util(void) {
 
 	BENCH_RUN("ed_rhs") {
 		ed_rand(p);
-		BENCH_ADD(ed_rhs(q->x, p));
+		BENCH_ADD(ed_rhs(q->x, p->x));
 	} BENCH_END;
 
 	BENCH_RUN("ed_tab (4)") {

bench/bench_ep.c

@@ -130,7 +130,7 @@ static void util(void) {
 
 	BENCH_RUN("ep_rhs") {
 		ep_rand(p);
-		BENCH_ADD(ep_rhs(q->x, p));
+		BENCH_ADD(ep_rhs(q->x, p->x));
 	} BENCH_END;
 
 	BENCH_RUN("ep_tab (4)") {

bench/bench_epx.c

@@ -240,8 +240,7 @@ static void arith2(void) {
 		ep2_rand(p);
 		ep2_add_projc(q, q, p);
 		BENCH_ADD(ep2_add_projc(r, p, q));
-	}
-	BENCH_END;
+	} BENCH_END;
 
 	BENCH_RUN("ep2_add_projc (z2 = 1)") {
 		ep2_rand(p);
@@ -250,17 +249,44 @@ static void arith2(void) {
 		ep2_rand(q);
 		ep2_norm(q, q);
 		BENCH_ADD(ep2_add_projc(r, p, q));
-	}
-	BENCH_END;
+	} BENCH_END;
 
 	BENCH_RUN("ep2_add_projc (z1,z2 = 1)") {
 		ep2_rand(p);
 		ep2_norm(p, p);
 		ep2_rand(q);
 		ep2_norm(q, q);
 		BENCH_ADD(ep2_add_projc(r, p, q));
-	}
-	BENCH_END;
+	} BENCH_END;
+#endif
+
+#if EP_ADD == JACOB || !defined(STRIP)
+	BENCH_RUN("ep2_add_jacob") {
+		ep2_rand(p);
+		ep2_rand(q);
+		ep2_add_jacob(p, p, q);
+		ep2_rand(q);
+		ep2_rand(p);
+		ep2_add_jacob(q, q, p);
+		BENCH_ADD(ep2_add_jacob(r, p, q));
+	} BENCH_END;
+
+	BENCH_RUN("ep2_add_jacob (z2 = 1)") {
+		ep2_rand(p);
+		ep2_rand(q);
+		ep2_add_jacob(p, p, q);
+		ep2_rand(q);
+		ep2_norm(q, q);
+		BENCH_ADD(ep2_add_jacob(r, p, q));
+	} BENCH_END;
+
+	BENCH_RUN("ep2_add_jacob (z1,z2 = 1)") {
+		ep2_rand(p);
+		ep2_norm(p, p);
+		ep2_rand(q);
+		ep2_norm(q, q);
+		BENCH_ADD(ep2_add_jacob(r, p, q));
+	} BENCH_END;
 #endif
 
 	BENCH_RUN("ep2_sub") {
@@ -302,15 +328,28 @@ static void arith2(void) {
 		ep2_rand(q);
 		ep2_add_projc(p, p, q);
 		BENCH_ADD(ep2_dbl_projc(r, p));
-	}
-	BENCH_END;
+	} BENCH_END;
 
 	BENCH_RUN("ep2_dbl_projc (z1 = 1)") {
 		ep2_rand(p);
 		ep2_norm(p, p);
 		BENCH_ADD(ep2_dbl_projc(r, p));
-	}
-	BENCH_END;
+	} BENCH_END;
+#endif
+
+#if EP_ADD == JACOB || !defined(STRIP)
+	BENCH_RUN("ep2_dbl_jacob") {
+		ep2_rand(p);
+		ep2_rand(q);
+		ep2_add_jacob(p, p, q);
+		BENCH_ADD(ep2_dbl_jacob(r, p));
+	} BENCH_END;
+
+	BENCH_RUN("ep2_dbl_jacob (z1 = 1)") {
+		ep2_rand(p);
+		ep2_norm(p, p);
+		BENCH_ADD(ep2_dbl_jacob(r, p));
+	} BENCH_END;
 #endif
 
 	BENCH_RUN("ep2_neg") {
@@ -357,6 +396,14 @@ static void arith2(void) {
 	} BENCH_END;
 #endif
 
+#if EP_MUL == LWREG || !defined(STRIP)
+	BENCH_RUN("ep2_mul_lwreg") {
+		bn_rand_mod(k, n);
+		ep2_rand(p);
+		BENCH_ADD(ep2_mul_lwreg(q, p, k));
+	} BENCH_END;
+#endif
+
 	BENCH_RUN("ep2_mul_gen") {
 		bn_rand_mod(k, n);
 		BENCH_ADD(ep2_mul_gen(q, k));
@@ -902,6 +949,14 @@ static void arith3(void) {
 	} BENCH_END;
 #endif
 
+#if EP_MUL == LWREG || !defined(STRIP)
+	BENCH_RUN("ep3_mul_lwreg") {
+		bn_rand_mod(k, n);
+		ep3_rand(p);
+		BENCH_ADD(ep3_mul_lwreg(q, p, k));
+	} BENCH_END;
+#endif
+
 	BENCH_RUN("ep3_mul_gen") {
 		bn_rand_mod(k, n);
 		BENCH_ADD(ep3_mul_gen(q, k));
@@ -1396,6 +1451,14 @@ static void arith4(void) {
 	} BENCH_END;
 #endif
 
+#if EP_MUL == LWREG || !defined(STRIP)
+	BENCH_RUN("ep4_mul_lwreg") {
+		bn_rand_mod(k, n);
+		ep4_rand(p);
+		BENCH_ADD(ep4_mul_lwreg(q, p, k));
+	} BENCH_END;
+#endif
+
 	BENCH_RUN("ep4_mul_gen") {
 		bn_rand_mod(k, n);
 		BENCH_ADD(ep4_mul_gen(q, k));
@@ -1890,6 +1953,14 @@ static void arith8(void) {
 	} BENCH_END;
 #endif
 
+#if EP_MUL == LWREG || !defined(STRIP)
+	BENCH_RUN("ep8_mul_lwreg") {
+		bn_rand_mod(k, n);
+		ep8_rand(p);
+		BENCH_ADD(ep8_mul_lwreg(q, p, k));
+	} BENCH_END;
+#endif
+
 	BENCH_RUN("ep8_mul_gen") {
 		bn_rand_mod(k, n);
 		BENCH_ADD(ep8_mul_gen(q, k));

bench/bench_fp.c

@@ -69,6 +69,18 @@ static void util(void) {
 	}
 	BENCH_END;
 
+	BENCH_RUN("fp_copy_sec (0)") {
+		fp_rand(a);
+		BENCH_ADD(fp_copy_sec(b, a, 0));
+	}
+	BENCH_END;
+
+	BENCH_RUN("fp_copy_sec (1)") {
+		fp_rand(a);
+		BENCH_ADD(fp_copy_sec(b, a, 1));
+	}
+	BENCH_END;
+
 	BENCH_RUN("fp_zero") {
 		fp_rand(a);
 		BENCH_ADD(fp_zero(a));