Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: switch from num-bigint-dig to crypto-bigint #394

Open
wants to merge 69 commits into
base: master
Choose a base branch
from

Conversation

dignifiedquire
Copy link
Member

@dignifiedquire dignifiedquire commented Nov 29, 2023

Very, very WIP

Not anymore, this is ready for review.
Replaces all usage of num-bigint-dig based BigInt usage with the new crypto-bigint crate, using BoxedUint

Current known issue is that we do have a performance regression, which will be able to get rid of over time:

# crypto-bigint

# macbook m1
test bench_rsa_2048_pkcsv1_decrypt      ... bench:   7,184,387.50 ns/iter (+/- 425,598.69)
test bench_rsa_2048_pkcsv1_sign_blinded ... bench:  13,453,579.10 ns/iter (+/- 686,276.31)

# AMD
test bench_rsa_2048_pkcsv1_decrypt      ... bench:   9,260,832.80 ns/iter (+/- 30,013.38)
test bench_rsa_2048_pkcsv1_sign_blinded ... bench:  16,610,079.40 ns/iter (+/- 251,292.53)

# master

# macbook m1
test bench_rsa_2048_pkcsv1_decrypt      ... bench:   1,117,479.15 ns/iter (+/- 31,334.30)
test bench_rsa_2048_pkcsv1_sign_blinded ... bench:   1,337,437.55 ns/iter (+/- 88,624.39)

# AMD
test bench_rsa_2048_pkcsv1_decrypt      ... bench:   1,414,348.80 ns/iter (+/- 12,585.71)
test bench_rsa_2048_pkcsv1_sign_blinded ... bench:   1,685,650.00 ns/iter (+/- 11,105.71)

TODOs

  • switch internal storage for RsaPrivateKey
  • switch internal storage for RsaPublicKey
  • switch all code to use the new decrypt implementation
  • update public traits using BigUint to return owned versions
  • fix blinding implementation
  • switch decryption algorithm with precompute to use crypto-bigint ops
  • go through other algorithms and update what can be done without having primality checks implemented
  • review & update code for constant time operation
  • review & update code for performance
  • benchmarks

src/algorithms/rsa.rs Outdated Show resolved Hide resolved
src/algorithms/rsa.rs Outdated Show resolved Hide resolved
@dignifiedquire
Copy link
Member Author

@dignifiedquire Any update on this pull request?

no, haven't had time to fix the afformentioned issues yet

@mepi262
Copy link

mepi262 commented Nov 5, 2024

@dignifiedquire
Thank you for your response !
I hope your another project will be succeed and become be able to concentrate on this pull request.

@dignifiedquire
Copy link
Member Author

@tarcieri current benchmarks

# crypto-bigint

# macbook m1
test bench_rsa_2048_pkcsv1_decrypt      ... bench:   7,184,387.50 ns/iter (+/- 425,598.69)
test bench_rsa_2048_pkcsv1_sign_blinded ... bench:  13,453,579.10 ns/iter (+/- 686,276.31)

# AMD
test bench_rsa_2048_pkcsv1_decrypt      ... bench:   9,260,832.80 ns/iter (+/- 30,013.38)
test bench_rsa_2048_pkcsv1_sign_blinded ... bench:  16,610,079.40 ns/iter (+/- 251,292.53)

# master

# macbook m1
test bench_rsa_2048_pkcsv1_decrypt      ... bench:   1,117,479.15 ns/iter (+/- 31,334.30)
test bench_rsa_2048_pkcsv1_sign_blinded ... bench:   1,337,437.55 ns/iter (+/- 88,624.39)

# AMD
test bench_rsa_2048_pkcsv1_decrypt      ... bench:   1,414,348.80 ns/iter (+/- 12,585.71)
test bench_rsa_2048_pkcsv1_sign_blinded ... bench:   1,685,650.00 ns/iter (+/- 11,105.71)

@Fethbita
Copy link

Fethbita commented Dec 1, 2024

@tarcieri most things are working now 🎉

I would appreciate some help with debugging the last failures, seems the proptests are discovering some roundtrip issues in the encoding/decoding and the last regular test that is a problem is dealign with a 2049bit key

@dignifiedquire created #462 for fixing these issues. Take a look. Feel free to change anything.

Fethbita and others added 6 commits December 1, 2024 15:49
The `n` in both cases is 257 bytes, with first element being 0
Re-encoded the number into 256 bytes and now the decoding works.

Note that ff you want to keep the previous Base64 `n`, then the
BoxedUint must take 2056 as the `bits_precision` parameter
@dignifiedquire
Copy link
Member Author

CI is finally green again, time for lots of review and cleanup

@dignifiedquire
Copy link
Member Author

@zeerooth nostd builds should be working again

@dignifiedquire dignifiedquire marked this pull request as ready for review December 2, 2024 09:16
@dignifiedquire dignifiedquire changed the title [WIP]: switch to crypto-bigint for decryption [WIP]: feat: switch from num-bigint-dig to crypto-bigint Dec 2, 2024
@dignifiedquire dignifiedquire changed the title [WIP]: feat: switch from num-bigint-dig to crypto-bigint feat: switch from num-bigint-dig to crypto-bigint Dec 2, 2024
let mut pi = prime_limit / (prime_limit.ln() - 1f64);
#[cfg(not(feature = "std"))]
let mut pi = prime_limit / (libm::logf(prime_limit as f32) as f64 - 1f64);
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this is not entirely correct or optimal, but I am not sure what other way there is

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@fjarri is there anything in crypto-primes for this?

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No, nothing like that currently

@tarcieri
Copy link
Member

@dignifiedquire seems like you can remove "Very, very WIP" now

@dignifiedquire
Copy link
Member Author

@dignifiedquire seems like you can remove "Very, very WIP" now

🤣 yeah, finally

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.