Skip to content

Add 62 bit limb implementation, script and update benches #66

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
coltfred merged 3 commits into from
Dec 12, 2025
Merged

Add 62 bit limb implementation, script and update benches #66

coltfred merged 3 commits into from
Dec 12, 2025

Conversation

@coltfred
Copy link
Member

@coltfred coltfred commented Dec 12, 2025
edited
Loading

This is a full implementation of the 62 bit limb version of gridiron. In the process I discovered that the ff31 version doesn't port directly. There are some bitshifts that are different because of the limb sizes changing. The property based tests give us a high confidence in the changes.

This is a breaking change because the default has changed to 62 bit. The only time you wouldn't want this is WASM (or some other niche 32 bit arch). The README has been updated to give all this info.

I've also included a python script that will calculate the values for the macro invocation. This used to be done only in sage, but it can be done with normal python as well.

This new implementation is about twice as fast as the old one on 64 bit archs.

Closes #12.

@coltfred
Add 62 bit limb implementation, script and update benches
6afb8e4 
WIP

Add 62 bit limb implementation, script and update benches
@coltfred
format
ef86a2a
giarc3
giarc3 approved these changes Dec 12, 2025
View reviewed changes
Copy link
Member

@giarc3 giarc3 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

BobWall23
BobWall23 requested changes Dec 12, 2025
View reviewed changes
src/digits/constant_time_primitives.rs
y.const_lt(self).not()
}

#[inline]
Copy link
Member

@BobWall23 BobWall23 Dec 12, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This doesn't cover the case where they are equal.

Copy link
Member Author

@coltfred coltfred Dec 12, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it does. In both const_gt and const_lt if they're equal the value 0 is produced, which is correct.

Do you see something I'm missing?

Copy link
Member

@BobWall23 BobWall23 Dec 12, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm sorry - I had a brain cramp.

@coltfred @BobWall23
Apply suggestion from @BobWall23
55a8175 
Co-authored-by: Bob Wall <bob.wall@ironcorelabs.com>
BobWall23
BobWall23 approved these changes Dec 12, 2025
View reviewed changes
src/digits/constant_time_primitives.rs
y.const_lt(self).not()
}

#[inline]
Copy link
Member

@BobWall23 BobWall23 Dec 12, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm sorry - I had a brain cramp.

@coltfred coltfred merged commit 8911b5c into main Dec 12, 2025
24 checks passed
@coltfred coltfred deleted the full-62-bit branch December 12, 2025 22:44
@coltfred coltfred mentioned this pull request Jan 8, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@BobWall23 BobWall23 BobWall23 approved these changes

@giarc3 giarc3 giarc3 approved these changes

Assignees

@coltfred coltfred

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

62 bit montgomery multiply.

4 participants

@coltfred @BobWall23 @giarc3