Skip to content

feat: switch from num-bigint-dig to crypto-bigint #394

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 76 commits into from
Feb 13, 2025
Merged

feat: switch from num-bigint-dig to crypto-bigint #394

merged 76 commits into from
Feb 13, 2025

Conversation

@dignifiedquire
Copy link
Member

@dignifiedquire dignifiedquire commented Nov 29, 2023
edited
Loading

Very, very WIP

Not anymore, this is ready for review.
Replaces all usage of num-bigint-dig based BigInt usage with the new crypto-bigint crate, using BoxedUint

Current known issue is that we do have a performance regression, which will be able to get rid of over time:

# crypto-bigint

# macbook m1
test bench_rsa_2048_pkcsv1_decrypt      ... bench:   7,184,387.50 ns/iter (+/- 425,598.69)
test bench_rsa_2048_pkcsv1_sign_blinded ... bench:  13,453,579.10 ns/iter (+/- 686,276.31)

# AMD
test bench_rsa_2048_pkcsv1_decrypt      ... bench:   9,260,832.80 ns/iter (+/- 30,013.38)
test bench_rsa_2048_pkcsv1_sign_blinded ... bench:  16,610,079.40 ns/iter (+/- 251,292.53)

# master

# macbook m1
test bench_rsa_2048_pkcsv1_decrypt      ... bench:   1,117,479.15 ns/iter (+/- 31,334.30)
test bench_rsa_2048_pkcsv1_sign_blinded ... bench:   1,337,437.55 ns/iter (+/- 88,624.39)

# AMD
test bench_rsa_2048_pkcsv1_decrypt      ... bench:   1,414,348.80 ns/iter (+/- 12,585.71)
test bench_rsa_2048_pkcsv1_sign_blinded ... bench:   1,685,650.00 ns/iter (+/- 11,105.71)

TODOs

  • switch internal storage for RsaPrivateKey
  • switch internal storage for RsaPublicKey
  • switch all code to use the new decrypt implementation
  • update public traits using BigUint to return owned versions
  • fix blinding implementation
  • switch decryption algorithm with precompute to use crypto-bigint ops
  • go through other algorithms and update what can be done without having primality checks implemented
  • review & update code for constant time operation
  • review & update code for performance
  • benchmarks

@dignifiedquire dignifiedquire mentioned this pull request Nov 29, 2023
Closed
tarcieri
tarcieri reviewed Nov 29, 2023
View reviewed changes
@tarcieri tarcieri mentioned this pull request Nov 30, 2023
Closed
tarcieri
tarcieri reviewed Dec 1, 2023
View reviewed changes
@sebadob sebadob mentioned this pull request Dec 1, 2023
Open
@dignifiedquire
Copy link
Member Author

@tarcieri updated to the latest version, and fixed a subtle padding bug that I found, please take a final look before I merge

praseodym
praseodym reviewed Jan 31, 2025
View reviewed changes
tarcieri
tarcieri reviewed Feb 1, 2025
View reviewed changes
tarcieri
tarcieri reviewed Feb 1, 2025
View reviewed changes
tarcieri
tarcieri reviewed Feb 1, 2025
View reviewed changes
tarcieri
tarcieri reviewed Feb 1, 2025
View reviewed changes
src/pkcs1v15/signing_key.rs

/// Generate a new signing key with a prefix for the digest `D`.
pub fn random<R: CryptoRngCore + ?Sized>(rng: &mut R, bit_size: usize) -> Result<Self> {
pub fn random<R: CryptoRngCore>(rng: &mut R, bit_size: usize) -> Result<Self> {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there a particular reason you're getting rid of ?Sized on these? It makes it possible to use a dyn CryptoRngCore

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there a particular reason you're getting rid of ?Sized on these? It makes it possible to use a dyn CryptoRngCore

I don't think so, can revert probably

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I checked, and I removed it because I can't pass that constraint to crypto_primes

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Adding it to crypto-primes is unfortunately blocked by crypto-bigint not supporting it.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Made RustCrypto/crypto-bigint#760 for that

tarcieri
tarcieri reviewed Feb 1, 2025
View reviewed changes
src/pss.rs Outdated

let em = BoxedUint::from_be_slice(
&em,
crate::traits::keys::PublicKeyParts::n_bits_precision(priv_key),
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Similar concern re: PublicKeyParts

tarcieri
tarcieri reviewed Feb 1, 2025
View reviewed changes
src/pss/signature.rs
Comment on lines +40 to +44
#[cfg(feature = "std")]
let inner = inner
.map_err(|e| Box::new(e) as Box<dyn core::error::Error + Send + Sync + 'static>)?;
#[cfg(not(feature = "std"))]
let inner = inner.map_err(|_| signature::Error::new())?;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ugh, should really fix this upstream in the signature crate

tarcieri
tarcieri approved these changes Feb 1, 2025
View reviewed changes
Copy link
Member

@tarcieri tarcieri left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Various little nits but things are looking a lot better on this pass

@tarcieri
Copy link
Member

@dignifiedquire can we land this?

@fjarri
Copy link
Contributor

fjarri commented Feb 12, 2025

There's a minor thing of needing the libm dependency (#394 (comment)), but I can make a separate PR for that

@fjarri
Copy link
Contributor

fjarri commented Feb 12, 2025

Also the 6-10x performance drop is quite surprising, but that can be addressed in a follow-up as well.

@dignifiedquire
Copy link
Member Author

There's a minor thing of needing the libm dependency (#394 (comment)), but I can make a separate PR for that

I removed that, there is some other follow ups from you and @tarcieri I wanted to get to, but we can also merge as is

@dignifiedquire dignifiedquire merged commit f7d1214 into master Feb 13, 2025
11 checks passed
@dignifiedquire dignifiedquire deleted the const-crypto-biguint branch February 13, 2025 08:46
@dignifiedquire
Copy link
Member Author

Thank you everyone who helped make this a reality! And sorry for this taking so long..

@tarcieri tarcieri mentioned this pull request Feb 13, 2025
Merged
tarcieri added a commit that referenced this pull request Feb 14, 2025
@tarcieri
v0.10.0-pre.4 (#474)
d7fa156 
Notably includes #394 which migrates to `crypto-bigint`
@pallaswept pallaswept mentioned this pull request Feb 17, 2025
Open
@fjarri fjarri mentioned this pull request Mar 5, 2025
Closed
@noverby noverby mentioned this pull request Apr 3, 2025
Closed
This was referenced Apr 27, 2025
Open
Open
@dongsupark dongsupark mentioned this pull request Jul 3, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tarcieri tarcieri tarcieri approved these changes

+9 more reviewers

@praseodym praseodym praseodym left review comments

@fjarri fjarri fjarri left review comments

@baloo baloo baloo left review comments

@FiloSottile FiloSottile FiloSottile left review comments

@richarddd richarddd richarddd left review comments

@kjvalencik kjvalencik kjvalencik left review comments

@Fethbita Fethbita Fethbita left review comments

@pinkforest pinkforest pinkforest left review comments

@YgorSouza YgorSouza YgorSouza left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.