Add a batch verifier to multiexp, along with constant time variants

Saves ~8% during FROST key gen, even with dropping a vartime for a constant time (as needed to be secure), as the new batch verifier is used where batch verification previously wasn't. The new multiexp API itself also offered a very slight performance boost, which may solely be a measurement error. Handles most of https://github.com/serai-dex/serai/issues/10. The blame function isn't binary searched nor randomly sorted yet.
2025-12-09 20:59:23 +00:00 · 2022-05-27 00:52:44 -04:00
parent c398b246ff
commit c90e957e6a
10 changed files with 161 additions and 98 deletions
--- a/crypto/frost/src/tests/literal/secp256k1.rs
+++ b/crypto/frost/src/tests/literal/secp256k1.rs
@@ -13,7 +13,7 @@ use k256::{
  ProjectivePoint
 };

-use crate::{CurveError, Curve, multiexp_vartime, algorithm::Hram, tests::curve::test_curve};
+use crate::{CurveError, Curve, algorithm::Hram, tests::curve::test_curve};

 #[derive(Clone, Copy, PartialEq, Eq, Debug)]
 pub struct Secp256k1;
@@ -38,8 +38,8 @@ impl Curve for Secp256k1 {
    Self::G::GENERATOR
  }

-  fn multiexp_vartime(scalars: &[Self::F], points: &[Self::G]) -> Self::G {
-    multiexp_vartime(scalars, points, false)
+  fn little_endian() -> bool {
+    false
  }

  // The IETF draft doesn't specify a secp256k1 ciphersuite