From 315ec8db12f2c6b5fcf1b8d451874c5f462515ef Mon Sep 17 00:00:00 2001 From: Aido Date: Wed, 6 Mar 2024 01:09:58 +0000 Subject: [PATCH] Improve efficiency of SSS interpolate() function --- CHANGELOG.md | 10 +++ Makefile | 2 +- README.md | 8 +-- src/constants.h | 2 - src/sskr/sss/interpolate.c | 131 +++++++++++-------------------------- src/sskr/sss/interpolate.h | 2 + src/sskr/sss/sss.c | 2 - tests/unit/CMakeLists.txt | 6 +- 8 files changed, 57 insertions(+), 106 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5a1c2be3..1ee509a4 100755 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,15 @@ # Change log +## [1.7.1] - 2024-03-06 +### Added +- + +### Changed +- Improve efficiency of SSS `interpolate()` function + +### Fixed +- + ## [1.7.0] - 2024-03-03 ### Added - Added detailed documentation for all SSKR and SSS functions diff --git a/Makefile b/Makefile index b5662db3..ca2eaaa8 100755 --- a/Makefile +++ b/Makefile @@ -28,7 +28,7 @@ all: default APPNAME = "Seed Tool" APPVERSION_M = 1 APPVERSION_N = 7 -APPVERSION_P = 0 +APPVERSION_P = 1 APPVERSION = "$(APPVERSION_M).$(APPVERSION_N).$(APPVERSION_P)" APP_LOAD_PARAMS = --appFlags 0x10 $(COMMON_LOAD_PARAMS) --curve secp256k1 --path "" diff --git a/README.md b/README.md index e735a8ed..62d7867c 100644 --- a/README.md +++ b/README.md @@ -5,10 +5,10 @@ [![Release](https://img.shields.io/github/release/aido/app-seed-tool)](https://github.com/aido/app-seed-tool/releases) [![License](https://img.shields.io/github/license/aido/app-seed-tool)](https://github.com/aido/app-seed-tool/blob/develop/LICENSE) -![nanos](https://img.shields.io/badge/nanos-working-green) -![nanox](https://img.shields.io/badge/nanox-working-green) -![nanosp](https://img.shields.io/badge/nanosp-working-green) -![stax](https://img.shields.io/badge/stax-in_progress-orange) +![nanos](https://img.shields.io/badge/nanos-working-green?logo=) +![nanox](https://img.shields.io/badge/nanox-working-green?logo=) +![nanosp](https://img.shields.io/badge/nanosp-working-green?logo=) +![stax](https://img.shields.io/badge/stax-in_progress-orange?logo=) [![Build app-seed-tool](https://github.com/aido/app-seed-tool/actions/workflows/ci-workflow.yml/badge.svg)](https://github.com/aido/app-seed-tool/actions/workflows/ci-workflow.yml) [![CodeQL](https://github.com/aido/app-seed-tool/actions/workflows/codeql-workflow.yml/badge.svg)](https://github.com/aido/app-seed-tool/actions/workflows/codeql-workflow.yml) diff --git a/src/constants.h b/src/constants.h index 0f293d4e..b57c6cf0 100644 --- a/src/constants.h +++ b/src/constants.h @@ -16,8 +16,6 @@ #pragma once -#define memzero(...) explicit_bzero(__VA_ARGS__) - #define ONBOARDING_WORD_COMPLETION_MAX_ITEMS 8 #define BOLOS_UX_HASH_LENGTH 4 // as on the blue diff --git a/src/sskr/sss/interpolate.c b/src/sskr/sss/interpolate.c index cd4eb7d7..7e53f5aa 100644 --- a/src/sskr/sss/interpolate.c +++ b/src/sskr/sss/interpolate.c @@ -23,8 +23,6 @@ // Minimal required bytes for BN storing a GF(256) value #define GF2_8_MPI_BYTES 1 -#define memzero(...) explicit_bzero(__VA_ARGS__) - #ifdef TARGET_NANOS /** * @brief Performs a multiplication over GF(2^n). @@ -135,81 +133,6 @@ cx_err_t cx_bn_gf2_n_mul(cx_bn_t bn_r, } #endif -/** - * @brief Performs an invert operation over GF(2^8). - * - * @param[out] bn_r BN index for the result. - * - * @param[in] bn_a BN index of the first operand. - * - * @param[in] bn_n BN index of the modulus. - * The modulus must be an irreducible polynomial over GF(2) - * of degree n. - * - * @param[in] bn_h BN index of the second montgomery constant. - * - * @return Error code: - * - CX_OK on success - * - CX_NOT_LOCKED - * - CX_INVALID_PARAMETER - * - CX_MEMORY_FULL - */ -cx_err_t bn_gf2_8_inv(cx_bn_t bn_r, const cx_bn_t bn_a, const cx_bn_t bn_n, const cx_bn_t bn_h) { - cx_err_t error = CX_OK; // By default, until some error occurs - cx_bn_t bn_x, bn_y, bn_z; - - CX_CHECK(cx_bn_alloc(&bn_x, GF2_8_MPI_BYTES)); - CX_CHECK(cx_bn_alloc(&bn_y, GF2_8_MPI_BYTES)); - CX_CHECK(cx_bn_alloc(&bn_z, GF2_8_MPI_BYTES)); - CX_CHECK(cx_bn_copy(bn_x, bn_a)); - - CX_CHECK(cx_bn_gf2_n_mul(bn_y, bn_x, bn_x, bn_n, bn_h)); // bn_y = bn_x^2 - CX_CHECK(cx_bn_gf2_n_mul(bn_y, bn_y, bn_y, bn_n, bn_h)); // bn_y = bn_x^4 - CX_CHECK(cx_bn_gf2_n_mul(bn_r, bn_y, bn_y, bn_n, bn_h)); // bn_r = bn_x^8 - CX_CHECK(cx_bn_gf2_n_mul(bn_z, bn_r, bn_x, bn_n, bn_h)); // bn_z = bn_x^9 - CX_CHECK(cx_bn_gf2_n_mul(bn_r, bn_r, bn_r, bn_n, bn_h)); // bn_r = bn_x^16 - CX_CHECK(cx_bn_gf2_n_mul(bn_r, bn_r, bn_z, bn_n, bn_h)); // bn_r = bn_x^25 - CX_CHECK(cx_bn_gf2_n_mul(bn_r, bn_r, bn_r, bn_n, bn_h)); // bn_r = bn_x^50 - CX_CHECK(cx_bn_gf2_n_mul(bn_z, bn_r, bn_r, bn_n, bn_h)); // bn_z = bn_x^100 - CX_CHECK(cx_bn_gf2_n_mul(bn_z, bn_z, bn_z, bn_n, bn_h)); // bn_z = bn_x^200 - CX_CHECK(cx_bn_gf2_n_mul(bn_r, bn_r, bn_z, bn_n, bn_h)); // bn_r = bn_x^250 - CX_CHECK(cx_bn_gf2_n_mul(bn_r, bn_r, bn_y, bn_n, bn_h)); // bn_r = bn_x^254 - - CX_CHECK(cx_bn_destroy(&bn_x)); - CX_CHECK(cx_bn_destroy(&bn_y)); - CX_CHECK(cx_bn_destroy(&bn_z)); - -end: - return error; -} - -/** - * @brief Performs polynomial interpolation on SSS shares. - * - * @details This function interpolates a polynomial that passes through the provided points - * represented by `xi` (x-coordinates) and `yij` (y-coordinate arrays) i.e. - * where: - * xi points to [x0 x1 ... xn-1 ] - * y contains an array of pointers to 32-bit arrays of y values - * y contains [y0 y1 y2 ... yn-1] - * and each of the yi arrays contain [yi_0 yi_i ... yi_31]. - * - * This interpolation is used in Shamir's Secret Sharing (SSS) to recover - * the secret from a set of shares. - * - * @param[in] n Number of points to interpolate (length of `xi` and `yij`). - * @param[in] xi Pointer to an array containing the x-coordinates of the points (length `n`). - * @param[in] yl Length of each y-coordinate array in bytes. - * @param[in] yij Pointer to an array of `n` pointers, each pointing to a y-coordinate array of - * length `yl`. - * @param[in] x X-coordinate at which to perform the interpolation. - * @param[out] result Pointer to a buffer where the interpolated value will be stored (must be `yl` - * bytes long). - * - * @return - CX_OK on success - * - A negative error code on failure (specific error codes not defined here, - * consult implementation details for specific error handling) - */ cx_err_t interpolate(uint8_t n, const uint8_t* xi, uint8_t yl, @@ -220,21 +143,20 @@ cx_err_t interpolate(uint8_t n, const uint8_t R2[1] = MONTGOMERY_CONSTANT_R2; cx_err_t error = CX_OK; // By default, until some error occurs - cx_bn_t bn_x, bn_xc_i, bn_xc_j; - cx_bn_t bn_numerator, bn_denominator; - cx_bn_t bn_lagrange, bn_y, bn_result, bn_temp, bn_n, bn_r2; + cx_bn_t bn_x, bn_xc_i; + cx_bn_t bn_numerator, bn_denominator, bn_lagrange; + cx_bn_t bn_result, bn_tempa, bn_tempb, bn_n, bn_r2; uint32_t result_u32; CX_CHECK(cx_bn_lock(GF2_8_MPI_BYTES, 0)); CX_CHECK(cx_bn_alloc(&bn_x, GF2_8_MPI_BYTES)); CX_CHECK(cx_bn_alloc(&bn_xc_i, GF2_8_MPI_BYTES)); - CX_CHECK(cx_bn_alloc(&bn_xc_j, GF2_8_MPI_BYTES)); CX_CHECK(cx_bn_alloc(&bn_numerator, GF2_8_MPI_BYTES)); CX_CHECK(cx_bn_alloc(&bn_denominator, GF2_8_MPI_BYTES)); CX_CHECK(cx_bn_alloc(&bn_lagrange, GF2_8_MPI_BYTES)); - CX_CHECK(cx_bn_alloc(&bn_y, GF2_8_MPI_BYTES)); CX_CHECK(cx_bn_alloc(&bn_result, GF2_8_MPI_BYTES)); - CX_CHECK(cx_bn_alloc(&bn_temp, GF2_8_MPI_BYTES)); + CX_CHECK(cx_bn_alloc(&bn_tempa, GF2_8_MPI_BYTES)); + CX_CHECK(cx_bn_alloc(&bn_tempb, GF2_8_MPI_BYTES)); CX_CHECK(cx_bn_alloc_init(&bn_n, GF2_8_MPI_BYTES, N, sizeof(N))); CX_CHECK(cx_bn_alloc_init(&bn_r2, GF2_8_MPI_BYTES, R2, sizeof(R2))); @@ -255,16 +177,38 @@ cx_err_t interpolate(uint8_t n, // j != i (xi[i]-xi[j]) for (uint8_t j = 0; j < n; j++) { if (j != i) { - CX_CHECK(cx_bn_set_u32(bn_xc_j, (uint32_t) xi[j])); + CX_CHECK(cx_bn_set_u32(bn_tempa, (uint32_t) xi[j])); // Calculate the numerator (x - xc[j]) - CX_CHECK(cx_bn_xor(bn_numerator, bn_x, bn_xc_j)); + CX_CHECK(cx_bn_xor(bn_numerator, bn_x, bn_tempa)); // Calculate the denominator (xc[i] - xc[j]) - CX_CHECK(cx_bn_xor(bn_denominator, bn_xc_i, bn_xc_j)); + CX_CHECK(cx_bn_xor(bn_denominator, bn_xc_i, bn_tempa)); // Calculate the inverse of the denominator - CX_CHECK(bn_gf2_8_inv(bn_denominator, bn_denominator, bn_n, bn_r2)); + // In GF(2^8) the inverse of x = x^254 + // bn_result = bn_denominator^2 + CX_CHECK(cx_bn_gf2_n_mul(bn_result, bn_denominator, bn_denominator, bn_n, bn_r2)); + // bn_result = bn_denominator^4 + CX_CHECK(cx_bn_gf2_n_mul(bn_result, bn_result, bn_result, bn_n, bn_r2)); + // bn_tempa = bn_denominator^8 + CX_CHECK(cx_bn_gf2_n_mul(bn_tempa, bn_result, bn_result, bn_n, bn_r2)); + // bn_tempb = bn_denominator^9 + CX_CHECK(cx_bn_gf2_n_mul(bn_tempb, bn_tempa, bn_denominator, bn_n, bn_r2)); + // bn_tempa = bn_denominator^16 + CX_CHECK(cx_bn_gf2_n_mul(bn_tempa, bn_tempa, bn_tempa, bn_n, bn_r2)); + // bn_tempa = bn_denominator^25 + CX_CHECK(cx_bn_gf2_n_mul(bn_tempa, bn_tempa, bn_tempb, bn_n, bn_r2)); + // bn_tempa = bn_denominator^50 + CX_CHECK(cx_bn_gf2_n_mul(bn_tempa, bn_tempa, bn_tempa, bn_n, bn_r2)); + // bn_tempb = bn_denominator^100 + CX_CHECK(cx_bn_gf2_n_mul(bn_tempb, bn_tempa, bn_tempa, bn_n, bn_r2)); + // bn_tempb = bn_denominator^200 + CX_CHECK(cx_bn_gf2_n_mul(bn_tempb, bn_tempb, bn_tempb, bn_n, bn_r2)); + // bn_tempa = bn_denominator^250 + CX_CHECK(cx_bn_gf2_n_mul(bn_tempa, bn_tempa, bn_tempb, bn_n, bn_r2)); + // bn_denominator = bn_denominator^254 + CX_CHECK(cx_bn_gf2_n_mul(bn_denominator, bn_result, bn_tempa, bn_n, bn_r2)); // Calculate the lagrange basis coefficient CX_CHECK(cx_bn_gf2_n_mul(bn_lagrange, bn_numerator, bn_lagrange, bn_n, bn_r2)); @@ -273,12 +217,12 @@ cx_err_t interpolate(uint8_t n, } for (uint8_t j = 0; j < yl; j++) { - CX_CHECK(cx_bn_set_u32(bn_y, (uint32_t) yij[i][j])); + CX_CHECK(cx_bn_set_u32(bn_tempa, (uint32_t) yij[i][j])); CX_CHECK(cx_bn_set_u32(bn_result, (uint32_t) result[j])); - CX_CHECK(cx_bn_gf2_n_mul(bn_y, bn_lagrange, bn_y, bn_n, bn_r2)); - CX_CHECK(cx_bn_copy(bn_temp, bn_result)); - CX_CHECK(cx_bn_xor(bn_result, bn_temp, bn_y)); + CX_CHECK(cx_bn_gf2_n_mul(bn_tempa, bn_lagrange, bn_tempa, bn_n, bn_r2)); + CX_CHECK(cx_bn_copy(bn_tempb, bn_result)); + CX_CHECK(cx_bn_xor(bn_result, bn_tempa, bn_tempb)); CX_CHECK(cx_bn_get_u32(bn_result, &result_u32)); result[j] = (uint8_t) result_u32; result_u32 = 0; @@ -288,13 +232,12 @@ cx_err_t interpolate(uint8_t n, // clean up stack CX_CHECK(cx_bn_destroy(&bn_x)); CX_CHECK(cx_bn_destroy(&bn_xc_i)); - CX_CHECK(cx_bn_destroy(&bn_xc_j)); CX_CHECK(cx_bn_destroy(&bn_numerator)); CX_CHECK(cx_bn_destroy(&bn_denominator)); CX_CHECK(cx_bn_destroy(&bn_lagrange)); - CX_CHECK(cx_bn_destroy(&bn_y)); CX_CHECK(cx_bn_destroy(&bn_result)); - CX_CHECK(cx_bn_destroy(&bn_temp)); + CX_CHECK(cx_bn_destroy(&bn_tempa)); + CX_CHECK(cx_bn_destroy(&bn_tempb)); CX_CHECK(cx_bn_destroy(&bn_n)); CX_CHECK(cx_bn_destroy(&bn_r2)); diff --git a/src/sskr/sss/interpolate.h b/src/sskr/sss/interpolate.h index 2342298a..296c7cc7 100644 --- a/src/sskr/sss/interpolate.h +++ b/src/sskr/sss/interpolate.h @@ -8,6 +8,8 @@ #ifndef INTERPOLATE_H #define INTERPOLATE_H +#define memzero(...) explicit_bzero(__VA_ARGS__) + /** * @brief Performs polynomial interpolation on SSS shares. * diff --git a/src/sskr/sss/sss.c b/src/sskr/sss/sss.c index b973896b..21c03fb3 100644 --- a/src/sskr/sss/sss.c +++ b/src/sskr/sss/sss.c @@ -11,8 +11,6 @@ #include "sss.h" #include "interpolate.h" -#define memzero(...) explicit_bzero(__VA_ARGS__) - /** * @brief Validates the parameters for Shamir's Secret Sharing (SSS) functions. * diff --git a/tests/unit/CMakeLists.txt b/tests/unit/CMakeLists.txt index 9ddce03c..def0787b 100644 --- a/tests/unit/CMakeLists.txt +++ b/tests/unit/CMakeLists.txt @@ -46,9 +46,9 @@ function(install_apk_packages) if(${result} EQUAL 0) message(STATUS "Installed ${package} package") else() - message(FATAL_ERROR "Failed to install package :${package}\n" - "Command: ${output}\n" - "Error: ${error}") + message(FATAL_ERROR "Failed to install package: ${package}\n" + "Command: ${output}\n" + "Error: ${error}") endif() endforeach() endfunction()