Permit COMB_BITS < 256 for exhaustive tests

Author: sipa

src/ecmult_gen.h

@@ -13,13 +13,11 @@
 
 /* Configuration parameters for the signed-digit multi-comb algorithm:
  *
- * - COMB_BLOCKS is the number of blocks the input is split into. Each
- *   has a corresponding table.
+ * - COMB_BLOCKS is the number of blocks the input is split into. Each has a corresponding table.
  * - COMB_TEETH is the number of bits simultaneously covered by one table.
- *
- * The comb's spacing (COMB_SPACING), or the distance between the teeth,
- * is defined as ceil(256 / (COMB_BLOCKS * COMB_TEETH)). Each block covers
- * COMB_SPACING * COMB_TEETH consecutive bits in the input.
+ * - COMB_SPACING is the distance between the teeth. For production purposes, the only reasonable
+ *   value is ceil(256 / (COMB_BLOCKS * COMB_TEETH)), so unless explicitly configured otherwise,
+ *   that value will be used. COMB_BLOCKS * COMB_TEETH * COMB_SPACING needs to be at least 256.
  *
  * The size of the precomputed table is COMB_BLOCKS * (1 << (COMB_TEETH - 1))
  * secp256k1_ge_storages.
@@ -36,65 +34,86 @@
  * doesn't support infinities) */
 #  undef COMB_BLOCKS
 #  undef COMB_TEETH
-#  if EXHAUSTIVE_TEST_ORDER > 32
-#    define COMB_BLOCKS 52
-#    define COMB_TEETH 5
-#  elif EXHAUSTIVE_TEST_ORDER > 16
-#    define COMB_BLOCKS 64
-#    define COMB_TEETH 4
-#  elif EXHAUSTIVE_TEST_ORDER > 8
-#    define COMB_BLOCKS 86
-#    define COMB_TEETH 3
-#  elif EXHAUSTIVE_TEST_ORDER > 4
-#    define COMB_BLOCKS 128
+#  undef COMB_SPACING
+#  if EXHAUSTIVE_TEST_ORDER == 13
+#    define COMB_RANGE 4
+#    define COMB_BLOCKS 1
 #    define COMB_TEETH 2
+#    define COMB_SPACING 2
+#  elif EXHAUSTIVE_TEST_ORDER == 199
+#    define COMB_RANGE 8
+#    define COMB_BLOCKS 2
+#    define COMB_TEETH 3
+#    define COMB_SPACING 2
 #  else
-#    define COMB_BLOCKS 256
-#    define COMB_TEETH 1
+#    error "Unknown exhaustive test order"
+#  endif
+#  if (COMB_RANGE >= 32) || ((EXHAUSTIVE_TEST_ORDER >> (COMB_RANGE - 1)) != 1)
+#    error "COMB_RANGE != ceil(log2(EXHAUSTIVE_TEST_ORDER+1))"
 #  endif
 #else /* !defined(EXHAUSTIVE_TEST_ORDER) */
+#  define COMB_RANGE 256
+#endif /* defined(EXHAUSTIVE_TEST_ORDER) */
+
 /* Use (11, 6) as default configuration, which results in a 22 kB table. */
-#  ifndef COMB_BLOCKS
-#    define COMB_BLOCKS 11
-#    ifdef DEBUG_CONFIG
-#      pragma message DEBUG_CONFIG_MSG("COMB_BLOCKS undefined, assuming default value")
-#    endif
+#ifndef COMB_BLOCKS
+#  define COMB_BLOCKS 11
+#  ifdef DEBUG_CONFIG
+#    pragma message DEBUG_CONFIG_MSG("COMB_BLOCKS undefined, assuming default value")
 #  endif
-#  ifndef COMB_TEETH
-#    define COMB_TEETH 6
-#    ifdef DEBUG_CONFIG
-#      pragma message DEBUG_CONFIG_MSG("COMB_TEETH undefined, assuming default value")
-#    endif
+#endif
+#ifndef COMB_TEETH
+#  define COMB_TEETH 6
+#  ifdef DEBUG_CONFIG
+#    pragma message DEBUG_CONFIG_MSG("COMB_TEETH undefined, assuming default value")
 #  endif
-#endif /* defined(EXHAUSTIVE_TEST_ORDER) */
+#endif
+/* Use ceil(COMB_RANGE / (COMB_BLOCKS * COMB_TEETH)) as default COMB_SPACING. */
+#ifndef COMB_SPACING
+#  define COMB_SPACING ((COMB_RANGE + COMB_BLOCKS * COMB_TEETH) / (COMB_BLOCKS * COMB_TEETH))
+#  ifdef DEBUG_CONFIG
+#    pragma message DEBUG_CONFIG_MSG("COMB_SPACING undefined, assuming default value")
+#  endif
+#endif
 
 /* Range checks on the parameters. */
+
+/* The remaining COMB_* parameters are derived values, don't modify these. */
+/* - The number of bits covered by all the blocks; must be at least COMB_RANGE. */
+#define COMB_BITS (COMB_BLOCKS * COMB_TEETH * COMB_SPACING)
+/* - The number of entries per table. */
+#define COMB_POINTS (1 << (COMB_TEETH - 1))
+
+/* Sanity checks. */
 #if !(1 <= COMB_BLOCKS && COMB_BLOCKS <= 256)
 #  error "COMB_BLOCKS must be in the range [1, 256]"
 #endif
 #if !(1 <= COMB_TEETH && COMB_TEETH <= 8)
 #  error "COMB_TEETH must be in the range [1, 8]"
 #endif
+#if COMB_BITS < COMB_RANGE
+#  error "COMB_BLOCKS * COMB_TEETH * COMB_SPACING is too low"
+#endif
 
-/* The remaining COMB_* parameters are derived values, don't modify these. */
-/* - The distance between the teeth of each comb. */
-#define COMB_SPACING ((255 + COMB_BLOCKS * COMB_TEETH) / (COMB_BLOCKS * COMB_TEETH))
-/* - The number of bits covered by all the blocks; must be at least 256. */
-#define COMB_BITS (COMB_BLOCKS * COMB_TEETH * COMB_SPACING)
-/* - The number of entries per table. */
-#define COMB_POINTS (1 << (COMB_TEETH - 1))
-
-/* Additional sanity checks. */
+/* These last 3 checks are not strictly required, but prevent gratuitously inefficient
+ * configurations. Note that they compare with 256 rather than COMB_RANGE, so they do
+ * permit somewhat excessive values for the exhaustive test case, where testing with
+ * suboptimal parameters may be desirable. */
 #if (COMB_BLOCKS - 1) * COMB_TEETH * COMB_SPACING >= 256
 #  error "COMB_BLOCKS can be reduced"
 #endif
 #if COMB_BLOCKS * (COMB_TEETH - 1) * COMB_SPACING >= 256
 #  error "COMB_TEETH can be reduced"
 #endif
+#if COMB_BLOCKS * COMB_TEETH * (COMB_SPACING - 1) >= 256
+#  error "COMB_SPACING can be reduced"
+#endif
 
 #ifdef DEBUG_CONFIG
+#  pragma message DEBUG_CONFIG_DEF(COMB_RANGE)
 #  pragma message DEBUG_CONFIG_DEF(COMB_BLOCKS)
 #  pragma message DEBUG_CONFIG_DEF(COMB_TEETH)
+#  pragma message DEBUG_CONFIG_DEF(COMB_SPACING)
 #endif
 
 typedef struct {

src/ecmult_gen_compute_table.h

@@ -9,6 +9,6 @@
 
 #include "ecmult_gen.h"
 
-static void secp256k1_ecmult_gen_compute_table(secp256k1_ge_storage* table, const secp256k1_ge* gen, int blocks, int teeth);
+static void secp256k1_ecmult_gen_compute_table(secp256k1_ge_storage* table, const secp256k1_ge* gen, int blocks, int teeth, int spacing);
 
 #endif /* SECP256K1_ECMULT_GEN_COMPUTE_TABLE_H */

src/ecmult_gen_compute_table_impl.h

@@ -14,10 +14,9 @@
 #include "ecmult_gen.h"
 #include "util.h"
 
-static void secp256k1_ecmult_gen_compute_table(secp256k1_ge_storage* table, const secp256k1_ge* gen, int blocks, int teeth) {
+static void secp256k1_ecmult_gen_compute_table(secp256k1_ge_storage* table, const secp256k1_ge* gen, int blocks, int teeth, int spacing) {
     size_t points = ((size_t)1) << (teeth - 1);
     size_t points_total = points * blocks;
-    int spacing = (256 + blocks * teeth - 1) / (blocks * teeth);
     secp256k1_ge* prec = checked_malloc(&default_error_callback, points_total * sizeof(*prec));
     secp256k1_gej* ds = checked_malloc(&default_error_callback, teeth * sizeof(*ds));
     secp256k1_gej* vs = checked_malloc(&default_error_callback, points_total * sizeof(*vs));
@@ -93,6 +92,7 @@ static void secp256k1_ecmult_gen_compute_table(secp256k1_ge_storage* table, cons
     for (block = 0; block < blocks; ++block) {
         size_t index;
         for (index = 0; index < points; ++index) {
+            VERIFY_CHECK(!secp256k1_ge_is_infinity(&prec[block * points + index]));
             secp256k1_ge_to_storage(&table[block * points + index], &prec[block * points + index]);
         }
     }

src/ecmult_gen_impl.h

@@ -108,7 +108,7 @@ static void secp256k1_ecmult_gen(const secp256k1_ecmult_gen_context *ctx, secp25
     /* Compute the scalar d = (gn + ctx->scalar_offset). */
     secp256k1_scalar_add(&d, &ctx->scalar_offset, gn);
     /* Convert to recoded array. */
-    for (i = 0; i < 8; ++i) {
+    for (i = 0; i < 8 && i < ((COMB_BITS + 31) >> 5); ++i) {
         recoded[i] = secp256k1_scalar_get_bits_limb32(&d, 32 * i, 32);
     }
     secp256k1_scalar_clear(&d);

src/precompute_ecmult_gen.c

@@ -24,14 +24,15 @@ static const int CONFIGS[][2] = {
 };
 
 static void print_table(FILE* fp, int blocks, int teeth) {
+    int spacing = (255 + blocks * teeth) / (blocks * teeth);
     size_t points = ((size_t)1) << (teeth - 1);
     int outer;
     size_t inner;
 
     secp256k1_ge_storage* table = checked_malloc(&default_error_callback, blocks * points * sizeof(secp256k1_ge_storage));
-    secp256k1_ecmult_gen_compute_table(table, &secp256k1_ge_const_g, blocks, teeth);
+    secp256k1_ecmult_gen_compute_table(table, &secp256k1_ge_const_g, blocks, teeth, spacing);
 
-    fprintf(fp, "#if (COMB_BLOCKS == %d) && (COMB_TEETH == %d)\n", blocks, teeth);
+    fprintf(fp, "#if (COMB_BLOCKS == %d) && (COMB_TEETH == %d) && (COMB_SPACING == %d)\n", blocks, teeth, spacing);
     for (outer = 0; outer != blocks; outer++) {
         fprintf(fp,"{");
         for (inner = 0; inner != points; inner++) {

src/precomputed_ecmult_gen.c

@@ -389,7 +389,7 @@ int main(int argc, char** argv) {
     }
 
     /* Recreate the ecmult{,_gen} tables using the right generator (as selected via EXHAUSTIVE_TEST_ORDER) */
-    secp256k1_ecmult_gen_compute_table(&secp256k1_ecmult_gen_prec_table[0][0], &secp256k1_ge_const_g, COMB_BLOCKS, COMB_TEETH);
+    secp256k1_ecmult_gen_compute_table(&secp256k1_ecmult_gen_prec_table[0][0], &secp256k1_ge_const_g, COMB_BLOCKS, COMB_TEETH, COMB_SPACING);
     secp256k1_ecmult_compute_two_tables(secp256k1_pre_g, secp256k1_pre_g_128, WINDOW_G, &secp256k1_ge_const_g);
 
     while (count--) {